1 Reply Latest reply on Dec 16, 2010 10:20 AM by Sergiu Pienar

    Authentication info propagating to the called component

    Sergiu Pienar Expert

      While trying to call a component the authentication information is not being propagated.Source of the class where this exception apeears is

      http://www.docjar.com/html/api/org/jboss/security/identity/plugins/SimpleRoleGroup.java.html at line 168 where the iterated list of <Role> objects

      is modified by a parallel thread.The problem is treated here http://community.jboss.org/wiki/SecurityFAQ.

      The stacktrace is :

      [DelegatingAuthorizationModule] Error with delegate:
      java.util.ConcurrentModificationException
             at java.util.AbstractList$Itr.checkForComodification(AbstractList.java:372)
             at java.util.AbstractList$Itr.next(AbstractList.java:343)
             at
      org.jboss.security.identity.plugins.SimpleRoleGroup.containsAtleastOneRole(SimpleRoleGroup.java:168)
             at
      org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate.process(EJBPolicyModuleDelegate.java:156)
             at
      org.jboss.security.authorization.modules.ejb.EJBPolicyModuleDelegate.authorize(EJBPolicyModuleDelegate.java:112)
             at
      org.jboss.security.authorization.modules.AbstractAuthorizationModule.invokeDelegate(AbstractAuthorizationModule.java:143)
             at
      org.jboss.security.authorization.modules.DelegatingAuthorizationModule.authorize(DelegatingAuthorizationModule.java:53)
             at
      org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:220)
             at
      org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:67)
             at
      org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:152)
             at java.security.AccessController.doPrivileged(Native Method)
             at
      org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:148)
             at
      org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:474)
             at
      org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:124)
             at
      org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:116)
             at
      org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:189)
             at
      org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at
      org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
             at
      org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at
      org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
             at
      org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at
      org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
             at
      org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at
      org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
             at
      org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
             at
      org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
             at
      org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
             at
      org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
             at
      org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
             at $Proxy608.queryByReceivedAndGreaterThanValidUntil(Unknown Source)
      org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:549


      Would it be necessary to add the CLient LoginModule configuration to all of our application-policies?