Is anyone aware of how/why WebLogic is showing us differences between Axis 1.4
and Axis2 in how security is being processed on invocation of a service?
For Axis 1.4 we have our own provider that extends
org.apache.axis.providers.java.RPCProvider, which in its invokeMethod method
sets up a properties object to create a new InitialContext, calls
PortableRemoteObject.narrow, calls the EJB create() method, and then calls
invoke on the service method(), which works fine with WLS.
For Axis2 it looks like this same functionality is provided in EJBUtils.java
and RPCUtils.java; so, we're extending
org.apache.axis2.rpc.receivers.ejb.EJBMessageReceiver and in our
invokeBusinessLogic method, for WLS, we just invoke
super.invokeBusinessLogic(messageContextIn, messageContextOut), which results
in this error:
[ERROR] [EJB:010160]Security Violation: User: '<anonymous>' has insufficient
permission to access EJB: type=<ejb>, application=TestModel, modu
le=FacadeModule.jar, ejb=Axis2DocWebServiceTestBPO, method=simpleAdd,
methodInterface=Remote, signature={int,int}.
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:48)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
at java.lang.reflect.Method.invoke(Method.java:600)
at
org.apache.axis2.rpc.receivers.RPCUtil.invokeServiceClass(RPCUtil.java:194)
at
org.apache.axis2.rpc.receivers.RPCMessageReceiver.invokeBusinessLogic(RPCMessageReceiver.java:102)
at
curam.util.connectors.axis2.CuramMessageReceiver.invokeBusinessLogic(CuramMessageReceiver.java:54)
at
org.apache.axis2.receivers.AbstractInOutMessageReceiver.invokeBusinessLogic(AbstractInOutMessageReceiver.java:40)
at
org.apache.axis2.receivers.AbstractMessageReceiver.receive(AbstractMessageReceiver.java:114)
at org.apache.axis2.engine.AxisEngine.receive(AxisEngine.java:173)
at
org.apache.axis2.transport.http.HTTPTransportUtils.processHTTPPostRequest(HTTPTransportUtils.java:167)
at
org.apache.axis2.transport.http.AxisServlet.doPost(AxisServlet.java:142)
The jndiUser and jndiPassword parameters in services.xml and server-config.wsdd
are equivalent and are both against same WLS system, same ear, different war
files.
I have added runAs code to our Receiver for the WLS JAAS configuration with
some success; but we never had to do this for Axis 1.4. Any ideas why we are
seeing this difference?
Thanks,
William
The information in this email is confidential and may be legally privileged.
It is intended solely for the addressee. Access to this email by anyone else
is unauthorized. If you are not the intended recipient, any disclosure,
copying, distribution or any action taken or omitted to be taken in reliance
on it, is prohibited and may be unlawful. If you are not the intended
addressee please contact the sender and dispose of this e-mail. Thank you.
