0 Replies Latest reply on Dec 19, 2005 5:05 PM by phreak0815

    Unauthenticated Access to SessionBean (EJB3)

    phreak0815
    phreak0815 Dec 19, 2005 5:05 PM

      I define a session bean like so:

      @Stateless
@SecurityDomain("MySecDomain")
public class EchoBean implements EchoRemote
{
 // lots of stuff
}

      I have configured the security domain MySecDomain as "simple property file"-domain in login-config.xml.

      Next I run a client looking up the bean like this: 
      Properties env = new Properties();
 env.setProperty(Context.SECURITY_PRINCIPAL, "peter");
 env.setProperty(Context.SECURITY_CREDENTIALS, "spiderman");
 env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
 InitialContext ctx = new InitialContext(env);

 EchoRemote echo = (EchoRemote) ctx.lookup(EchoRemote.class.getName());

 // do funky things with the bean


      If I try to authenticate with wrong credentials, I get a SecurityException and everything's fine...

      BUT if I run the client once authenticating successfully, let it end modify the code so it looks like this... 

      InitialContext ctx = new InitialContext();
 EchoRemote echo = (EchoRemote) ctx.lookup(EchoRemote.class.getName());

 // do funky things with the bean

      ...I suddenly have unauthenticated access to the bean!

      Waiting a while and trying to run the client again some minutes later results in the expected SecurityException.

      What's wrong? Did I miss something?

      Thanks for reading and even more for help or explanations ;-)

      Kind regards
      Martin

      • 1637 Views
      • Tags: