7 Replies Latest reply on May 6, 2009 3:19 AM by jaikiran

    Authorization failure when accessing a data source from EJB

      Hi,

      As suggested in http://www.jboss.org/index.html?module=bb&op=viewtopic&t=153488&postdays=0&postorder=asc&start=30 I continue here with the data source authorization problem.

      In a superclass to our generated EJBs we're injecting two data sources as followed:

      /**
       * Base class for all EJB classes.
       */
      @DeclareRoles({FndConstants.USER_ROLE, FndConstants.TRUSTED_MODULE_ROLE})
      @RolesAllowed({FndConstants.USER_ROLE})
      abstract class FndAbstractBean {
      
       @Resource(name="fndbas_en-US", mappedName="java:jdbc/fndbas_en-US")
       private DataSource dsEn;
      
       @Resource(name="fndbas-noxa_en-US", mappedName="java:jdbc/fndbas-noxa_en-US")
       private DataSource dsNoXaEn;
      
       public DataSource getDataSource(String name) throws SystemException {
       if("fndbas_en-US".equals(name))
       return dsEn;
       else if("fndbas-noxa_en-US".equals(name))
       return dsNoXaEn;
       throw new SystemException("No dependency to DataSource " + name);
       }
      
       // rest of the class code...
      }
      


      All EJBs are generated with the same jboss.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
      <jboss>
       <security-domain>java:/jaas/IFSApplications</security-domain>
      </jboss>
      


      Corresponding section in login-config.xml:
       <!-- IFS Applications security domain -->
       <application-policy name="IFSApplications">
       <authentication>
       <login-module code="ifs.fnd.sf.j2ee.security.jboss.FndOracleLoginModule" flag="requisite">
       <module-option name="debug">true</module-option>
       <module-option name="jdbcUrl">jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</module-option>
       <module-option name="driverClassName">oracle.jdbc.OracleDriver</module-option>
       <module-option name="dbAppowner">IFSAPP</module-option>
       <module-option name="systemUsersOnly">false</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      Data sources deployments:

      1) oracle-ds.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <datasources>
       <local-tx-datasource>
       <jndi-name>jdbc/fndbas-noxa_en-US</jndi-name>
       <connection-url>jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</connection-url>
       <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
       <user-name>ifssys</user-name>
       <password>password here...</password>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
       </local-tx-datasource>
      </datasources>
      


      2) oracle-xa-ds.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <datasources>
      
       <xa-datasource>
       <jndi-name>jdbc/fndbas_en-US</jndi-name>
       <track-connection-by-tx>true</track-connection-by-tx>
       <isSameRM-override-value>false</isSameRM-override-value>
       <xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
       <xa-datasource-property name="URL">jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</xa-datasource-property>
       <xa-datasource-property name="User">ifssys</xa-datasource-property>
       <xa-datasource-property name="Password">password here...</xa-datasource-property>
       <min-pool-size>5</min-pool-size>
       <max-pool-size>50</max-pool-size>
       <idle-timeout-minutes>10</idle-timeout-minutes>
       <prepared-statement-cache-size>100</prepared-statement-cache-size>
       <application-managed-security>true</application-managed-security>
       <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
       <no-tx-separate-pools/>
       </xa-datasource>
      
       <mbean code="org.jboss.resource.adapter.jdbc.vendor.OracleXAExceptionFormatter"
       name="jboss.jca:service=OracleXAExceptionFormatter">
       <depends optional-attribute-name="TransactionManagerService">jboss:service=TransactionManager</depends>
       </mbean>
      
      </datasources>
      


      When trying to access a data source I get the following error stack in the console window:

      10:21:55,818 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
      at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
      at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
      at ifs.fnd.sf.j2ee.FndJ2eeConnectionManager.getConnection(FndJ2eeConnectionManager.java:77)
      at ifs.fnd.sf.storage.FndConnectionManager.getPlsqlConnectionImpl(FndConnectionManager.java:341)
      at ifs.fnd.sf.storage.FndConnectionManager.getPlsqlConnection(FndConnectionManager.java:379)
      at ifs.fnd.sf.storage.FndConnectionManager.getConnection(FndConnectionManager.java:211)
      at ifs.fnd.sf.storage.FndSqlStorage$Context.getConnection(FndSqlStorage.java:589)
      at ifs.fnd.sf.storage.FndSqlStorage.query(FndSqlStorage.java:3011)
      at ifs.fnd.sf.storage.FndEntityHandler.query(FndEntityHandler.java:216)
      at ifs.application.applicationsupport.impl.StandardEntityHandlerImpl.queryEntity(StandardEntityHandlerImpl.java:100)
      at ifs.application.applicationsupport.impl.StandardEntityHandlerBean.query(StandardEntityHandlerBean.java:164)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor$InvocationContext.proceed(InvocationContextInterceptor.java:138)
      at ifs.fnd.sf.j2ee.FndAbstractBean.aroundInvoke(FndAbstractBean.java:136)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.ejb3.interceptors.aop.BusinessMethodBeanMethodInterceptor.invoke(BusinessMethodBeanMethodInterceptor.java:71)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:59)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_19401861.invoke(InvocationContextInterceptor
      _z_fillMethod_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_19401861.invoke(InvocationContextInterceptor_z_se
      tup_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
      at org.jboss.aspects.tx.TxInterceptor$Supports.invoke(TxInterceptor.java:143)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:154)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
      at $Proxy144.query(Unknown Source)
      at ifs.fnd.sf.storage.FndEntityHandler.query(FndEntityHandler.java:216)
      at ifs.application.isocountry.ISOCountryHandlerImplBase.query(ISOCountryHandlerImplBase.java:83)
      at ifs.application.isocountry.ISOCountryHandlerWrapper.query(ISOCountryHandlerWrapper.java:117)
      at ifs.application.manageisocountry.impl.BrowseISOCountryImpl.queryISOCountry(BrowseISOCountryImpl.java:38)
      at ifs.application.manageisocountry.BrowseISOCountryWrapper.queryISOCountry(BrowseISOCountryWrapper.java:54)
      at ifs.application.manageisocountry.BrowseISOCountryBean.queryISOCountry(BrowseISOCountryBean.java:92)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor$InvocationContext.proceed(InvocationContextInterceptor.java:138)
      at ifs.fnd.sf.j2ee.FndAbstractBean.aroundInvoke(FndAbstractBean.java:136)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.ejb3.interceptors.aop.BusinessMethodBeanMethodInterceptor.invoke(BusinessMethodBeanMethodInterceptor.java:71)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:59)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_19401861.invoke(InvocationContextInterceptor
      _z_fillMethod_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_19401861.invoke(InvocationContextInterceptor_z_se
      tup_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
      at org.jboss.aspects.tx.TxInterceptor$Supports.invoke(TxInterceptor.java:143)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:154)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
      at $Proxy1099.queryISOCountry(Unknown Source)
      at com.ifsworld.webservices.manageisocountry.browseisocountry.BrowseISOCountry.queryISOCountry(BrowseISOCountry.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.wsf.container.jboss50.invocation.InvocationHandlerJSE.invoke(InvocationHandlerJSE.java:108)
      at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:222)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
      at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
      at org.jboss.web.tomcat.security.BasicAuthValve.invoke(BasicAuthValve.java:75)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)


