5 Replies Latest reply on Sep 13, 2006 12:49 PM by zbigi

    @Service bug

    elkner

      Is it possible, that @Service is still not completely fixed wrt. Permissions ?

      E.g.:

      @Service
      @SecurityDomain("shared")
      @RunAs("staff")
      -- log --
      2006-06-15 23:58:30,355 WARN [ScannerThread:org.jboss.system.ServiceController:515] - Problem stopping service jboss.j2ee:ear=freddyserv.ear,jar=freddyserv-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
      javax.ejb.EJBAccessException: Authentication failure
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
      ...

      When I re/un-deploy the application, I always get this exception and I guess, this causes ClassCastExceptions, when the "new" aka redeployed service tries to access beans ...

      Any hints ?

        • 1. Re: @Service bug
          bdecoste

          In ejb3-interceptors-aop.xml replace in the element, replace:

          <bind pointcut="!execution(* *->create()) AND !execution(* *->start()) AND !execution(*->new(..))">
           <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/>
           </bind>
          


          with

          <bind pointcut="!execution(* *->create()) AND !execution(* *->start()) AND execution(* *->stop()) AND !execution(* *->destroy()) AND !execution(*->new(..))">
           <interceptor-ref name="org.jboss.ejb3.security.AuthenticationInterceptorFactory"/>
           </bind>
          


          and you should be all set. I've opened a JIRA task: http://jira.jboss.com/jira/browse/EJBTHREE-627

          • 2. Re: @Service bug
            elkner

            Thanx william,

            but somehow it doesn't work or I replaced the wrong line. I guess, you ment the 2nd bind entry in the "Service Bean" domain element (for my version 4.0.4GA vanilla this is line 330)?

            Do you need the complete stack trace ?

            • 3. Re: @Service bug
              elkner

              Hmmm, @Service seems still quite bogus wrt. Permissions.

              1) The problem above described in the first posting is still not resolved.
              2) When calling a method of the bean from a servlet (which needs no authentication)
              one gets an authentication exception even if the whole bean is annotated with
              @RunAs("staff"):

              BEAN:
              
              @Service
              @SecurityDomain("shared")
              @RunAs("staff")
              public class UpdateService
               implements UpdateServiceM
              {
              ...
               public String getUpdateList(final String site) { ... }
              ...
              }
              
              SERVLET:
              public class UpdatesServlet extends HttpServlet {
              ...
               private String getList(String site) throws Exception {
               InitialContext ctx = new InitialContext();
               UpdateServiceM svc = (UpdateServiceM)
               ctx.lookup(Version.getAppnameName() + "/UpdateService/local");
               return svc.getUpdateList(site);
               }
               protected void doGet(HttpServletRequest req, HttpServletResponse resp)
               throws IOException
               {
               String s = req.getParameter("site");
               ...
               s = getList(site);
               ...
               }
              ...
              }
              
              EXCEPTION:
              2006-06-23 14:38:02,520 DEBUG [http-192.168.21.1-8080-2:web.UpdatesServlet:83] - doGet
              javax.ejb.EJBAccessException: Authentication failure
               at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
               at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
               at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
               at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
               at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
               at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
               at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
               at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
               at org.jboss.ejb3.service.ServiceLocalProxy.invoke(ServiceLocalProxy.java:75)
               at $Proxy275.getUpdateList(Unknown Source)
               at web.UpdatesServlet.getList(UpdatesServlet.java:54)
               at web.UpdatesServlet.doGet(UpdatesServlet.java:79)
               at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
              ...


              So should I file a bug (currently I've the feeling, that nobody cares about it)? :(

              • 4. Re: @Service bug
                matt10

                I have this same problem and it's frustrating.

                On redeploy of a @Service mbean, I get:

                javax.ejb.EJBAccessException: Authentication failure
                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
                at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
                at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:167)
                at org.jboss.ejb3.service.ServiceMBeanDelegate.invoke(ServiceMBeanDelegate.java:168)
                at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:995)
                at $Proxy0.stop(Unknown Source)
                at org.jboss.system.ServiceController.stop(ServiceController.java:508)
                at sun.reflect.GeneratedMethodAccessor66.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:585)
                at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)

                ...

                This is since I started to use a SecurityDomain on some other EJB3 beans.

                I get this error whether or not on the @Service bean I declare @SecurityDomain, @PermitAll on methods, no security annotation at all, etc.

                • 5. Re: @Service bug
                  zbigi

                  Did anyone manage to solve this problem?
                  I face the same when for my JSR181 web service...