1 Reply Latest reply on Jul 5, 2004 11:19 AM by Scott Stark

    EJB1 access unprotected methods in secured EJB2 (not working

    Pedro Salazar Newbie

      Greetings,

      I have an EJB1 which accesses to an EJB2 (entity) secured.

      By default, without setting any authentication by JAAS in EJB1, I got this exception due the missing authentication from EJB1, when I try to make findByPrimaryKey:

      javax.ejb.TransactionRolledbackLocalException: checkSecurityAssociation; CausedByException is:
       Authentication exception, principal=null; CausedByException is:
       checkSecurityAssociation; CausedByException is:
       Authentication exception, principal=null
       org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:204)
       org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:315)
       org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:148)
       org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:120)
       org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
       org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
       org.jboss.ejb.EntityContainer.internalInvoke(EntityContainer.java:484)
       org.jboss.ejb.Container.invoke(Container.java:723)
       org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:359)
       org.jboss.ejb.plugins.local.EntityProxy.invoke(EntityProxy.java:44)
      

      However, I want to open access to EJB1, so I tried 2 alternatives:

      1) I set the <run-as>element in the EJB1 ejb-jar.xml with a role which is allowed in the EJB2:
      <run-as>
       <description>permission to execute with role</description>
       <role-name>slr-user</role-name>
      </run-as>
      


      2) I unchecked the permission in the finder method by primary key in EJB2 ejb-jar.xml:
       <method-permission >
       <description>Permission for findByPK method</description>
       <unchecked/>
       <method >
       <ejb-name>Db</ejb-name>
       <method-name>findByPrimaryKey</method-name>
       </method>
       </method-permission>
      


      However, in both cases I'm still getting the same exception. What is missing here?

      Regards,
      Pedro Salazar.

        • 1. Re: EJB1 access unprotected methods in secured EJB2 (not wor
          Scott Stark Master

          run-as only sets the role for the caller. The caller still needs to be authenticated. If you want to allow anonymous callers you need to specify the unauthenticatedIdentity to pass the authentication step:

           <application-policy name = "other">
           <authentication>
           <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
           flag = "required">
           <module-option name = "unauthenticatedIdentity">guest</module-option>
           </login-module>
           </authentication>
           </application-policy>