3 Replies Latest reply on Mar 2, 2004 5:45 AM by Kees van Dieren

    getPrincipalInfo

    Valery Zhukov Newbie

      Hi there,

      I would like to look up an EJB from an applet. I tried to
      the best of my knowledge but continuously landing with the same exception,

      java.security.AccessControlException: access denied
      (java.lang.RuntimePermission
      org.jboss.security.SecurityAssociation.getPrincipalInfo)
      Can anybody help me out of this?

      Valery

        • 1. Re: getPrincipalInfo
          Adrian Brock Master

          The ejb needs to get the Principal and Credential from
          your applet client.
          But this is a restricted operation that applets are not normally allowed to perform.

          You can:
          1) Make a different container configuration for your
          ejb that does not include the client side security
          interceptor (assumes the client does not need to pass
          this information).
          2) Create your own client side security interceptor that
          retrieves the info using some other mechanism.
          3) Change the permissions for the applet's environment
          to authorise jbosssx-client.jar
          to retrieve this information.

          Regards,
          Adrian

          • 2. Re: getPrincipalInfo
            Kees van Dieren Newbie

             


            1) Make a different container configuration for your
            ejb that does not include the client side security
            interceptor (assumes the client does not need to pass
            this information).
            2) Create your own client side security interceptor that
            retrieves the info using some other mechanism.


            Hello,
            I am having the same problem with EJB's and applets. I would like to access a stateless session bean

            I've already made it to make things working, by updating the policy file at client side.

            The solution I prefer, is to make EJB call's from applets possible, without changing the Applet's security settings. The applet is being downloaded from the JBoss application server, so the restriction that an applet may only open a socket to the server where it's coming from, isn't a problem.

            I'm just guessing if I should choose solution 1 or solution 2


            1. Making a different container configuration that doesn't include client side security

            To test this, according to the documentation (bottom of my post)server/default/conf/standardjboss.xml, opened the stateless session bean container configuration, and updated it to the following:
             <container-configuration>
             <container-name>Standard Stateless SessionBean</container-name>
             <call-logging>false</call-logging>
             <invoker-proxy-binding-name>stateless-rmi-invoker</invoker-proxy-binding-name>
             <container-interceptors>
             <interceptor>org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor</interceptor>
             <interceptor>org.jboss.ejb.plugins.LogInterceptor</interceptor>
            <!-- <interceptor>org.jboss.ejb.plugins.SecurityInterceptor</interceptor>-->
             <!-- CMT -->
             <interceptor transaction="Container">org.jboss.ejb.plugins.TxInterceptorCMT</interceptor>
             <interceptor transaction="Container" metricsEnabled="true">org.jboss.ejb.plugins.MetricsInterceptor</interceptor>
             <interceptor transaction="Container">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
             <!-- BMT -->
             <interceptor transaction="Bean">org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor</interceptor>
             <interceptor transaction="Bean">org.jboss.ejb.plugins.TxInterceptorBMT</interceptor>
             <interceptor transaction="Bean" metricsEnabled="true">org.jboss.ejb.plugins.MetricsInterceptor</interceptor>
             <interceptor>org.jboss.resource.connectionmanager.CachedConnectionInterceptor</interceptor>
             </container-interceptors>
             <instance-pool>org.jboss.ejb.plugins.StatelessSessionInstancePool</instance-pool>
             <instance-cache></instance-cache>
             <persistence-manager></persistence-manager>
             <container-pool-conf>
             <MaximumSize>100</MaximumSize>
             </container-pool-conf>
             </container-configuration>
            


            However, I still get the following exception:
            java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)
            

            Secury seems still to stay enabled. I'm going to tweak settings to try to make things work, has anybody advices for making this working?

            When making it working by changing the applet security, I also had to add the following permission:
             permission java.io.SerializablePermission "enableSubstitution";
            

            Is it possible to fix this problem server-side also?

            Thanks in advance for your time.


            documentation:
            - http://jboss.sourceforge.net/doc-24/ch07s09.html JBoss Security documentation
            - http://jboss.sourceforge.net/doc-24/ch11s21.html An example of applets, ejb and jboss (which doesn't describe anything about this problem)

            • 3. Re: getPrincipalInfo
              Kees van Dieren Newbie

              One problem is fixed: I updated also something in the standardjboss.xml file, tag invoker-proxy-binding:

               <invoker-proxy-binding>
               <name>stateless-rmi-invoker</name>
               <invoker-mbean>jboss:service=invoker,type=jrmp</invoker-mbean>
               <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory>
               <proxy-factory-config>
               <client-interceptors>
               <home>
               <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>
              <!-- <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>-->
               <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
               <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </home>
               <bean>
               <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>
              <!-- <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>-->
               <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>
               <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>
               </bean>
               </client-interceptors>
               </proxy-factory-config>
               </invoker-proxy-binding>
              


              However, another exception occurs:
              access denied (java.io.SerializablePermission enableSubstitution)
              
              java.security.AccessControlException: access denied (java.io.SerializablePermission enableSubstitution)
              


              This exception does not occur when I enable the following line in java.policy (at client-side):
              // permission java.io.SerializablePermission "enableSubstitution";
              


              I'm going to find out, if it is possible to fix this server-side. Any advice is welcome!