7 Replies Latest reply on May 6, 2009 3:19 AM by jaikiran pai

    Authorization failure when accessing a data source from EJB

    Jacek Palka Newbie

      Hi,

      As suggested in http://www.jboss.org/index.html?module=bb&op=viewtopic&t=153488&postdays=0&postorder=asc&start=30 I continue here with the data source authorization problem.

      In a superclass to our generated EJBs we're injecting two data sources as followed:

      /**
       * Base class for all EJB classes.
       */
      @DeclareRoles({FndConstants.USER_ROLE, FndConstants.TRUSTED_MODULE_ROLE})
      @RolesAllowed({FndConstants.USER_ROLE})
      abstract class FndAbstractBean {
      
       @Resource(name="fndbas_en-US", mappedName="java:jdbc/fndbas_en-US")
       private DataSource dsEn;
      
       @Resource(name="fndbas-noxa_en-US", mappedName="java:jdbc/fndbas-noxa_en-US")
       private DataSource dsNoXaEn;
      
       public DataSource getDataSource(String name) throws SystemException {
       if("fndbas_en-US".equals(name))
       return dsEn;
       else if("fndbas-noxa_en-US".equals(name))
       return dsNoXaEn;
       throw new SystemException("No dependency to DataSource " + name);
       }
      
       // rest of the class code...
      }
      


      All EJBs are generated with the same jboss.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
      <jboss>
       <security-domain>java:/jaas/IFSApplications</security-domain>
      </jboss>
      


      Corresponding section in login-config.xml:
       <!-- IFS Applications security domain -->
       <application-policy name="IFSApplications">
       <authentication>
       <login-module code="ifs.fnd.sf.j2ee.security.jboss.FndOracleLoginModule" flag="requisite">
       <module-option name="debug">true</module-option>
       <module-option name="jdbcUrl">jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</module-option>
       <module-option name="driverClassName">oracle.jdbc.OracleDriver</module-option>
       <module-option name="dbAppowner">IFSAPP</module-option>
       <module-option name="systemUsersOnly">false</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      Data sources deployments:

      1) oracle-ds.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <datasources>
       <local-tx-datasource>
       <jndi-name>jdbc/fndbas-noxa_en-US</jndi-name>
       <connection-url>jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</connection-url>
       <driver-class>oracle.jdbc.driver.OracleDriver</driver-class>
       <user-name>ifssys</user-name>
       <password>password here...</password>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
       </local-tx-datasource>
      </datasources>
      


      2) oracle-xa-ds.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <datasources>
      
       <xa-datasource>
       <jndi-name>jdbc/fndbas_en-US</jndi-name>
       <track-connection-by-tx>true</track-connection-by-tx>
       <isSameRM-override-value>false</isSameRM-override-value>
       <xa-datasource-class>oracle.jdbc.xa.client.OracleXADataSource</xa-datasource-class>
       <xa-datasource-property name="URL">jdbc:oracle:thin:@gbgrnd23:1521:app75sp3</xa-datasource-property>
       <xa-datasource-property name="User">ifssys</xa-datasource-property>
       <xa-datasource-property name="Password">password here...</xa-datasource-property>
       <min-pool-size>5</min-pool-size>
       <max-pool-size>50</max-pool-size>
       <idle-timeout-minutes>10</idle-timeout-minutes>
       <prepared-statement-cache-size>100</prepared-statement-cache-size>
       <application-managed-security>true</application-managed-security>
       <valid-connection-checker-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleValidConnectionChecker</valid-connection-checker-class-name>
       <exception-sorter-class-name>org.jboss.resource.adapter.jdbc.vendor.OracleExceptionSorter</exception-sorter-class-name>
       <no-tx-separate-pools/>
       </xa-datasource>
      
       <mbean code="org.jboss.resource.adapter.jdbc.vendor.OracleXAExceptionFormatter"
       name="jboss.jca:service=OracleXAExceptionFormatter">
       <depends optional-attribute-name="TransactionManagerService">jboss:service=TransactionManager</depends>
       </mbean>
      
      </datasources>
      


      When trying to access a data source I get the following error stack in the console window:

