seam security integration with ejb security
lucas84 Oct 2, 2010 3:38 PMhi guys
I was trying to apply ejb programmatic security in a booking example. Here is my modified snippet:
package org.jboss.seam.example.booking; import static javax.ejb.TransactionAttributeType.REQUIRES_NEW; import static org.jboss.seam.ScopeType.SESSION; import java.io.Serializable; import java.util.List; import javax.ejb.Remove; import javax.ejb.Stateful; import javax.ejb.TransactionAttribute; import javax.ejb.EJBContext; import javax.annotation.Resource; import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import org.jboss.seam.annotations.Factory; import org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Logger; import org.jboss.seam.annotations.Name; import org.jboss.seam.annotations.Observer; import org.jboss.seam.annotations.Scope; import org.jboss.seam.annotations.datamodel.DataModel; import org.jboss.seam.annotations.datamodel.DataModelSelection; import org.jboss.seam.annotations.security.Restrict; import org.jboss.seam.faces.FacesMessages; import org.jboss.seam.log.Log; @Stateful @Scope(SESSION) @Name("bookingList") @Restrict("{identity.loggedIn}") @TransactionAttribute(REQUIRES_NEW) public class BookingListAction implements BookingList, Serializable { private static final long serialVersionUID = 1L; @PersistenceContext private EntityManager em; @Resource private EJBContext context; @In private User user; @DataModel private List<Booking> bookings; @DataModelSelection private Booking booking; @Logger private Log log; @Factory @Observer("bookingConfirmed") public void getBookings() { bookings = em.createQuery("select b from Booking b where b.user.username = :username order by b.checkinDate") .setParameter("username", user.getUsername()) .getResultList(); } public void cancel() { System.out.println(context.isCallerInRole("admin")); log.info("Cancel booking: #{bookingList.booking.id} for #{user.username}"); Booking cancelled = em.find(Booking.class, booking.getId()); if (cancelled!=null) em.remove( cancelled ); getBookings(); FacesMessages.instance().add("Booking cancelled for confirmation number #0", booking.getId()); } public Booking getBooking() { return booking; } @Remove public void destroy() {} }
As you can see, I just added a dependency to an EJBContext, and in s cancel method I added call to System.out.println(context.isCallerInRole(admin
));
I deploy, log on to the application, book some room, cancel my booking and get a following exception.
Caused by: java.lang.IllegalStateException: No valid security context for the caller identity at org.jboss.ejb3.BaseSessionContext.getCallerPrincipal(BaseSessionContext.java:190) at org.jboss.ejb3.BaseSessionContext.isCallerInRole(BaseSessionContext.java:203) at org.jboss.seam.example.booking.BookingListAction.cancel(BookingListAction.java:67) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:112) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:166) at org.jboss.seam.intercept.EJBInvocationContext.proceed(EJBInvocationContext.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:56) at org.jboss.seam.transaction.RollbackInterceptor.aroundInvoke(RollbackInterceptor.java:28) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.BijectionInterceptor.aroundInvoke(BijectionInterceptor.java:77) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.core.MethodContextInterceptor.aroundInvoke(MethodContextInterceptor.java:44) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.persistence.EntityManagerProxyInterceptor.aroundInvoke(EntityManagerProxyInterceptor.java:29) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.persistence.HibernateSessionProxyInterceptor.aroundInvoke(HibernateSessionProxyInterceptor.java:31) at org.jboss.seam.intercept.SeamInvocationContext.proceed(SeamInvocationContext.java:68) at org.jboss.seam.intercept.RootInterceptor.invoke(RootInterceptor.java:107) at org.jboss.seam.intercept.SessionBeanInterceptor.aroundInvoke(SessionBeanInterceptor.java:50) at sun.reflect.GeneratedMethodAccessor227.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:597) at org.jboss.ejb3.interceptor.InvocationContextImpl.proceed(InvocationContextImpl.java:118) at org.jboss.ejb3.interceptor.EJB3InterceptorsInterceptor.invoke(EJB3InterceptorsInterceptor.java:63) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.ExtendedPersistenceContextPropagationInterceptor.invoke(ExtendedPersistenceContextPropagationInterceptor.java:57) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:54) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
Any help will be very appreciated, thx