4 Replies Latest reply on May 11, 2003 4:48 AM by Adrian Brock

    calling EJB from handleNotification in timer listener

    ittay Newbie


      I have a regular class implementing the NotificationListener interface, a session bean send a message to a message driven bean which in turn adds a notification to the timer. when the listener is called by the timer, it tries to call on another session bean (actually, it tries to create an instance of it), but fails with the exception:

      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[User], principalRoles=[]
      at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:346)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
      at org.jboss.ejb.Container.invoke(Container.java:694)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:88)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:175)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:82)
      at $Proxy243.create(Unknown Source)

      all this happens within the save VM, but the session beans have remote interfaces only. the session bean that starts the whole process is called from the outside (by a unit test), and there the security is just fine (the unit tests does a login()).

      please help, but be gentle, i'm a newbie,

        • 1. Re: calling EJB from handleNotification in timer listener

          I'm pretty sure your problem is that your timer thread has no security credentials associated with it.

          When you authenticate to JBoss, its JaasSecurityManager associates your security credentials (Subject) with the current thread. Thereafter, when access permission checks are made it checks to be sure the Subject is associated with the calling thread.

          In your situation, the thread that is trying to create the final session bean is the timer thread, not the thread you logged on with.

          If you need the timer involved, off the top of my head, I'm not sure what to advise you to do; maybe someone else has some ideas?


          • 2. Re: calling EJB from handleNotification in timer listener
            Adrian Brock Master

            You have to do a JAAS login,
            the timer thread doesn't have the security information.

            Something like:

            import javax.security.auth.auth.login.*;

            LoginContext ctx = new LoginContext("client-login", handler);
            // do work

            The handler is a JAAS callback, you could use
            the jboss one:
            handler = new org.jboss.security.auth.callback.UsernamePasswordCallbackHandler(user, password.toCharArray());


            • 3. Re: calling EJB from handleNotification in timer listener
              ittay Newbie

              thanx for your help,

              my problem is that while inside the system i don't have the username/password information available. is there a way of preregistering all threads (or at least the timer thread) when logging in to the system?

              thank you,

              p.s., i can, of course, create some user and password that will always be valid, but woldn't that create a backdoor for the outside world? i.e., if i create a user-password pair, e.g., "jboss", "jboss", wouldn't it be possible to use it to login to the system from the outside (web)?

              • 4. Re: calling EJB from handleNotification in timer listener
                Adrian Brock Master

                Only if you tell them the password.

                The timer uses a threadpool so it is not really
                possible to control who gets those threads.