3 Replies Latest reply on Oct 14, 2003 2:07 AM by Igor Kolomiyets

    Another "Authentication exception, principal=null" problem

    Vincent B Fischer Newbie

      This one would be causing me to pull my hair out... If I had any...

      This occurs seemingly randomly (I doubt it is, but it just seems that way).

      I've got two filters. One filter checks to see if a UserView object is in the session. If not, it redirects to a login.jsp and a login-validate action (struts) that does a JAAS login to JBoss (3.2.1) and puts the object into the session.

      The other filter checks to see if the UserView object is in the session, and if it is, does a JAAS login to JBoss, perfoms {filter-chain}.doChain(). After that, it does a logoff.

      Now this works most of the time. Sometimes (fairly often) I get:
      20:54:43,786 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=null

      What's strange is that I can retry the requested action and it works fine. I've posted my full stack trace below, and will try to attach my relevant source code.

      Any tips/suggestions would be greatly appreciated.

      TIA

      Bryce

      [FULL STACK TRACE:]
      java.lang.SecurityException: Authentication exception, principal=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:162)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
      at org.jboss.ejb.Container.invoke(Container.java:694)
      at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:83)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy47.create(Unknown Source)
      at com.berzerkersoft.bisweb.web.costCenters.BrowseCostCentersAction.getBrowseCenters(BrowseCostCentersAction.java:62)
      at com.berzerkersoft.bisweb.web.costCenters.BrowseCostCentersAction.execute(BrowseCostCentersAction.java:48)
      at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
      at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
      at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
      at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      at com.berzerkersoft.bisweb.web.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:68)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      at com.berzerkersoft.bisweb.web.filters.LoginFilter.doFilter(LoginFilter.java:71)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
      at java.lang.Thread.run(Thread.java:534)
      20:54:43,796 ERROR [STDERR] java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Authentication exception, principal=null
      20:54:43,796 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:346)
      20:54:43,796 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
      20:54:43,796 ERROR [STDERR] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      20:54:43,796 ERROR [STDERR] at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
      20:54:43,796 ERROR [STDERR] at org.jboss.ejb.Container.invoke(Container.java:694)
      20:54:43,796 ERROR [STDERR] at sun.reflect.GeneratedMethodAccessor55.invoke(Unknown Source)
      20:54:43,796 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      20:54:43,796 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:324)
      20:54:43,796 ERROR [STDERR] at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
      20:54:43,796 ERROR [STDERR] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
      20:54:43,796 ERROR [STDERR] at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
      20:54:43,796 ERROR [STDERR] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:83)
      20:54:43,796 ERROR [STDERR] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      20:54:43,796 ERROR [STDERR] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
      20:54:43,796 ERROR [STDERR] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      20:54:43,796 ERROR [STDERR] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      20:54:43,796 ERROR [STDERR] at $Proxy47.create(Unknown Source)
      20:54:43,796 ERROR [STDERR] at com.berzerkersoft.bisweb.web.costCenters.BrowseCostCentersAction.getBrowseCenters(BrowseCostCentersAction.java:62)
      20:54:43,806 ERROR [STDERR] at com.berzerkersoft.bisweb.web.costCenters.BrowseCostCentersAction.execute(BrowseCostCentersAction.java:48)
      20:54:43,806 ERROR [STDERR] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
      20:54:43,806 ERROR [STDERR] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
      20:54:43,806 ERROR [STDERR] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
      20:54:43,806 ERROR [STDERR] at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
      20:54:43,806 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
      20:54:43,806 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      20:54:43,806 ERROR [STDERR] at com.berzerkersoft.bisweb.web.filters.AuthenticationFilter.doFilter(AuthenticationFilter.java:68)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      20:54:43,806 ERROR [STDERR] at com.berzerkersoft.bisweb.web.filters.LoginFilter.doFilter(LoginFilter.java:71)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:213)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
      20:54:43,806 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
      20:54:43,816 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
      20:54:43,816 ERROR [STDERR] at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
      20:54:43,816 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
      20:54:43,816 ERROR [STDERR] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
      20:54:43,816 ERROR [STDERR] at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
      20:54:43,816 ERROR [STDERR] at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
      20:54:43,816 ERROR [STDERR] at java.lang.Thread.run(Thread.java:534)
      20:54:43,816 ERROR [STDERR] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Authentication exception, principal=null
      20:54:43,816 ERROR [STDERR] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:163)
      20:54:43,816 ERROR [STDERR] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
      20:54:43,816 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      20:54:43,816 ERROR [STDERR] ... 62 more

        • 1. Re: Another "Authentication exception, principal=null" probl
          Vincent B Fischer Newbie

          Anyone help on this one?

          I can try to give more details. I'll try to attach my source files too (I've had difficulty doing this).

          I've got a jsp page calling a session bean (using Struts). I've disabled my filters. So, I'm first executing a login screen. The resulting action does the following:

          UsernamePasswordHandler handler = new UsernamePasswordHandler(username, password.toCharArray());

          try {
          System.out.println("Loggin In");
          LoginContext loginContext = new LoginContext("client-login", (CallbackHandler)handler);

          loginContext.login();

          SecurityManagerServiceHome home = SecurityManagerServiceUtil.getHome();
          SecurityManagerServiceRemote service = home.create();

          user = service.getUser(username);
          ...

