2 Replies Latest reply on Oct 29, 2010 2:36 AM by asterisk

    Call SLSB from custom MBean

    asterisk

      Hello,

       

      I use JBoss 5.1.0GA with HornetQ 2.0.0 for messaging.

       

      I want to call a secured stateless SessionBean from within an MBean. Since the MBean and the SLSB are running in the same JBoss I thought I can use the local interface of the SLSB. But this does not work. I always receive a SecurityException in the create method because the wrong security domain is used ("other" instead of the one for my application "mycontext").

       

      This is the code I use to log in:

       

      {code}LoginContext loginContext = new LoginContext("mycontext", new AppCallbackHandler("username", "password"));

      loginContext.login();



      Subject subject = new Subject();


      SecurityAssociation.setSubject(subject);


      SecurityAssociation.setPrincipal(new SimplePrincipal("username"));


      SecurityAssociation.setCredential("password");

      {code}

       

      And this is the code to instanciate the SLSB:

       

      {code}Context ctx = new InitialContext();


      LDAPConnectorLocalHome home = (LDAPConnectorLocalHome)ctx.lookup("myapp/default/local/LDAPConnector");


      LDAPConnectorLocal ldap = home.create();

      {code}

       

      I use this code, because I get an "env not bound" if I use the following code:

       

      {code}LDAPConnectorLocal ldap = LDAPConnectorUtil.getLocalHome().create();{code}

       

      It works if I use the remote interface for the LDAP:

       

      {code}Context ctx = new InitialContext();


      LDAPConnectorHome home = (LDAPConnectorHome)ctx.lookup("myapp/default/LDAPConnector");


      LdapConnector ldap = home.create();

      {code}

       

      So why can't I use the local interface? As far as I know it should be possible to use the local interface, because the MBean and the SLSB run in the same JBoss, so in the same VM.

       

      The second problem is that if I use the remote interface as shown above, I later receive a SecurityException. The MBean starts a timer which calls a method in the MBean. This method tries to call a method in the LDAP. And at this point I get a SecurityException. The security domain that is used is correct, it is "mycontext". But the username is not correct, it is not "username" but a name that is used for messaing (HornetQ) for example. Do I receive this SecutrityException because the methos is called from another thread? What is the problem here?

       

      This code (with usage of the local interface) was working on JBoss 4.0.4.

       

       

      Thank you very much!