4 Replies Latest reply on Jul 12, 2005 7:30 AM by petertje

getCallerPrincipal() throws IllegalStateException: No securi

bug-c Nov 16, 2004 7:08 AM

Hello,

I have a problem with the getCallerPrincipal method with Jboss 3.2.6. When I try to call this method the container throws an IllegalStateException saying that no security context was set. I already searched the internet and saw that other people also have the same problem. Is this a bug with Jboss 3.2.6?

My code looks like that:
public void ejbCreate() {
String principalName = context.getCallerPrincipal().getName();
[... do some additional stuff with the user ...]
}

the setSessionContext method is implemented and sets the context variable.

Thanks for your time,
Regards, Stefan

1. Re: getCallerPrincipal() throws IllegalStateException: No se

_alex Nov 16, 2004 7:17 AM (in response to bug-c)

From my point of view:

1) getCallerPrincipal will throw an exception in case you deploy your bean outside of a security domain;

2) in case your bean is stateless session bean, the EntityContext method getCallerPrincipal is prohibited to call inside ejbCreate or ejbRemove methods (see specification)

again - it is only my personal opinion, and may be it is wrong.

Alexander
Actions
2. Re: getCallerPrincipal() throws IllegalStateException: No se

bug-c Nov 16, 2004 7:24 AM (in response to bug-c)

Thanks a lot for this fast reply :) and even better you are correct and fixed my error :)

The problem is that I use AndroMDA (MDA generator) to create my beans and this tool creates a stateful session bean if attributes are given to the class. Unfortunately I removed all attributes (because I did not need them) and therefore a stateless session bean was created. I was not aware of the fact that I am not allowed to call the getCallerPrincipal() inside the ejbCreate() method in case of a stateless session bean.

Thanks again,
Stefan
Actions
3. Re: getCallerPrincipal() throws IllegalStateException: No se

ajayjadhav May 25, 2005 8:01 AM (in response to bug-c)

Hello,

I am also facing same problem with the getCallerPrincipal() method with Jboss 3.2.3. When I try to call this method the container throws an IllegalStateException saying that no security context was set.

My code looks like:
=====================================
public void myCustomMethod() throws RemoteException {
String loggedUser = ctx.getCallerPrincipal().getName();
........
}
=====================================

The setSessionContext method is implemented and sets the context variable.

Also, as you said, I have not configured any "Security Domain", I am directly using my own Java API to authenticate the user against LDAP Server.

In this case, how to get the Principal information in EJB?

Regards,
Ajay
Actions
4. Re: getCallerPrincipal() throws IllegalStateException: No se

petertje Jul 12, 2005 7:30 AM (in response to bug-c)

Also, as you said, I have not configured any "Security Domain", I am directly using my own Java API to authenticate the user against LDAP Server.

If you do not use JBoss' security system, how do you expect JBoss to know wich Principal is calling the EJB??? If you need to write your own authentication module, put it in a (JAAS) LoginModule, and configure that module for your security domain, so that JBoss can initiate the authentication (by calling your module) and has a means to determine "who is calling".
Actions

Go to original post