          This works fine.

          Other screens come up as well. Ocassionally, however, I'll get the following error (full Stack Trace attached):
          20:22:08,026 ERROR [SecurityInterceptor] Authentication exception, principal=null
          20:22:08,026 ERROR [LogInterceptor] EJBException, causedBy:
          java.lang.SecurityException: Authentication exception, principal=null
          at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:162)

          Again, this seems to happen randomly. It will work for 5-10 times, and next time, it won't.

          All security domains appear to be correct. I"m having difficulty being able to attach files, so I've uploaded a zip file to my server. It can be accessed here:

          http://www.berzerker-soft.com/security.zip

          I've included what I feel are the relevant files. Please let me know if you need to see others.

          I'd appreciate any help anyone can give me.

          Thanks

          • 2. full stack trace
            Vincent B Fischer Newbie

            oh yea, here's the full stack trace:

            20:22:08,026 ERROR [SecurityInterceptor] Authentication exception, principal=null
            20:22:08,026 ERROR [LogInterceptor] EJBException, causedBy:
            java.lang.SecurityException: Authentication exception, principal=null
            at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:162)
            at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
            at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
            at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
            at org.jboss.ejb.Container.invoke(Container.java:694)
            at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
            at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
            at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
            at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:83)
            at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
            at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
            at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
            at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
            at $Proxy357.create(Unknown Source)
            at com.berzerkersoft.bisweb.web.funds.BrowseFundsAction.getBrowseFunds(BrowseFundsAction.java:70)
            at com.berzerkersoft.bisweb.web.funds.BrowseFundsAction.execute(BrowseFundsAction.java:54)
            at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
            at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
            at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
            at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
            at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
            at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
            at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
            at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
            at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
            at java.lang.Thread.run(Thread.java:534)
            20:22:08,036 ERROR [STDERR] java.rmi.ServerException: EJBException:; nested exception is:
            javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            Authentication exception, principal=null
            20:22:08,036 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:346)
            20:22:08,036 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
            20:22:08,036 ERROR [STDERR] at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
            20:22:08,036 ERROR [STDERR] at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:310)
            20:22:08,036 ERROR [STDERR] at org.jboss.ejb.Container.invoke(Container.java:694)
            20:22:08,036 ERROR [STDERR] at sun.reflect.GeneratedMethodAccessor143.invoke(Unknown Source)
            20:22:08,036 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            20:22:08,036 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:324)
            20:22:08,036 ERROR [STDERR] at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
            20:22:08,036 ERROR [STDERR] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:549)
            20:22:08,036 ERROR [STDERR] at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:101)
            20:22:08,036 ERROR [STDERR] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:83)
            20:22:08,036 ERROR [STDERR] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
            20:22:08,036 ERROR [STDERR] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:45)
            20:22:08,036 ERROR [STDERR] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
            20:22:08,036 ERROR [STDERR] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
            20:22:08,036 ERROR [STDERR] at $Proxy357.create(Unknown Source)
            20:22:08,036 ERROR [STDERR] at com.berzerkersoft.bisweb.web.funds.BrowseFundsAction.getBrowseFunds(BrowseFundsAction.java:70)
            20:22:08,036 ERROR [STDERR] at com.berzerkersoft.bisweb.web.funds.BrowseFundsAction.execute(BrowseFundsAction.java:54)
            20:22:08,036 ERROR [STDERR] at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
            20:22:08,036 ERROR [STDERR] at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
            20:22:08,036 ERROR [STDERR] at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
            20:22:08,036 ERROR [STDERR] at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)
            20:22:08,036 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
            20:22:08,046 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
            20:22:08,046 ERROR [STDERR] at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
            20:22:08,046 ERROR [STDERR] at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
            20:22:08,046 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
            20:22:08,046 ERROR [STDERR] at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
            20:22:08,046 ERROR [STDERR] at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
            20:22:08,046 ERROR [STDERR] at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
            20:22:08,046 ERROR [STDERR] at java.lang.Thread.run(Thread.java:534)
            20:22:08,046 ERROR [STDERR] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            Authentication exception, principal=null
            20:22:08,046 ERROR [STDERR] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:163)
            20:22:08,046 ERROR [STDERR] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
            20:22:08,046 ERROR [STDERR] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
            20:22:08,046 ERROR [STDERR] ... 56 more

            • 3. Re: full stack trace
              Igor Kolomiyets Newbie

              I think you should replace your "client-login" policy with the following:

              <application-policy name = "client-login">

              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="requisite">
              <module-option name="dsJndiName">java:/DaytonaDS</module-option>
              <module-option name="principalsQuery">select PASSWORD from SYS_USER where USERTYPE = 'U' and USERNAME=?</module-option>
              <module-option name="rolesQuery">select SECITEM, 'Roles' from USER_ROLES where USERNAME=?</module-option>
              </login-module>
              <login-module code = "org.jboss.security.ClientLoginModule"
              flag = "required">
              </login-module>

              </application-policy>

              If you use only org.jboss.security.ClientLoginModule in your "client-login" policy the module only keeps your user name and password without properly authenticating your client. As a result no principals were assigned to your subject sued to check the authorization on the EJB tier.