2 Replies Latest reply on Jan 8, 2002 10:05 AM by J. Wolfgang Kaltz

    StackOverflowError when authenticating via self-securing ejb

    Joel Peach Newbie

      I'm in the process of testing a LoginModule that creates a session bean instance (AuthenticateSB), then uses that session bean to perform the authentication.

      The AuthenticateSB is in the same EJB jar (with same ejb-jar.xml and jboss.xml) as a bean (TestAuthSB) that has some method permissions set. There are no method permissions required for AuthenticateSB.

      In the jboss.xml file I have defined a <security-domain> element.

      It seems like what is happening is that when I try to access the TestAuthSB, (or any bean in the same deployment unit, for that matter) it calls the login() method of my LoginModule, which then tries to create the AuthenticateSB. When the create() method gets called, my debugger jumps back to the login method, etc, etc, until the stack blows.

      Is there anyway to deploy all of these beans together, or must the AuthenticateSB be deployed in its own unit with no permissions required?

      Thank you for your insight.

      -Joel

        • 1. Re: StackOverflowError when authenticating via self-securing
          Luke Taylor Novice

          Hi,

          Why do you want to implement your authentication service using an EJB?

          If there is a pressing reason for this, then it would probably make more sense to have it deployed as a separate service rather than part of the application which is using it.

          I think you *can* deploy it as part of the same unit, with a different security setup, by using a different container configuration for the authentication EJB (in your jboss.xml file) and overriding the top-level security-domain element for this configuration.

          Even if you have permitted access to all methods in your Authentication bean, the caller must still be authenticated to access it. Hence you get the situation you describe with the bean being called to authenticate method calls to itself ....

          Luke.

          • 2. Re: StackOverflowError when authenticating via self-securing
            J. Wolfgang Kaltz Novice

            > Is there anyway to deploy all of these beans
            > together, or must the AuthenticateSB be deployed in
            > its own unit with no permissions required?

            I posted a similar question a while back, because I had the same problem : I was not able to mix, in the same JAR, an EJB requiring auth with an EJB not requiring auth.
            Somebody replied that this is actually not possible in JBoss. So I am keeping my non-auth beans in a separate distribution jar from my auth beans.