Method permission doesn't work when calling from MDB
avico81 Oct 10, 2013 3:58 AMHi
I have an issue that method permission (specified in ejb-jar.xml) work anyehere in the code except when calling those beans from MDB class.
I'm using jboss-as-7.1.1.Final
standalone.xml:
<subsystem xmlns="urn:jboss:domain:messaging:1.1">
<hornetq-server>
<persistence-enabled>true</persistence-enabled>
<security-domain>exgl</security-domain>
<security-enabled>false</security-enabled>
<journal-file-size>102400</journal-file-size>
<journal-min-files>2</journal-min-files>
...
<!-- auth roles are fetched from the data base -->
<security-domain name="exgl" cache-type="default">
<authentication>
<login-module code="DatabaseUsers" flag="required">
<module-option name="dsJndiName" value="java:jboss/datasources/EXGLDS"/>
<module-option name="principalsQuery" value="SELECT szpassword FROM x_user WHERE szlogin=?"/>
<module-option name="rolesQuery" value="SELECT ar.szrole, 'Roles' FROM x_user_role ur INNER JOIN x_auth_role ar ON ar.ulid = ur.ulroleid INNER JOIN x_user u ON u.ulid = ur.uluserid WHERE szlogin=?"/>
<module-option name="hashAlgorithm" value="SHA-256"/>
<module-option name="hashEncoding" value="base64"/>
</login-module>
</authentication>
</security-domain>
ejb-jar.xml:
<method> | ||||
<ejb-name>OrderLineDeleteBean</ejb-name> | ||||
<method-name>testAccess</method-name> | ||||
</method> |
(I'm using login that has all the permissions)
MDB:
@MessageDriven(
activationConfig = {
@ActivationConfigProperty(
propertyName = "destinationType", propertyValue = "javax.jms.Queue"),
@ActivationConfigProperty(
propertyName = "destination", propertyValue = "queue/OLAppQueue") })
@SecurityDomain("exgl")
@PermitAll
public class QueueListenerMDB implements MessageListener {
@EJB
public OrderLineDeleteBean deleteBean;
...
@Override
public void onMessage(final Message message) {
try {
...
final LoginContext loginContext = new LoginContext("exgl", new PassiveCallbackHandler("ASA", "Abcd1234"));
loginContext.login();
Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Boolean>() {
@Override
public Boolean run() {
try {
deleteBean.testAccess();
EJB:
@Stateless(
name = "OrderLineDeleteBean")
@LocalBean
@SecurityDomain("exgl")
@DenyAll
public class OrderLineDeleteBean extends OrderLineBaseBean {
...
public void testAccess() {
log().trace("passed");
}
I tried calling this bean from anywhere else and the permissions work (authorized roles pass and unauthorized roles fail).
Can anyone tell why this doesn't work the same when calling from MDB? or am I missing something else here?
Thanks a lot
Avi