2 Replies Latest reply on Sep 16, 2011 3:41 AM by thescientist

    <run-as><role-name>internalRole.. not working?

    thescientist Newbie

      Hello everybody,

      as described in this post I get SecurityExceptions when calling other EJBs from a session bean.
      Somehow the internalRole (called "local") is not defined or forwarded correctly. The application worked in JBoss 4.2.3 and has to be ported cause of IPv6.
      Do you see any errors in the configuration or is it even a known bug?

      Files are attached at the discussion linked above.

       

      Hope someone can help me.

       

      Stefan

        • 1. Re: <run-as><role-name>internalRole.. not working?
          thescientist Newbie

          Hi

          I'm coming up with this problem again. Still not solved.

          I'm thinking about reporting this as a bug, cause the user has the role in the last lines of our server code. So it gets lost somewhere in the java invocations, or we're calling the invocation in a wrong way (though it workes in AS 4.2.3 and before).

           

          getLocal:

           

          EJBLocalObject local = null;
                  EJBLocalHome home = getLocalHome(componentName);
                  Class homeClass = home.getClass();
                  System.out.println("has user role internalRole:" +sessionContext.isCallerInRole("internalRole"));
                  System.out.println("getting "+componentName);
                  try
                  {
                      Method createMethod = homeClass.getMethod("create", new Class[] { });
                      local = (EJBLocalObject)createMethod.invoke(home, new Object[] { });
                  }
          

          server.log:

           

          2011-06-20 06:21:02,642 INFO  [STDOUT] (WorkerThread#0[127.0.0.1:35666]) has user role internalRole:true
          2011-06-20 06:21:02,643 INFO  [STDOUT] (WorkerThread#0[127.0.0.1:35666]) getting java:comp/env/ejb/BuildingFactoryLocal
          2011-06-20 06:21:02,651 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (WorkerThread#0[127.0.0.1:35666]) Error in Security Interceptor: java.lang.SecurityException: Denied: caller with subject=Betreff:
              Principal: all-roles
              Principal: Roles(members:manager-user,administration-user,result-user,subsidiarysubject-user,secretary-user,examregulation-user,staff-user,laplas-user,web,webservice,toReport-user)
           and security context post-mapping roles=Roles(manager-user,administration-user,result-user,subsidiarysubject-user,secretary-user,examregulation-user,staff-user,laplas-user,web,webservice,toReport-user,): ejbMethod=public abstract de.jexam.server.mgmt.locality.BuildingFactoryLocal de.jexam.server.mgmt.locality.BuildingFactoryLocalHome.create() throws javax.ejb.CreateException
              at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:370) [:6.0.0.Final]
              at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243) [:6.0.0.Final]
              at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205) [:6.0.0.Final]
              at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:142) [:6.0.0.Final]
              at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88) [:6.0.0.Final]
              at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132) [:6.0.0.Final]
              at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107) [:6.0.0.Final]
              at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639) [:6.0.0.Final]
              at org.jboss.ejb.Container.invoke(Container.java:1089) [:6.0.0.Final]
              at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362) [:6.0.0.Final]
              at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133) [:6.0.0.Final]
              at $Proxy811.create(Unknown Source)    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_24]
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_24]
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_24]
              at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_24]
              at de.jexam.server.mgmt.system.JExamSessionBean.getLocal(JExamSessionBean.java:178) [:]
          

           

          So please help me,

          we really need this for IPv6, any little advice would be helpful.

           

          Stefan

          • 2. Re: <run-as><role-name>internalRole.. not working?
            thescientist Newbie

            Hello again,

            i still have the same problem, have look at the post above.

            This topic gets urgent now that jboss as 7 doesn't support ejb 2.1 and we really need IPv6 soon.

             

            Can at least somebody tell me, if the "run-as" attribute works in his/her ejb configuration?

             

            Have a nice day

             

            Edit: I finally found a solution - here you go