      10:21:55,818 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
      at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
      at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
      at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
      at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
      at ifs.fnd.sf.j2ee.FndJ2eeConnectionManager.getConnection(FndJ2eeConnectionManager.java:77)
      at ifs.fnd.sf.storage.FndConnectionManager.getPlsqlConnectionImpl(FndConnectionManager.java:341)
      at ifs.fnd.sf.storage.FndConnectionManager.getPlsqlConnection(FndConnectionManager.java:379)
      at ifs.fnd.sf.storage.FndConnectionManager.getConnection(FndConnectionManager.java:211)
      at ifs.fnd.sf.storage.FndSqlStorage$Context.getConnection(FndSqlStorage.java:589)
      at ifs.fnd.sf.storage.FndSqlStorage.query(FndSqlStorage.java:3011)
      at ifs.fnd.sf.storage.FndEntityHandler.query(FndEntityHandler.java:216)
      at ifs.application.applicationsupport.impl.StandardEntityHandlerImpl.queryEntity(StandardEntityHandlerImpl.java:100)
      at ifs.application.applicationsupport.impl.StandardEntityHandlerBean.query(StandardEntityHandlerBean.java:164)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor$InvocationContext.proceed(InvocationContextInterceptor.java:138)
      at ifs.fnd.sf.j2ee.FndAbstractBean.aroundInvoke(FndAbstractBean.java:136)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.ejb3.interceptors.aop.BusinessMethodBeanMethodInterceptor.invoke(BusinessMethodBeanMethodInterceptor.java:71)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:59)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_19401861.invoke(InvocationContextInterceptor
      _z_fillMethod_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_19401861.invoke(InvocationContextInterceptor_z_se
      tup_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
      at org.jboss.aspects.tx.TxInterceptor$Supports.invoke(TxInterceptor.java:143)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:154)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
      at $Proxy144.query(Unknown Source)
      at ifs.fnd.sf.storage.FndEntityHandler.query(FndEntityHandler.java:216)
      at ifs.application.isocountry.ISOCountryHandlerImplBase.query(ISOCountryHandlerImplBase.java:83)
      at ifs.application.isocountry.ISOCountryHandlerWrapper.query(ISOCountryHandlerWrapper.java:117)
      at ifs.application.manageisocountry.impl.BrowseISOCountryImpl.queryISOCountry(BrowseISOCountryImpl.java:38)
      at ifs.application.manageisocountry.BrowseISOCountryWrapper.queryISOCountry(BrowseISOCountryWrapper.java:54)
      at ifs.application.manageisocountry.BrowseISOCountryBean.queryISOCountry(BrowseISOCountryBean.java:92)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor$InvocationContext.proceed(InvocationContextInterceptor.java:138)
      at ifs.fnd.sf.j2ee.FndAbstractBean.aroundInvoke(FndAbstractBean.java:136)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.ejb3.interceptors.aop.BusinessMethodBeanMethodInterceptor.invoke(BusinessMethodBeanMethodInterceptor.java:71)
      at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:59)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
      at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_19401861.invoke(InvocationContextInterceptor
      _z_fillMethod_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
      at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_19401861.invoke(InvocationContextInterceptor_z_se
      tup_19401861.java)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
      at org.jboss.aspects.tx.TxInterceptor$Supports.invoke(TxInterceptor.java:143)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RunAsSecurityInterceptorv2.invoke(RunAsSecurityInterceptorv2.java:94)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
      at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:154)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
      at $Proxy1099.queryISOCountry(Unknown Source)
      at com.ifsworld.webservices.manageisocountry.browseisocountry.BrowseISOCountry.queryISOCountry(BrowseISOCountry.java:80)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:597)
      at org.jboss.wsf.container.jboss50.invocation.InvocationHandlerJSE.invoke(InvocationHandlerJSE.java:108)
      at org.jboss.ws.core.server.ServiceEndpointInvoker.invoke(ServiceEndpointInvoker.java:222)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.processRequest(RequestHandlerImpl.java:474)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleRequest(RequestHandlerImpl.java:295)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.doPost(RequestHandlerImpl.java:205)
      at org.jboss.wsf.stack.jbws.RequestHandlerImpl.handleHttpRequest(RequestHandlerImpl.java:131)
      at org.jboss.wsf.common.servlet.AbstractEndpointServlet.service(AbstractEndpointServlet.java:85)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:525)
      at org.jboss.web.tomcat.security.BasicAuthValve.invoke(BasicAuthValve.java:75)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
      at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)


