0 Replies Latest reply on Oct 10, 2013 5:12 AM by avico81

    Method permission doesn't work when calling from MDB

    avico81
    avico81 Oct 10, 2013 5:12 AM

      Hi

       

      I have an issue that method permission (specified in ejb-jar.xml) work anyehere in the code except when calling those beans from MDB class.

       

      I'm using jboss-as-7.1.1.Final

      standalone.xml:

              <subsystem xmlns="urn:jboss:domain:messaging:1.1">

                  <hornetq-server>

                           <persistence-enabled>true</persistence-enabled>

                           <security-domain>exgl</security-domain>

                           <security-enabled>false</security-enabled>

                           <journal-file-size>102400</journal-file-size>

                           <journal-min-files>2</journal-min-files>

      ...

      <!-- auth roles are fetched from the data base -->

      <security-domain name="exgl" cache-type="default">

                          <authentication>

                              <login-module code="DatabaseUsers" flag="required">

                                  <module-option name="dsJndiName" value="java:jboss/datasources/EXGLDS"/>

                                  <module-option name="principalsQuery" value="SELECT szpassword FROM x_user WHERE szlogin=?"/>

                                  <module-option name="rolesQuery" value="SELECT ar.szrole, 'Roles' FROM x_user_role ur INNER JOIN x_auth_role ar ON ar.ulid = ur.ulroleid INNER JOIN x_user u ON u.ulid = ur.uluserid WHERE szlogin=?"/>

                                  <module-option name="hashAlgorithm" value="SHA-256"/>

                                  <module-option name="hashEncoding" value="base64"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      ejb-jar.xml:

      <method>
      <ejb-name>OrderLineDeleteBean</ejb-name>
      <method-name>testAccess</method-name>
      </method>

       

      (I'm using login that has all the permissions)

       

      MDB:

      @MessageDriven(

              activationConfig = {

                      @ActivationConfigProperty(

                              propertyName = "destinationType", propertyValue = "javax.jms.Queue"),

                      @ActivationConfigProperty(

                              propertyName = "destination", propertyValue = "queue/OLAppQueue") })

      @SecurityDomain("exgl")

      @PermitAll

      public class QueueListenerMDB implements MessageListener {

       

          @EJB

          public OrderLineDeleteBean deleteBean;

      ...

      @Override

          public void onMessage(final Message message) {

              try {

                     ...

                     final LoginContext loginContext = new LoginContext("exgl", new PassiveCallbackHandler("ASA", "Abcd1234"));

                     loginContext.login();

                     Subject.doAs(loginContext.getSubject(), new PrivilegedAction<Boolean>() {

                          @Override

                          public Boolean run() {

                              try {

                                  deleteBean.testAccess();


      EJB:


      @Stateless(

              name = "OrderLineDeleteBean")

      @LocalBean

      @SecurityDomain("exgl")

      @DenyAll

      public class OrderLineDeleteBean extends OrderLineBaseBean {

      ...

      public void testAccess() {

              log().trace("passed");

          }

       

       

      I tried calling this bean from anywhere else and the permissions work (authorized roles pass and unauthorized roles fail).

       

      Can anyone tell why this doesn't work the same when calling from MDB? or am I missing something else here?

       

      Thanks a lot

      Avi