9 Replies Latest reply on Jan 25, 2007 3:51 AM by jazir1979

    EJBTHREE-615 still present in Embedded-ALPHA9

    hennejg

      Hi,

      EJBTHREE-615 can still be reproduced in Embedded-ALPHA9. I have debugged this rudimentarily up to the fact, that JBossAuthorizationManager.setCachePolicy(CachePolicy) is never called.

      However, I failed to locate the proper version of all of the sources needed to investigate this further. Is there a description of the EJB3-embeddable build process, especially regarding which modules and versions haven been used in APLHA9?

      Thanks!

        • 1. Re: EJBTHREE-615 still present in Embedded-ALPHA9
          bill.burke

          you'll have to do it based on timestamp of aproximately when alpha9 was released (HEAD)

          Sorry, I didn't do a good job of managing the e-ejb3 stuff.

          • 2. Re: EJBTHREE-615 still present in Embedded-ALPHA9
            hennejg

            Bill,

            thanks. I tried 2006-9-14 (the timestamp of the release on sf and inside the archive) but the line numbers for jbosssx (the starting point for me) just don't match with the ones from the code's debug information.
            In fact, I'm even confused about which repository is the correct one. The version I mentioned above is from CVS. SVN also has a JBossAuthorizationManager in /repos/jbossas/projects/security et al. However, those versions lack the updateCache method.

            Thanks!

            • 3. Re: EJBTHREE-615 still present in Embedded-ALPHA9
              jazir1979

              Hi folks,

              I just posted about this to the user forum as well, but that was before I noticed this thread.

              EJBTHREE-615 is causing problems for me too. I'd be willing to debug into it further but had similar problems to Bill when trying to find the correct source. I couldn't even find the correct starting point for the embedded stuff...

              Any pointers, or ideas when this Jira issue would be assigned to a developer?

              cheers,
              Daniel.

              "hennejg" wrote:
              Bill,

              thanks. I tried 2006-9-14 (the timestamp of the release on sf and inside the archive) but the line numbers for jbosssx (the starting point for me) just don't match with the ones from the code's debug information.
              In fact, I'm even confused about which repository is the correct one. The version I mentioned above is from CVS. SVN also has a JBossAuthorizationManager in /repos/jbossas/projects/security et al. However, those versions lack the updateCache method.

              Thanks!


              • 4. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                bill.burke

                We've totally scrapped Embedded EJB3 and started the Embedded JBoss project based on JBoss 5 kernel. New Embedded JBoss will be full featured. Most features of regular jboss should be available in embedded.

                If you want to testdrive, checkout head SVN. its in the jboss-head/embedded directory.

                • 5. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                  jazir1979


                  oh, i see!! thanks for the info..

                  "bill.burke@jboss.com" wrote:
                  We've totally scrapped Embedded EJB3 and started the Embedded JBoss project based on JBoss 5 kernel. New Embedded JBoss will be full featured. Most features of regular jboss should be available in embedded.

                  If you want to testdrive, checkout head SVN. its in the jboss-head/embedded directory.


                  • 6. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                    jazir1979

                    Hi Bill,

                    We've gone and checked out the latest embedded stuff and built it from SVN. FYI, it worked well and was not very hard to convert our tests over to use the new Bootstrap class.

                    However, we are getting exactly the same security problem still. Instead of a NullPointerException in Util.getSubjectRoles(), we get the IllegalArgumentException because this class has been updated to check for null.

                    Here is our stacktrace:

                    java.lang.IllegalArgumentException: Subject is null
                     at org.jboss.security.Util.getSubjectRoles(Util.java:632)
                     at org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAuthorizationManager.java:302)
                     at org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossAuthorizationManager.java:126)
                     at org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurityManager.java:401)
                     at org.jboss.ejb3.BaseSessionContext.isCallerInRole(BaseSessionContext.java:233)
                    .....
                    



                    Would you like me to update JIRA to show that this bug is also present in the latest code based on JBoss5?

                    thanks,
                    daniel.

                    "bill.burke@jboss.com" wrote:
                    We've totally scrapped Embedded EJB3 and started the Embedded JBoss project based on JBoss 5 kernel. New Embedded JBoss will be full featured. Most features of regular jboss should be available in embedded.

                    If you want to testdrive, checkout head SVN. its in the jboss-head/embedded directory.


                    • 7. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                      bill.burke

                      So how do I reproduce? just use the existing ejb3 embedded security example?

                      • 8. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                        jazir1979


                        Hi Bill,

                        I'll verify that for you ASAP and let you know. So far I've only tried it in my own app, not those examples - and the exception that I get is slightly different from what the original poster had, although it does look to be related.

                        I'll let you know.

                        thanks,
                        Daniel.

                        "bill.burke@jboss.com" wrote:
                        So how do I reproduce? just use the existing ejb3 embedded security example?


                        • 9. Re: EJBTHREE-615 still present in Embedded-ALPHA9
                          jazir1979

                          Hi Bill,

                          We did some further testing today using the original CalculatorBean example provided with the old embedded EJB3 stuff.

                          I found that the bug that was reported originally -- a NullPointerException when calling EJBContext.getCallerPrincipal() is definitely FIXED in the latest code from SVN.

                          However, the (similar) bug that I'm having still occurs.

                          You can reproduce it by modifying the add() method in CalculatorBean.java to call ctx.isCallerInRole("student") (or "teacher", or anything..). You will get an IllegalArgumentException in Util.getSubjectRoles(), because the Subject is null:

                           [java] java.lang.IllegalArgumentException: Subject is null
                           [java] at org.jboss.security.Util.getSubjectRoles(Util.java:632)
                           [java] at
                          org.jboss.security.plugins.JBossAuthorizationManager.getCurrentRoles(JBossAu
                          thorizationManager.java:302)
                           [java] at
                          org.jboss.security.plugins.JBossAuthorizationManager.doesUserHaveRole(JBossA
                          uthorizationManager.java:126)
                           [java] at
                          org.jboss.security.plugins.JaasSecurityManager.doesUserHaveRole(JaasSecurity
                          Manager.java:401)
                           [java] at
                          org.jboss.ejb3.BaseSessionContext.isCallerInRole(BaseSessionContext.java:233
                          )
                           [java] at
                          com.synyati.spurwing.test.bean.CalculatorBean.add(CalculatorBean.java:51)
                          


                          thanks for your help on this one,
                          Daniel.