3 Replies Latest reply on Mar 2, 2004 5:45 AM by keesvandieren

getPrincipalInfo

zhukoff Sep 28, 2002 12:07 AM

Hi there,

I would like to look up an EJB from an applet. I tried to
the best of my knowledge but continuously landing with the same exception,

java.security.AccessControlException: access denied
(java.lang.RuntimePermission
org.jboss.security.SecurityAssociation.getPrincipalInfo)
Can anybody help me out of this?

Valery

1. Re: getPrincipalInfo

adrian.brock Sep 30, 2002 8:34 AM (in response to zhukoff)

The ejb needs to get the Principal and Credential from
your applet client.
But this is a restricted operation that applets are not normally allowed to perform.

You can:
1) Make a different container configuration for your
ejb that does not include the client side security
interceptor (assumes the client does not need to pass
this information).
2) Create your own client side security interceptor that
retrieves the info using some other mechanism.
3) Change the permissions for the applet's environment
to authorise jbosssx-client.jar
to retrieve this information.

Regards,
Adrian
Actions
2. Re: getPrincipalInfo

keesvandieren Mar 2, 2004 5:35 AM (in response to zhukoff)
1) Make a different container configuration for your
ejb that does not include the client side security
interceptor (assumes the client does not need to pass
this information).
2) Create your own client side security interceptor that
retrieves the info using some other mechanism.

Hello,
I am having the same problem with EJB's and applets. I would like to access a stateless session bean

I've already made it to make things working, by updating the policy file at client side.

The solution I prefer, is to make EJB call's from applets possible, without changing the Applet's security settings. The applet is being downloaded from the JBoss application server, so the restriction that an applet may only open a socket to the server where it's coming from, isn't a problem.

I'm just guessing if I should choose solution 1 or solution 2

1. Making a different container configuration that doesn't include client side security
To test this, according to the documentation (bottom of my post)server/default/conf/standardjboss.xml, opened the stateless session bean container configuration, and updated it to the following:
<container-configuration> <container-name>Standard Stateless SessionBean</container-name> <call-logging>false</call-logging> <invoker-proxy-binding-name>stateless-rmi-invoker</invoker-proxy-binding-name> <container-interceptors> <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor> <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor>   <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor> <interceptor transaction="Container" metricsEnabled="true">org.jboss.ejb.plugins.MetricsInterceptor</interceptor> <interceptor transaction="Container">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>  <interceptor transaction="Bean">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor> <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor> <interceptor transaction="Bean" metricsEnabled="true">org.jboss.ejb.plugins.MetricsInterceptor</interceptor> <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor> </container-interceptors> <instance-pool>org.jboss.ejb.plugins.StatelessSessionInstancePool</instance-pool> <instance-cache></instance-cache> <persistence-manager></persistence-manager> <container-pool-conf> <MaximumSize>100</MaximumSize> </container-pool-conf> </container-configuration>

However, I still get the following exception:
java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

Secury seems still to stay enabled. I'm going to tweak settings to try to make things work, has anybody advices for making this working?

When making it working by changing the applet security, I also had to add the following permission:
permission java.io.SerializablePermission "enableSubstitution";

Is it possible to fix this problem server-side also?

Thanks in advance for your time.

documentation:
- http://jboss.sourceforge.net/doc-24/ch07s09.html JBoss Security documentation
- http://jboss.sourceforge.net/doc-24/ch11s21.html An example of applets, ejb and jboss (which doesn't describe anything about this problem)
Actions

3. Re: getPrincipalInfo

keesvandieren Mar 2, 2004 5:45 AM (in response to zhukoff)

One problem is fixed: I updated also something in the standardjboss.xml file, tag invoker-proxy-binding:

 <invoker-proxy-binding>
 <name>stateless-rmi-invoker</name>
 <invoker-mbean>jboss:service=invoker,type=jrmp</invoker-mbean>
 <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
 <proxy-factory-config>
 <client-interceptors>
 <home>
 <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
<!-- <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>-->
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </home>
 <bean>
 <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
<!-- <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>-->
 <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
 <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
 </bean>
 </client-interceptors>
 </proxy-factory-config>
 </invoker-proxy-binding>

However, another exception occurs:

access denied (java.io.SerializablePermission enableSubstitution)

java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution)

This exception does not occur when I enable the following line in java.policy (at client-side):

// permission java.io.SerializablePermission "enableSubstitution";

I'm going to find out, if it is possible to fix this server-side. Any advice is welcome!

Go to original post