1 Reply Latest reply on Jan 18, 2005 9:54 PM by Scott Stark

    EJBContext.getCallerPrinciple().getName() returns anonymous

    tom acland Newbie

      I was trying out my app on JBoss 4.x today with mostly good results. I have had it working on various versions of 3.x but experienced a problem with calls to getCallerPrinciple() in both the 4.0.0 and 4.0.1 releases.

      I'm using a run-as element in the struts servlet configuration in web.xml ...

      <servlet>
       ...
       <run-as>
       <description>
       The servlet must run in the internal role.
       </description>
       <role-name>internal</role-name>
       </run-as>
       ...
      </servlet>


      ... and an entry in ejb-jar.xml to restrict access to all methods on my stateless session beans (facades) ...

       <method-permission >
       <description><![CDATA[description not supported yet by ejbdoclet]]></description>
       <role-name>internal</role-name>
       <role-name>cms</role-name>
       <method >
       <description><![CDATA[description not supported yet by ejbdoclet]]></description>
       <ejb-name>MetadataManager</ejb-name>
       <method-name>*</method-name>
       </method>
       </method-permission>


      On a couple of business methods on the session beans I need to call EJBContext.getCallerPrinciple().getName() to carry out different transactions depending on who's doing the asking. In v. 3.x this is all fine. In 4.x, I get "anymous" back. Removing the run-as entry in web.xml fixes the problem. What's particularly unintuitive about this is that there are no security exceptions thrown so it looks as if the container recognises the servlet as having the necessary permissions. Also, the entry in my login-config.xml specifies the user "nobody" as the unauthenticated principle name...

      <module-option name="unauthenticatedIdentity">nobody</module-option>


      It is almost as if the run-as directive is causing the caller's principle to be "masked".

      Here is the complete snippet from login-config.xml...

      
       <application-policy name = "alertingservice">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/DefaultDS</module-option>
       <module-option name="unauthenticatedIdentity">nobody</module-option>
       <module-option name="principalsQuery">
       select password from XUser where username=?
       </module-option>
       <module-option name="rolesQuery">
       select r.name, 'Roles' from role_users_user_roles ru, role r, xuser u
       where ru.user=u.id and ru.role=r.id and u.username = ?
       </module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>


      I can work around this issue but I was surprised by it - does it look familiar/explicable to anyone else? Would anyone like more info?

      Tom

        • 1. Re: EJBContext.getCallerPrinciple().getName() returns anonym
          Scott Stark Master

          4.0.x extended the notion of run-as to support an explicit principal to use as the run-as principal. If its not specified it defaults to anonymous. If you want nobody to show up as the run-as principal name then you would add a security-identity element to the jboss.xml:

          ...
           <session>
           <ejb-name>SomeSession</ejb-name>
          ...
           <security-identity>
           <run-as-principal>nobody</run-as-principal>
           </security-identity>
          ...
          


          It looks like we did not add support for this to the jboss-web.xml descriptor that that is a bug.

          A run-as principal in 4.0.x can also have more than one role rather than just the run-as value by using a security-role element in the jboss.xml/jboss-web.xml descriptor:

          ...
           <assembly-descriptor>
           <security-role>
           <role-name>ProjectAdmin</role-name>
           <principal-name>RunAsWithRolesMDBPrincipal</principal-name>
           </security-role>
           <security-role>
           <role-name>CreateFolder</role-name>
           <principal-name>RunAsWithRolesMDBPrincipal</principal-name>
           </security-role>
           <security-role>
           <role-name>DeleteFolder</role-name>
           <principal-name>RunAsWithRolesMDBPrincipal</principal-name>
           </security-role>
           </assembly-descriptor>
          


          These are assigned in addition to the run-as value from the ejb-jar.xml/web.xml descriptor.