0 Replies Latest reply on Dec 5, 2012 5:11 AM by lyipb

Fail to propagate security Principal; Always 'anonymous'; Always 'caller unauthorized'

lyipb Dec 5, 2012 5:11 AM

Dear all,

it's my first time to send a post here, hope someone can help me to resolve my problem.

i've been trying the sample code from j2ee 1.5 tutorial, and i encounter a problem about securing stateful session which is accessed by standalone ejb application client.

Below is the snipplet of application client code to access stateful session bean:

public class CartClient {
    @EJB
    private static Cart cart;

         SecurityAssociationHandler handler = new SecurityAssociationHandler();
         SimplePrincipal user = new SimplePrincipal("tam");
         handler.setSecurityInfo(user, "tam".toCharArray());
         loginContext = new LoginContext("jboss_jaas",(CallbackHandler) handler);
            System.out.println("Created LoginContext");
            loginContext.login();

            cart.initialize("sherman", "123");
            cart.addBook("Infinite Jest");
            cart.addBook("Bel Canto");
            cart.addBook("Kafka on the Shore");

List<String> bookList = cart.getContents();

bookList = cart.getContents();

Iterator<String> iterator = bookList.iterator();

            while (iterator.hasNext()) {
             String title = (String) iterator.next();
             System.out.println(title);

            cart.removeBook("Gravity's Rainbow");
            cart.remove();
            doLogOut();
            System.exit(0);

.....}

Unfortunately, exception dumped out on client console:

Created LoginContext

Logged in.

Caught an unexpected exception!

javax.ejb.EJBAccessException: Caller unauthorized

at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:571)

at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)

at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)

at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)

at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)

at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)

at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)

at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)

at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)

at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:211)

at org.jboss.remoting.Client.invoke(Client.java:1724)

at org.jboss.remoting.Client.invoke(Client.java:629)

at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)

at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)

at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)

at $Proxy14.invoke(Unknown Source)

at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)

at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)

at $Proxy13.addBook(Unknown Source)

at cart.secure.client.CartClient.doTest(CartClient.java:129)

at cart.secure.client.CartClient.main(CartClient.java:65)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.jboss.ejb3.client.ClientContainer.invokeMain(ClientContainer.java:289)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

at java.lang.reflect.Method.invoke(Unknown Source)

at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:301)

at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:174)

at org.jboss.ejb3.client.ClientLauncher.launch(ClientLauncher.java:138)

at org.jboss.client.AppClientMain.main(AppClientMain.java:134)

at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)