1 Reply Latest reply on Nov 30, 2017 4:51 AM by Irfan Ali Dogar

    Getting anonymous principal when session bean is called from MDB

    Jack Reacher Newbie

      We have been trying to migrate an application from Jboss 4.2.2 to Wildfly10. Most of the items are working but for some reason we are facing an issue with principal context propagation from MDB to Stateless Session Beans. The context principal is always “anonymous”

       

      Code to initiate initial context:

       

      Properties jbossEjbClientProperties = new Properties();

      jbossEjbClientProperties.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");

      1. jbossEjbClientProperties.put("remote.connections", "default");
      2. jbossEjbClientProperties.put("remote.connection.remoting.host", "localhost");
      3. jbossEjbClientProperties.put("remote.connection.remoting.port", "8443");

      jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS", "true");

      jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_DISALLOWED_MECHANISMS", "JBOSS-LOCAL-USER");

      1. jbossEjbClientProperties.put(InitialContext.SECURITY_AUTHENTICATION, "simple");
      2. jbossEjbClientProperties.put(InitialContext.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
      3. jbossEjbClientProperties.put("remote.connection.remoting.username", DYNAMIC-USERNAME);
      4. jbossEjbClientProperties.put("remote.connection.remoting.password", DYNAMIC-PASSWORD);

      jbossEjbClientProperties.put("remote.connection.remoting.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");

      1. jbossEjbClientProperties.put(InitialContext.SECURITY_PRINCIPAL, “MY-CUSTOM-PRICIPLE”);

       

      I have read many posts on this issue but none of them are using dynamic username and password. Most of the questions on this matter are either old or un-answered.

      @Resource

      private transient SessionContext context;

       

      This has made me think, is it possible at all to pass custom username/password and principle from an MDB to a SSB?

      Can a custom principal be propagated from an MDB to a Stateless Session Bean, I hope this feature is not removed from current version?

      Is there a working example someone can point me to?

      Now coming to my problem, I have an MDB

       

      @TransactionAttribute(TransactionAttributeType.NOT_SUPPORTED)

      public void onMessage(Message message) {

             context = ImportProcessingUtils.initContext(icmessage.getContact());

      securedBean = (MySecuredBean) FacadeLocatorUtils.getFacade(FacadeLookUpUtils.MySecuredBean, false,

      context);

      Inside my secured Bean

       

      @Interceptors(ExceptionInterceptor.class)

      @Stateless

      @Local(MySecuredBean Local.class)

      @Remote(MySecuredBean Remote.class)

      @SuppressWarnings(WarningConst.UNCHECKED)

      @RolesAllowed("$SYSTEM_ROLE_LOGIN$")

      @SecurityDomain("mySecurityDomain")

      @Clustered()

      public class MySecuredBean extends

      EnterpriseSessionFacadeBean<MySecurity, MySecurityBean> implements

      SecurityFacadeLocal, SecurityFacadeRemote {

       

      @Resource

      private transient SessionContext context;

       

      public boolean checkCurrentContactPermission(Integer accessAreaId, Integer securityActionId) {

      return checkContactPermission(getCurrentContactId(), getCurrentCompanyId(), accessAreaId, securityActionId);

      }

       

       

      public Integer getCurrentContactId(context) {

      Integer contactId = null;

      String callerPrincipal = context. getCallerPrincipal();

                   if (callerPrincipal  != null && isInternalLogin(callerPrincipal)) {

                       contactId = readInternalContactId(callerPrincipal);

                  }

      return contactId;

      }

       

      In the above function callerPrincipal is always anonymous. I have spent many hours searching for a solution for this problem and there are many unanswered questions related to this in this forum. Going to try my luck here

       

      Thanks & Regards,

      Jack