5 Replies Latest reply on Sep 16, 2004 4:45 PM by danl_thompson

Q: SecurityException for getEJBObject method

hildo Aug 31, 2004 7:15 PM

I'm using JBoss 3.2.5, and I have a Stateful Session EJB which is acting as a Facade for client API into my server. The Bean returns a javax.ejb.Handle instance which is used by the client to hold as a reference to its server connection. The server code is as follows:

public Handle createDataClient() throws CreateException, RemoteException {
 DataRemoteHome dataHome = null;
 try {
 dataHome = lookup.getDataRemoteHome();
 } catch (NamingException ex) {
 throw new EJBException("Unable to get DataRemoteHome reference", ex);
 }
 DataRemote data = dataHome.create(userSettings);
 return data.getHandle();
 }

The above it a method in the Session EJB for the Client, and it returns a Handle for another Stateful Session Bean for the Client. The Client code calling this is...

public DataClient createDataClient() throws ServerAccessException {
 validateState();
 try {
 Handle dataHandle = userRemote.createDataClient();
 EJBObject ejbObject = dataHandle.getEJBObject();
 return new DataClientImplementation((DataRemote) ejbObject);
 } catch (CreateException ce) {
 throw new ServerAccessException(ce);
 } catch (RemoteException re) {
 throw new ServerAccessException(re);
 }
 }

So, the client is getting the Handle, calling the getEJBObject() method which should return the EJBObject. Then use the EJBObject. I get a SecurityException when I call the getEJBObject method of the returned Handle object....

java.rmi.ServerException: Could not get EJBObject; nested exception is:
 java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
 java.rmi.ServerException: EJBException:; nested exception is:
 javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME" type="com.bh.bplan.client.ServerAccessException">com.bh.bplan.client.ServerAccessException: java.rmi.ServerException: Could not get EJBObject; nested exception is:
 java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
 java.rmi.ServerException: EJBException:; nested exception is:
 javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME
 at com.bh.bplan.client.UserContextImplementation.createDataClient(UserContextImplementation.java:107)
 at com.bh.bplan.client.UserContextTest.testCreateClients(UserContextTest.java:42)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
Caused by: java.rmi.ServerException: Could not get EJBObject; nested exception is:
 java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
 java.rmi.ServerException: EJBException:; nested exception is:
 javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME
 at org.jboss.proxy.ejb.handle.StatefulHandleImpl.getEJBObject(StatefulHandleImpl.java:158)
 at com.bh.bplan.client.UserContextImplementation.createDataClient(UserContextImplementation.java:102)
 ... 16 more
Caused by: java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
 java.rmi.ServerException: EJBException:; nested exception is:
 javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME
 at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
 at sun.rmi.transport.Transport$1.run(Transport.java:148)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
 at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
 at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
 at java.lang.Thread.run(Thread.java:534)
 at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
 at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
 at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
 at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
 at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:135)
 at org.jboss.proxy.ejb.handle.StatefulHandleImpl.getEJBObject(StatefulHandleImpl.java:154)
 ... 17 more
Caused by: java.rmi.ServerException: EJBException:; nested exception is:
 javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME
 at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
 at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
 at org.jboss.ejb.StatefulSessionContainer.internalInvokeHome(StatefulSessionContainer.java:404)
 at org.jboss.ejb.Container.invoke(Container.java:743)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
 at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:360)
 at sun.reflect.GeneratedMethodAccessor76.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
 at sun.rmi.transport.Transport$1.run(Transport.java:148)
 at java.security.AccessController.doPrivileged(Native Method)
 at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
 at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
 at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
 at java.lang.Thread.run(Thread.java:534)
Caused by: javax.ejb.EJBException: checkSecurityAssociation; nested exception is: java.lang.SecurityException: No method permissions assigned to method=getEJBObject, interface=HOME
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:186)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
 at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invokeHome(CachedConnectionInterceptor.java:205)
 at org.jboss.ejb.plugins.StatefulSessionInstanceInterceptor.invokeHome(StatefulSessionInstanceInterceptor.java:102)
 at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:88)
 at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:341)
 at org.jboss.ejb.plugins.TxInterceptorCMT.invokeHome(TxInterceptorCMT.java:128)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
 ... 24 more

So, the server security interceptor is complaining because it can't find any security for that method. I've been able to go through and (in my deployment descriptor) set up method security for all my Bean methods. But I can't see where I do this for getEJBObject(), which is the method the javax.ejb.Handle interface which is created by JBoss, and not me.

My beans are using the org.jboss.security.auth.spi.UsersRolesLoginModule Authentication module. Is there some way I can configure it to ignore certain methods? Or am I barkingup the wrong tree and should be approaching this some other way? I'm stumped, as I can't see how to set this up...

Any help would be appreciated.

Thanks,
Ed

1. Re: Q: SecurityException for getEJBObject method

starksm64 Sep 11, 2004 10:02 PM (in response to hildo)
That looks like a bug. Have you tried adding the following for the bean in question?

<method> <ejb-name>MyBean</ejb-name> <method-name>getEJBObject</method-name> </method>

We should have a testcase for this but I'll have to check.
Actions
2. Re: Q: SecurityException for getEJBObject method

hildo Sep 12, 2004 6:02 PM (in response to hildo)

I haven't tried that. I will and get back.
Actions
3. Re: Q: SecurityException for getEJBObject method

hildo Sep 15, 2004 6:47 PM (in response to hildo)

I use XDoclet to generate my deployment descriptor. So, for the EJB in question, I added the class-level tag

@ejb.permission unchecked="true"

This resulted in setting the default permission for the EJB's methods to unchecked.

With this deployment descriptor, I could connect without receiving the exception and everything worked.

So, I have a workaround.
Actions
4. Re: Q: SecurityException for getEJBObject method

danl_thompson Sep 16, 2004 4:43 PM (in response to hildo)

Ah, I had to do @ejb:permissions unchecked="true" moethods="*"
Actions
5. Re: Q: SecurityException for getEJBObject method

danl_thompson Sep 16, 2004 4:45 PM (in response to hildo)

or methods... methods would be good.
Actions

Go to original post