Session Context is Anonymous when called from MDB
irfan.dogar Nov 9, 2017 2:32 AMHi All,
We have recently migrated our application to from JBoss 4.2.3 to Wildlfy 10.0.Final. Everything is working fine but we are facing an issue with SessionContext propagation from our MDB. The SessionContext principle is always anonymous. We have our custom security domain defined in our standalone.xml
<security-domain name="acegi-simple">
<authentication>
<login-module code="com.os.sp.undertow.extension.CustomSpringSecurityModule" flag="required">
<module-option name="dsJndiName" value="java:/OSSPDS"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="appContextLocation" value="META-INF/acegi-simple.xml"/>
<module-option name="key" value="required_key"/>
</login-module>
</authentication>
<authorization>
<policy-module code="com.os.sp.undertow.extension.CustomSpringSecurityModule" flag="required">
<module-option name="dsJndiName" value="java:/OSSPDS"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="hex"/>
<module-option name="appContextLocation" value="META-INF/acegi-simple.xml"/>
<module-option name="key" value="required_key"/>
</policy-module>
</authorization>
</security-domain>
The initial context initialisation is successful and we are passing dynamic values in username / passowerd:
@TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)
public void onMessage(Message message) {
try {
if (message instanceof ObjectMessage) {
Object obj = ((ObjectMessage) message).getObject();
if (obj instanceof ImportActivatorMessage) {
ImportActivatorMessage icmessage = (ImportActivatorMessage) obj;
if (LOG.isDebugEnabled()) {
LOG.debug("onMessage(): Received %s message. Processing...", icmessage);
}
context = ImportProcessingUtils.initContext(icmessage.getContact());
switch (icmessage.getType()) {
case ImportActivatorMessage.ACTION_PROCESSLINES:
if (LOG.isDebugEnabled()) {
LOG.debug("Import processing started for schedule - %s", icmessage.getScheduledFileName());
}
startImport(icmessage);
if (!getSecurityProfilesBean().checkCurrentContactPermission(AccessArea.IMPORT,
SecurityAction.SECURITY_ACTION_ID_PERFORM)) {
throw new CorruptedImportException("import.seecurityPoint.prohibitPerform", null);
}
private SecurityProfilesFacadeLocal getSecurityProfilesBean() {
if (securityProfilesBean == null) {
securityProfilesBean = (SecurityProfilesFacadeLocal) FacadeLocatorUtils.getFacade(
OFSLookUpUtils.StatelessSecurityProfilesFacadeBean, false, context);
}
return securityProfilesBean;
}
Our security profile bean (StatelessSecurityProfileBean) is found successfully, but inside our security profile bean we try to access SessionContext, which always returns anonymous.
@Resource
private transient SessionContext context;
Anybody have any idea what is the problem in this approach, btw this works fine in Jboss 4.2.3?