2 Replies Latest reply on May 4, 2009 11:32 PM by ips

    EJBAccessException when trying to invoke methods on Profile

    ips
    ips May 4, 2009 4:55 PM

      I've followed the instructions at http://www.jboss.org/community/wiki/RemoteAccesstoProfileService, including setting up a "profileservice" security domain containing a user "admin" with role "Administrator". I'm able to successfully lookup the remote EJB proxy, but I'm getting the following error when I try to invoke any methods on it:

      Exception in thread "main" javax.ejb.EJBAccessException: Caller unauthorized
 at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:415)
 at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
 at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
 at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
 at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:891)
 at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:744)
 at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:697)
 at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:524)
 at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:232)
 at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:211)
 at org.jboss.remoting.Client.invoke(Client.java:1724)
 at org.jboss.remoting.Client.invoke(Client.java:629)
 at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
 at $Proxy7.invoke(Unknown Source)
 at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
 at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
 at $Proxy2.getDomains(Unknown Source)
 at test.EjbClient.main(EjbClient.java:35)
 at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
 at $Proxy7.invoke(Unknown Source)
 at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
 at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
 at $Proxy2.getDomains(Unknown Source)
 at test.EjbClient.main(EjbClient.java:35)


      The client code I'm using is at https://svn.jboss.org/repos/jopr/trunk/etc/jbas5-ejb-client/.

      Here's my security config from the server side:

      entry from default/conf/login-config.xml: 

      <application-policy name="profileservice">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag="required">
 <module-option name="usersProperties">props/profileservice-users.properties</module-option>
 <module-option name="rolesProperties">props/profileservice-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>


      default/conf/props/profileservice-users.properties: 

      admin=admin


      default/conf/props/profileservice-roles.properties: 

      admin=Administrator


      What am I missing?

      Thanks,
      Ian


      • 1216 Views
      • Tags:
        • 1. Re: EJBAccessException when trying to invoke methods on Prof
          starksm64
          starksm64 May 4, 2009 9:13 PM (in response to ips)

          the security domain is already defined in the deploy/profileservice-jboss-beans.xml:

           <!-- profileservice secureview application-policy definition -->
 <application-policy xmlns="urn:jboss:security-beans:1.0" name="profileservice">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
 <module-option name="unauthenticatedIdentity">nouser</module-option>
 <module-option name="usersProperties">profileservice-users.properties</module-option>
 <module-option name="rolesProperties">profileservice-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>


          and this refers to the profileservice-*.properties found in the root of the profileservice-secured.jar deployment: 
          [573][valkyrie: deploy]$ ls profileservice-secured.jar/
META-INF profileservice-users.properties
profileservice-roles.properties


          Updating the users/roles there is what you need to do.

          We probably should be reporting some kind of warning when two deployments are creating the same security domain.


            • Actions
          • 2. Re: EJBAccessException when trying to invoke methods on Prof
            ips
            ips May 4, 2009 11:32 PM (in response to ips)

            I removed my own profileservice domain, restarted the app server, and updated my client code to use Context.SECURITY_PRINCIPAL="javaduke" and Context.SECURITY_CREDENTIALS="anotherduke", but I still get the same "javax.ejb.EJBAccessException: Caller unauthorized" error. My latest client code is at https://svn.jboss.org/repos/jopr/trunk/etc/jbas5-ejb-client/.

              • Actions