7 Replies Latest reply on Apr 9, 2005 4:34 PM by John Gilbert

    @Unchecked

    Manuel Beyeler Newbie

      @Unchecked does not seem to work. Is this implemented so far?

      schoetz

        • 1. Re: @Unchecked
          Kabir Khan Master

          It is implemented, and works in our testsuite. See docs/tutorial/security for an example.

          FYI @Unchecked means that a user must be authenticated (i.e. valid username/password must be supplied), but it does not care about the roles the user belongs to.

          • 2. Re: @Unchecked
            Manuel Beyeler Newbie

            ok. you mentioned the problem.

            thx for the fast answer
            schoetz

            • 3. Re: @Unchecked
              Bill Burke Master

              specifics? Do you have a @SecurityDomain defined?

              • 4. Re: @Unchecked
                Manuel Beyeler Newbie

                Yes I have one defined. There are also some class-level MethodPermissons.

                • 5. Re: @Unchecked
                  Bill Burke Master

                  Again, specifics? Stack trace? How doesn't it work? Etc..??? I can't really figure out your problem if you don't give me specifics.

                  • 6. Re: @Unchecked
                    Manuel Beyeler Newbie

                    As kabir suggested. The problem is that there is no authenticated user that tries to access the method.

                    I try to access the method out of an MDB where only RunAs is specified. In fact this does not work so I just thought I may set the proper methods on the sessionbeans to @Unchecked to get it working. But obviously then there is no user so this will not work.

                    Know I have just removed the hole security stuff from the SessionBeans accessed from the MDB's. I know this is not so pretty, but it works. And if @RunAs is working I'll change it back.

                    schoetz

                    • 7. Re: @Unchecked
                      John Gilbert Apprentice

                      I'm seeing the same thing. Is this a bug or am I doing something wrong?

                      My classes look like this:

                      @Stateless
                      @SecurityDomain("MyDomain")
                      @MethodPermissions( { "User" })
                      public class MyBean implements .....

                      @MessageDriven(...)
                      @SecurityDomain("MyDomain")
                      @RunAs("User")
                      public class AuditMDB ....

                      I get the following error:

                      16:22:57,734 ERROR [AuthenticationInterceptor] Authentication exception, princip
                      al=null
                      16:22:57,734 ERROR [MDB] Exception in JMSCI message listener
                      javax.transaction.TransactionRolledbackException: Authentication exception, prin
                      cipal=null; nested exception is:
                      java.lang.SecurityException: Authentication exception, principal=null
                      at org.jboss.aspects.tx.TxSupport.rethrowAsTxRolledbackException(TxSuppo
                      rt.java:255)
                      at org.jboss.aspects.tx.TxSupport.invokeInCallerTx(TxSupport.java:179)
                      at org.jboss.aspects.tx.TxSupport$Required.serverInvoke(TxSupport.java:4
                      43)
                      at org.jboss.aspects.tx.TxInterceptor.internalInvoke(TxInterceptor.java:
                      112)
                      at org.jboss.aspects.tx.TxInterceptor.invoke(TxInterceptor.java:60)
                      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
                      java:66)
                      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(Stateles
                      sInstanceInterceptor.java:36)
                      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
                      java:66)
                      at org.jboss.ejb3.mdb.MDB.localInvoke(MDB.java:651)
                      at org.jboss.ejb3.mdb.MDB$MessageListenerImpl.onMessage(MDB.java:847)
                      at org.jboss.jms.asf.StdServerSession.onMessage(StdServerSession.java:25
                      6)
                      at org.jboss.mq.SpyMessageConsumer.sessionConsumerProcessMessage(SpyMess
                      ageConsumer.java:904)
                      at org.jboss.mq.SpyMessageConsumer.addMessage(SpyMessageConsumer.java:15
                      9)
                      at org.jboss.mq.SpySession.run(SpySession.java:351)
                      at org.jboss.jms.asf.StdServerSession.run(StdServerSession.java:180)
                      at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExec
                      utor.java:748)
                      at java.lang.Thread.run(Thread.java:595)
                      Caused by: java.lang.SecurityException: Authentication exception, principal=null

                      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(Authentic
                      ationInterceptor.java:68)
                      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
                      java:66)
                      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(Asynchrono
                      usInterceptor.java:90)
                      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
                      java:66)
                      at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessCont
                      ainer.java:135)
                      at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalPro
                      xy.java:63)
                      at $Proxy101.save(Unknown Source)
                      at net.taylor.event.listener.AuditMDB.onEvent(AuditMDB.java:30)
                      at net.taylor.event.listener.AbstractEventMDB.onMessage(AbstractEventMDB
                      .java:32)
                      at sun.reflect.GeneratedMethodAccessor107.invoke(Unknown Source)
                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
                      sorImpl.java:25)
                      at java.lang.reflect.Method.invoke(Method.java:585)
                      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
                      java:77)
                      at org.jboss.aspects.tx.TxSupport.invokeInCallerTx(TxSupport.java:171)
                      ... 15 more