0 Replies Latest reply on Dec 5, 2012 5:11 AM by lyipb

    Fail to propagate security Principal; Always 'anonymous'; Always 'caller unauthorized'

    lyipb Newbie

      Dear all,

       

      it's my first time to send a post here, hope someone can help me to resolve my problem.

       

      i've  been trying the sample code from j2ee 1.5 tutorial, and i encounter a problem about securing stateful session which is accessed by standalone ejb application client.

       

      Below is the snipplet of application client code to access stateful session bean:

       

      public class CartClient {
          @EJB
          private static Cart cart;
            

       

            
               SecurityAssociationHandler handler = new SecurityAssociationHandler();
               SimplePrincipal user = new SimplePrincipal("tam");
               handler.setSecurityInfo(user, "tam".toCharArray());
               loginContext = new LoginContext("jboss_jaas",(CallbackHandler) handler);
                  System.out.println("Created LoginContext");
                  loginContext.login();

                  cart.initialize("sherman", "123");
                  cart.addBook("Infinite Jest");
                  cart.addBook("Bel Canto");
                  cart.addBook("Kafka on the Shore");

                  List<String> bookList = cart.getContents();

                  bookList = cart.getContents();

                  Iterator<String> iterator = bookList.iterator();

                  while (iterator.hasNext()) {
                   String title = (String) iterator.next();
                   System.out.println(title);
            

                  cart.removeBook("Gravity's Rainbow");
                  cart.remove();
                  doLogOut();
                  System.exit(0);
        

       

      .....}

       

      Unfortunately, exception dumped out on client console:

      Created LoginContext

      Logged in.

      Caught an unexpected exception!

      javax.ejb.EJBAccessException: Caller unauthorized

      at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:571)

      at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)

      at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)

      at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)

      at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)

      at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)

      at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)

      at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)

      at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)

      at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:211)

      at org.jboss.remoting.Client.invoke(Client.java:1724)

      at org.jboss.remoting.Client.invoke(Client.java:629)

      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)

      at $Proxy14.invoke(Unknown Source)

      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)

      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)

      at $Proxy13.addBook(Unknown Source)

      at cart.secure.client.CartClient.doTest(CartClient.java:129)

      at cart.secure.client.CartClient.main(CartClient.java:65)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at org.jboss.ejb3.client.ClientContainer.invokeMain(ClientContainer.java:289)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:301)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:174)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:138)

      at org.jboss.client.AppClientMain.main(AppClientMain.java:134)

      at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)

      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

      at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)

      at $Proxy14.invoke(Unknown Source)

      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)

      at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)

      at $Proxy13.addBook(Unknown Source)

      at cart.secure.client.CartClient.doTest(CartClient.java:129)

      at cart.secure.client.CartClient.main(CartClient.java:65)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at org.jboss.ejb3.client.ClientContainer.invokeMain(ClientContainer.java:289)

      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

      at java.lang.reflect.Method.invoke(Unknown Source)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:301)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:174)

      at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:138)

      at org.jboss.client.AppClientMain.main(AppClientMain.java:134)

       

       

      And server console:

      cart-secure/CartBean/remote - EJB3.x Default Remote Business Interface
      cart-secure/CartBean/remote-cart.secure.ejb.Cart - EJB3.x Remote Business Interface

      2012-12-05 17:56:13,322 INFO  [org.jboss.ejb3.clientmodule.ClientENCInjectionContainer] (HDScanner) STARTED CLIENT ENC CONTAINER: cart-secure-app-client
      2012-12-05 17:56:22,164 WARN  [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (WorkerThread#0[127.0.0.1:3783]) EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor, InterceptorRegistry should be used via the bean container
      2012-12-05 17:56:22,174 WARN  [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (WorkerThread#0[127.0.0.1:3783]) EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor, InterceptorRegistry should be used via the bean container
      2012-12-05 17:56:22,194 INFO  [STDOUT] (WorkerThread#0[127.0.0.1:3783]) anonymous
      2012-12-05 18:04:34,362 INFO  [STDOUT] (WorkerThread#1[127.0.0.1:3825]) anonymous


      anybody can help me out....!? thanks a lot....!!!