7 Replies Latest reply on Jun 15, 2005 12:37 AM by amvzw

    Security Propagation Problem: Jboss 4.0.2 vs 4.0.1sp1

    soon_shin

      Hello,

      I am in the process of upgrading from Jboss 4.0.1sp1 to Jboss 4.0.2 and it appears that the security identity propagation from the web to ejb container no longer works.

      I have a web application utilizing JAAS (form based authentication, DatabaseServerLoginModule), EJBs and Struts.

      Please note: I am use the same ear file in Jboss 4.0.1sp1 and Jboss 4.0.2.

      Jboss 4.0.1sp1
      -----------------------------
      1) User enters principalId and password on login page and submits (j_username and j_password posted to j_security_check)
      2) The web container succesfully authenticates the user
      3) A session bean is created

      PartyManagerHome.create()

      4) PartyManager is used successfully.

      Jboss 4.0.2
      --------------------------
      1) User enters principalId and password on login page and submits (j_username and j_password posted to j_security_check)
      2) The web container succesfully authenticates the user
      3) Create call on session bean
      PartyManagerHome.create()
      throws an exception

      javax.ejb.EJBException: Invalid invocation, check your deployment packaging, method=public abstract com.acme.party.interfaces.PartyManager com.acme.party.interfaces.PartyManagerHome.create() throws javax.ejb.CreateException,java.rmi.RemoteException
       at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invokeHome(StatelessSessionContainer.java:161)


      I believe the security identity isn't being propagated as it was in Jboss 4.0.1sp1, since the same ear file is used in both cases.

      Has anyone else run into this problem?
      Any Suggestions?
      Are there any additional security related attributes that must be configured for Jboss 4.0.2?


      Thanks.