-
1. Re: @Service bug
bdecoste Jun 15, 2006 9:20 PM (in response to elkner)In ejb3-interceptors-aop.xml replace in the element, replace:
<bind pointcut="!execution(* *->create()) AND !execution(* *->start()) AND !execution(*->new(..))"> <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/> </bind>
with<bind pointcut="!execution(* *->create()) AND !execution(* *->start()) AND execution(* *->stop()) AND !execution(* *->destroy()) AND !execution(*->new(..))"> <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/> </bind>
and you should be all set. I've opened a JIRA task: http://jira.jboss.com/jira/browse/EJBTHREE-627 -
2. Re: @Service bug
elkner Jun 16, 2006 12:22 AM (in response to elkner)Thanx william,
but somehow it doesn't work or I replaced the wrong line. I guess, you ment the 2nd bind entry in the "Service Bean" domain element (for my version 4.0.4GA vanilla this is line 330)?
Do you need the complete stack trace ? -
3. Re: @Service bug
elkner Jun 23, 2006 11:02 AM (in response to elkner)Hmmm, @Service seems still quite bogus wrt. Permissions.
1) The problem above described in the first posting is still not resolved.
2) When calling a method of the bean from a servlet (which needs no authentication)
one gets an authentication exception even if the whole bean is annotated with
@RunAs("staff"):BEAN: @Service @SecurityDomain("shared") @RunAs("staff") public class UpdateService implements UpdateServiceM { ... public String getUpdateList(final String site) { ... } ... } SERVLET: public class UpdatesServlet extends HttpServlet { ... private String getList(String site) throws Exception { InitialContext ctx = new InitialContext(); UpdateServiceM svc = (UpdateServiceM) ctx.lookup(Version.getAppnameName() + "/UpdateService/local"); return svc.getUpdateList(site); } protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException { String s = req.getParameter("site"); ... s = getList(site); ... } ... } EXCEPTION: 2006-06-23 14:38:02,520 DEBUG [http-192.168.21.1-8080-2:web.UpdatesServlet:83] - doGet javax.ejb.EJBAccessException: Authentication failure at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199) at org.jboss.ejb3.service.ServiceLocalProxy.invoke(ServiceLocalProxy.java:75) at $Proxy275.getUpdateList(Unknown Source) at web.UpdatesServlet.getList(UpdatesServlet.java:54) at web.UpdatesServlet.doGet(UpdatesServlet.java:79) at javax.servlet.http.HttpServlet.service(HttpServlet.java:697) ...
So should I file a bug (currently I've the feeling, that nobody cares about it)? :( -
4. Re: @Service bug
matt10 Jul 27, 2006 11:48 AM (in response to elkner)I have this same problem and it's frustrating.
On redeploy of a @Service mbean, I get:
javax.ejb.EJBAccessException: Authentication failure
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:167)
at org.jboss.ejb3.service.ServiceMBeanDelegate.invoke(ServiceMBeanDelegate.java:168)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:995)
at $Proxy0.stop(Unknown Source)
at org.jboss.system.ServiceController.stop(ServiceController.java:508)
at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
...
This is since I started to use a SecurityDomain on some other EJB3 beans.
I get this error whether or not on the @Service bean I declare @SecurityDomain, @PermitAll on methods, no security annotation at all, etc. -
5. Re: @Service bug
zbigi Sep 13, 2006 12:49 PM (in response to elkner)Did anyone manage to solve this problem?
I face the same when for my JSR181 web service...