application policy changes when SessionContext passed
robbutera Jan 28, 2005 11:50 PMI have a very strange problem occuring.
I am using jboss 4.0.1 and am using a secure ejb. My application-policy looks as follows:
<application-policy name = "esubmit"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> users.properties </module-option> <module-option name="rolesProperties"> roles.properties </module-option> </login-module> </authentication> </application-policy>
As soon as I enter the ejb, I perform a isCallerInRole("Administrator") which returns true, I then pass the SessionContext object to a static class which makes the same call and returns false. I changed the log settings to TRACE and discovered that when I make the call from the EJB it uses my application-policy, but when I make it from the static class it uses the "HsqlDbRealm" application-policy.
Here is the log portion:
2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.services.domain.ejb.SubjectFacadeEJB] Admin role: true 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject: Principal: cam Principal: Roles(members:Administrator) 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] roles=Roles(members:Administrator) 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] hasRole=false 2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.services.domain.ejb.SubjectFacadeEJB] User role: false 2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.domain.datatransferfactories.SubjectDTOFactory] getSubjectDTO(SessionContext, String) - start 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5eb650[Subject(1265354).principals=[cam, Roles(members:Administrator)]] 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5eb650[Subject(1265354).principals=[cam, Roles(members:Administrator)]] 2005-02-03 12:37:45,807 DEBUG [org.jboss.ejb.plugins.cmp.jdbc.JDBCFindByPrimaryKeyQuery.Subject#findByPrimaryKey] Executing SQL: SELECT t0_Subject.id FROM SUBJECT t0_Subject WHERE t0_Subject.id=? 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@780af5[Subject(18314684).principals=[sap]] 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@780af5[Subject(18314684).principals=[sap]] 2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.domain.datatransferfactories.BaseDTOFactory] checkForRight(SessionContext, SubjectLocal, ArrayList) - start 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject: Principal: sap Private Credential: javax.resource.spi.security.PasswordCredential@e4e 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] roles=null 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] hasRole=false 2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject:
I have no idea what's going on. Is there some problem with passing the SessionContext around? Also, this code works fine under JBoss 4.0.1RC1.
Any help would be greatly appreciated.
Regards
Rob