      Method FndJ2eeConnectionManager.getConnection() - line 77 is the one where we call ds.getConnection():
       protected FndConnection getConnection(String dataSource, String username, String password) throws IfsException {
       FndJ2eeContext ctx = FndJ2eeContext.getCurrentJ2eeContext();
       DataSource ds = ctx.getCurrentBean().getDataSource(dataSource);
       try {
       Connection c = username == null ? ds.getConnection() : ds.getConnection(username, password);
       return new FndConnection(c);
       }
       catch (SQLException e) {
       throw new SystemException(e, Texts.GETDBCONN, dataSource, e.getMessage());
       }
       }
      


      The same application with the same oracle-*.xml data sources deployments and the same definition in login-config.xml works in JBoss 4.3.
      The error stack above comes from version 5.1.0.CR1, but I've also tested with 5.1.0.Beta1 with the same result.


        • 1. Re: Authorization failure when accessing a data source from
          jaikiran pai Master

           

          <security-domain>java:/jaas/IFSApplications</security-domain>
          


          Change this to:

          <security-domain>IFSApplications</security-domain>


          i.e. just the name of the application policy. There was a change in AS-4.x where instead of the jndi name (java:/jaas/...), the application policy name is now required.



          • 2. Re: Authorization failure when accessing a data source from
            Jacek Palka Newbie

            Ok, thanks for the suggestion - I'll test it (it takes some time to re-generate the code).

            But one question, however, in the mean time - we have some EJBs without database access (with, of course, the same security domain definition in jboss.xml).
            Those EJBs works.

            • 3. Re: Authorization failure when accessing a data source from
              jaikiran pai Master

               

              "japase" wrote:


              But one question, however, in the mean time - we have some EJBs without database access (with, of course, the same security domain definition in jboss.xml).
              Those EJBs works.


              Probably those calls do not go through secured beans (/bean methods)?


              • 4. Re: Authorization failure when accessing a data source from
                Jacek Palka Newbie

                I have now regenerated the application with new version of jboss.xml:

                <?xml version="1.0" encoding="UTF-8"?>
                <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
                <jboss>
                 <security-domain>IFSApplications</security-domain>
                </jboss>
                


                But the problem still exists - the error stack is exactly the same.

                BTW all our beans are secured. We can see in our trace statements that the call to an EJB _is_ authorized and proper roles are assigned. I'm not an expert, but shouldn't the existing subject be reused on getConnection() then?


                • 5. Re: Authorization failure when accessing a data source from
                  jaikiran pai Master

                   

                  at java.security.AccessController.doPrivileged(Native Method)
                  at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                  at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                  at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                  at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                  at org.jboss.security.integration.JBossSecuritySubjectFactory.createSubject(JBossSecuritySubjectFactory.java:90)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:687)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
                  at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:941)
                  at org.jboss.resource.adapter.jdbc.WrapperDataSource.getConnection(WrapperDataSource.java:89)
                  at ifs.fnd.sf.j2ee.FndJ2eeConnectionManager.getConnection(FndJ2eeConnectionManager.java:77)

                  Sorry, i did not pay much attention to the log and the ds.xml file earlier.

                  Looks like the issue is in the -ds.xml configuration. Remove this from the -ds.xml:

                  <application-managed-security>true</application-managed-security>
                  


                  From what i know, setting this to true means that your code which uses this datasource is expected to get a connection, using the alternate API which accepts user name and password:

                  datasource.getConnection(user,password)


                  Remove that and see how it goes.

                  P.S: Off topic - I am still not sure why this leads to a JAAS call.


                  • 6. Re: Authorization failure when accessing a data source from
                    Jacek Palka Newbie

                    It helped thanks!
                    The application is working now (but, of course, still with the suggested work around for EJB deployment order, i.e. with the mappedName attribute)

                    • 7. Re: Authorization failure when accessing a data source from
                      jaikiran pai Master

                       

                      "japase" wrote:

                      The application is working now

                      Good to know :)

                      "japase" wrote:

                      (but, of course, still with the suggested work around for EJB deployment order, i.e. with the mappedName attribute)


                      We are working on that part.