2 Replies Latest reply on Jan 29, 2013 11:50 AM by sandeepj

    Invalid User Error Happens sometimes - not all the time

    sandeepj

      Hi,

       

        Version: 6.1.0

        I have a cron job which triggers an EJB call every hour.

         On some machines I see the Invalid User exception sometimes at night. During the day it runs fine. But at night this happens.

         Exact exception looks like "Invalid User: javax.ejb.EJBAccessException: Invalid User"

       

        I read somewhere on the community, and it said that it could be because of problems with LDAP lock out.

         But in my case, I have a hack in the system, so I never talk to the LDAP for internal user.

        

      new ClientLogin() {

                      public void login() {

                      }

       

       

                      public boolean isLoggedIn() {

                          return true;

                      }

       

       

                      public void clean() {

                      }

       

       

                      public String getUser() {

                          return "admin";

                      }

                  }

       

        My cron Job passes the security credentials from top level of the call using:

        SecurityContextAssociation.getSecurityContext().setOutgoingRunAs(new RunAsIdentity("admin", "admin"));

       

      Also, my job runs as admin @RunAs("admin")

       

        It runs fine all day on some machines (all have same version of the software), but for some it throws exception at night.

         Restarting the server removes this problem untill it hits another night.

       

      I am attaching some error logs, please let me know what could be the problem, or advise me on how to start debugging it. Thanks in advance!

       

       

      unrecoverable error: Invalid User: javax.ejb.EJBAccessException: Invalid User

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:333)

                at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:390)

                at sun.reflect.GeneratedMethodAccessor616.invoke(Unknown Source)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

                at java.lang.reflect.Method.invoke(Unknown Source)

                at org.jboss.ejb3.proxy.impl.handler.session.SessionLocalProxyInvocationHandler$LocalContainerInvocation.invokeTarget(SessionLocalProxyInvocationHandler.java:184)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)

                at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

                at org.jboss.ejb3.proxy.impl.handler.session.SessionLocalProxyInvocationHandler$LocalInvokableContextHandler.invoke(SessionLocalProxyInvocationHandler.java:159)

                at $Proxy354.invoke(Unknown Source)

                at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)

                at $Proxy469.method_3(Unknown Source)

                at com.myProject.method_2(EJB1.java:4887)

                at com.myProject.method_1(EJB1.java:827)

        • 1. Re: Invalid User Error Happens sometimes - not all the time
          sandeepj

          I got some hint what could be causing, but maybe some one can help me here.

           

          At night time, I have another job that runs. Job2 uses these kind of security associations:

           

          try{

               SecurityAssociation.pushRunAsIdentity(new RunAsIdentity("admin", "admin"));

          } catch(){

           

          } finally {

               SecurityAssociation.popRunAsIdentity();

          }

           

           

          Job1 is using something like this

          try{

               SecurityContextAssociation.getSecurityContext().setOutgoingRunAs(new RunAsIdentity("admin", "admin"));

          } catch(){

           

          } finally {

          }

           

           

          Could these push and pops on stack be messing up security settings for my job1 ?

          • 2. Re: Invalid User Error Happens sometimes - not all the time
            sandeepj

            Okay, I have figured out the root cause, but I am still not sure why this is happening and what could be the work around.

             

            One of my quartz job calls an EJB1 methodA() , this EJB1 calls another method on another EJB2 methodB().

             

            There is another job in the system, whose sole purpose is to insert a message into the JMS queue.

            It works like this:

             

                @Resource(mappedName = "queue/my-jobs")

                private Queue jobQueue;

             

             

                @Resource(mappedName = "java:/JmsXA")

                private ConnectionFactory connectionFactory;

             

                 methodB() {

                    javax.jms.Connection connection = null;

                    try {

                        connection = connectionFactory.createConnection();

                        Session session = connection.createSession(true, 0);

                        MessageProducer sender = session.createProducer(jobQueue);

                        MapMessage message = session.createMapMessage();

                        sender.send(message);

                    }

                 }

             

            Whenever the first job runs after the second one, the time difference is not significant here. It could be minutes or hours after job 2, that job 1 begins its run.

            Whenevr such a situation arises, I get the invalid user error message when job1 calls the EJB2->methodB().

             

            Surprising thing is that it does not happen at EJB1->methodA().

             

            Any help will be appreciated.