@RunAs does not work with @Startup @Singleton
On both JBoss AS 6.10 and 7.02, @RunAs does not work with a singleton session bean.
A web application consisting out of only 2 files can reproduce this:
RolesTestEJB.java
package com.example;
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import org.jboss.ejb3.annotation.SecurityDomain;
@Stateless
@DeclareRoles({ "FOO" })
@SecurityDomain("something")
public class RolesTestEJB {
@Resource
private SessionContext sessionContext;
@RolesAllowed({ "FOO" })
public void securedMethod() {
System.out.println("In secured RolesTestEJB.securedMethod");
System.out.println("RolesTestEJB.isCallerInRole( \"FOO\" ): " + sessionContext.isCallerInRole("FOO") + " (expect 'true')");
}
}
RolesTestStartupSingleton.java
package com.example;
import javax.annotation.PostConstruct;
import javax.annotation.security.RunAs;
import javax.ejb.EJB;
import javax.ejb.Singleton;
import javax.ejb.Startup;
@RunAs("FOO")
@Startup
@Singleton
public class RolesTestStartupSingleton {
@EJB
private RolesTestEJB rolesTestEJB;
@PostConstruct
public void init() {
rolesTestEJB.securedMethod();
}
}
On JBoss AS 6.10, this generates the following exception:
Caused by: java.lang.IllegalStateException: Local Call: Security Context is null at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:109) [:1.7.21] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [:1.7.21] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) [:1.7.21] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.21] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86) [:1.7.21] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:333) [:1.7.21] at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:158) [:1.7.21] at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invokeEndpoint(NoInterfaceViewInvocationHandler.java:143) [:6.1.0.Final] at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.access$000(NoInterfaceViewInvocationHandler.java:54) [:6.1.0.Final] at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler$1.invoke(NoInterfaceViewInvocationHandler.java:103) [:6.1.0.Final] at org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler$1.proceed(InterceptorInvocationHandler.java:84) [:1.0.0-alpha-1] at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:82) [:1.0.0-alpha-1] at org.jboss.ejb3.nointerface.impl.async.AsyncClientInterceptor.invoke(AsyncClientInterceptor.java:119) [:6.1.0.Final] at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74) [:1.0.0-alpha-1] at org.jboss.ejb3.nointerface.impl.invocationhandler.ObjectMethodsInterceptor.invoke(ObjectMethodsInterceptor.java:78) [:6.1.0.Final] at org.jboss.ejb3.sis.InterceptorAssembly$1.proceed(InterceptorAssembly.java:74) [:1.0.0-alpha-1] at org.jboss.ejb3.sis.InterceptorAssembly.invoke(InterceptorAssembly.java:90) [:1.0.0-alpha-1] at org.jboss.ejb3.sis.reflect.InterceptorInvocationHandler.invoke(InterceptorInvocationHandler.java:110) [:1.0.0-alpha-1] at org.jboss.ejb3.nointerface.impl.invocationhandler.NoInterfaceViewInvocationHandler.invoke(NoInterfaceViewInvocationHandler.java:115) [:6.1.0.Final] at org.jboss.ejb3.proxy.javassist.JavassistInvocationHandlerAdapter.invoke(JavassistInvocationHandlerAdapter.java:71) [:1.0.0] at com.example.RolesTestEJB_$$_javassist_3.securedMethod(RolesTestEJB_$$_javassist_3.java) at com.example.RolesTestStartupSingleton.init(RolesTestStartupSingleton.java:19) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20] at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20] at org.jboss.ejb3.interceptors.aop.LifecycleCallbackBeanMethodInterceptor.invoke(LifecycleCallbackBeanMethodInterceptor.java:69) [:1.1.3] at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) [:1.7.21] at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) [:1.0.4] at org.jboss.aop.joinpoint.ConstructionInvocation.invokeNext(ConstructionInvocation.java:80) [jboss-aop.jar:2.2.2.GA] at org.jboss.ejb3.singleton.aop.impl.ConstructionInvocationContextAdapter.proceed(ConstructionInvocationContextAdapter.java:106) [:1.0.2] at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:247) [:0.0.2] ... 119 more
On JBoss AS 7.02 this generates the following exception:
Caused by: javax.ejb.EJBAccessException: Invocation on method: public void com.example.RolesTestEJB.securedMethod() of bean: RolesTestEJB is not allowed at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:109) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:68) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:146) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:76) at com.example.RolesTestEJB$$$view2.securedMethod(Unknown Source) at com.example.RolesTestStartupSingleton.init(RolesTestStartupSingleton.java:19) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_20] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_20] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_20] at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_20] at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:70) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptor.java:65) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.ManagedReferenceInterceptor.processInvocation(ManagedReferenceInterceptor.java:53) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:44) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ejb3.component.session.SessionInvocationContextInterceptor$CustomSessionInvocationContext.proceed(SessionInvocationContextInterceptor.java:126) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:211) at org.jboss.as.ejb3.tx.CMTTxInterceptor.requiresNew(CMTTxInterceptor.java:313) at org.jboss.as.ejb3.tx.SingletonLifecycleCMTTxInterceptor.processInvocation(SingletonLifecycleCMTTxInterceptor.java:56) at org.jboss.as.ejb3.tx.SingletonLifecycleCMTTxInterceptor.processInvocation(SingletonLifecycleCMTTxInterceptor.java:42) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ejb3.component.session.SessionInvocationContextInterceptor.processInvocation(SessionInvocationContextInterceptor.java:71) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final] at org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:152) ... 9 more
On Glassfish 3.1.1 there is no exception and the following is printed:
INFO: In secured RolesTestEJB.securedMethod INFO: RolesTestEJB.isCallerInRole( "FOO" ): true (expect 'true')