      Method FndJ2eeConnectionManager.getConnection() - line 77 is the one where we call ds.getConnection():
       protected FndConnection getConnection(String dataSource, String username, String password) throws IfsException {
       FndJ2eeContext ctx = FndJ2eeContext.getCurrentJ2eeContext();
       DataSource ds = ctx.getCurrentBean().getDataSource(dataSource);
       try {
       Connection c = username == null ? ds.getConnection() : ds.getConnection(username, password);
       return new FndConnection(c);
       }
       catch (SQLException e) {
       throw new SystemException(e, Texts.GETDBCONN, dataSource, e.getMessage());
       }
       }
      


      The same application with the same oracle-*.xml data sources deployments and the same definition in login-config.xml works in JBoss 4.3.
      The error stack above comes from version 5.1.0.CR1, but I've also tested with 5.1.0.Beta1 with the same result.


        • 1. Re: Authorization failure when accessing a data source from
          jaikiran

           

          <security-domain>java:/jaas/IFSApplications</security-domain>
          


          Change this to:

          <security-domain>IFSApplications</security-domain>


          i.e. just the name of the application policy. There was a change in AS-4.x where instead of the jndi name (java:/jaas/...), the application policy name is now required.



          • 2. Re: Authorization failure when accessing a data source from

            Ok, thanks for the suggestion - I'll test it (it takes some time to re-generate the code).

            But one question, however, in the mean time - we have some EJBs without database access (with, of course, the same security domain definition in jboss.xml).
            Those EJBs works.

            • 3. Re: Authorization failure when accessing a data source from
              jaikiran

               

              "japase" wrote:


              But one question, however, in the mean time - we have some EJBs without database access (with, of course, the same security domain definition in jboss.xml).
              Those EJBs works.


              Probably those calls do not go through secured beans (/bean methods)?


              • 4. Re: Authorization failure when accessing a data source from

                I have now regenerated the application with new version of jboss.xml:

                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
                <jboss>
                 <security-domain>IFSApplications</security-domain>
                </jboss>
                


                But the problem still exists - the error stack is exactly the same.

                BTW all our beans are secured. We can see in our trace statements that the call to an EJB _is_ authorized and proper roles are assigned. I'm not an expert, but shouldn't the existing subject be reused on getConnection() then?


                • 5. Re: Authorization failure when accessing a data source from
                  jaikiran

                   

                  at java.security.AccessController.doPrivileged(Native Method)
                  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                  at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                  at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
                  at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
                  at ifs.fnd.sf.j2ee.FndJ2eeConnectionManager.getConnection(FndJ2eeConnectionManager.java:77)

                  Sorry, i did not pay much attention to the log and the ds.xml file earlier.

                  Looks like the issue is in the -ds.xml configuration. Remove this from the -ds.xml:

                  <application-managed-security>true</application-managed-security>
                  


                  From what i know, setting this to true means that your code which uses this datasource is expected to get a connection, using the alternate API which accepts user name and password:

                  datasource.getConnection(user,password)


                  Remove that and see how it goes.

                  P.S: Off topic - I am still not sure why this leads to a JAAS call.


                  • 6. Re: Authorization failure when accessing a data source from

                    It helped thanks!
                    The application is working now (but, of course, still with the suggested work around for EJB deployment order, i.e. with the mappedName attribute)

                    • 7. Re: Authorization failure when accessing a data source from
                      jaikiran

                       

                      "japase" wrote:

                      The application is working now

                      Good to know :)

                      "japase" wrote:

                      (but, of course, still with the suggested work around for EJB deployment order, i.e. with the mappedName attribute)


                      We are working on that part.