1 Reply Latest reply on Jan 29, 2005 2:49 PM by Scott Stark

    application policy changes when SessionContext passed

    Robert Butera Newbie

      I have a very strange problem occuring.

      I am using jboss 4.0.1 and am using a secure ejb. My application-policy looks as follows:

       <application-policy name = "esubmit">
       <authentication>
       <login-module
       code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag="required">
       <module-option name="usersProperties">
       users.properties
       </module-option>
       <module-option name="rolesProperties">
       roles.properties
       </module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      As soon as I enter the ejb, I perform a isCallerInRole("Administrator") which returns true, I then pass the SessionContext object to a static class which makes the same call and returns false. I changed the log settings to TRACE and discovered that when I make the call from the EJB it uses my application-policy, but when I make it from the static class it uses the "HsqlDbRealm" application-policy.

      Here is the log portion:

      2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.services.domain.ejb.SubjectFacadeEJB] Admin role: true
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject:
       Principal: cam
       Principal: Roles(members:Administrator)
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] roles=Roles(members:Administrator)
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] hasRole=false
      2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.services.domain.ejb.SubjectFacadeEJB] User role: false
      2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.domain.datatransferfactories.SubjectDTOFactory] getSubjectDTO(SessionContext, String) - start
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5eb650[Subject(1265354).principals=[cam, Roles(members:Administrator)]]
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@5eb650[Subject(1265354).principals=[cam, Roles(members:Administrator)]]
      2005-02-03 12:37:45,807 DEBUG [org.jboss.ejb.plugins.cmp.jdbc.JDBCFindByPrimaryKeyQuery.Subject#findByPrimaryKey] Executing SQL: SELECT t0_Subject.id FROM SUBJECT t0_Subject WHERE t0_Subject.id=?
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@780af5[Subject(18314684).principals=[sap]]
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.HsqlDbRealm] validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@780af5[Subject(18314684).principals=[sap]]
      2005-02-03 12:37:45,807 DEBUG [au.edu.vut.esubmit.ejbcontainer.domain.datatransferfactories.BaseDTOFactory] checkForRight(SessionContext, SubjectLocal, ArrayList) - start
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject:
       Principal: sap
       Private Credential: javax.resource.spi.security.PasswordCredential@e4e
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] roles=null
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] hasRole=false
      2005-02-03 12:37:45,807 TRACE [org.jboss.security.plugins.JaasSecurityManager.esubmit] doesUserHaveRole(Set), subject: Subject:
      


      I have no idea what's going on. Is there some problem with passing the SessionContext around? Also, this code works fine under JBoss 4.0.1RC1.

      Any help would be greatly appreciated.

      Regards
      Rob