Hi Scott,
the error is not in the DatabaseServerLoginModul. The username being passed
to it is null (or "null").
The error only occurs if the container creates a new instance of the called
stateless session bean. I stored a timestamp as menber variable in the SB
and print it on every call. As long this instance is used no security
exception occurs.
You should be able to reproduce the problem if You include a sequence of jsp
includes in a jsp.
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d1"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d2"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d3"/>
</jsp:include>
<jsp:include page="test.jsp" flush="true">
<jsp:param name="name" value="d4"/>
</jsp:include>
where test.jsp looks up a stateless session bean which respond data fromn an
entity bean.
The data is displayed correct once but the next includes cause the security
exception. With jBoss rel 23 the includes are processed correct each with an
own instance of the SB.
Andreas
> -----Original Message-----
> From: Scott M Stark [SMTP:[EMAIL PROTECTED]]
> Sent: 24 August 2001 17:15
> To: [EMAIL PROTECTED]
> Subject: Re: [JBoss-dev] security exception in 2.4 final
>
> That doesn't narrow the issue down as I can perform this type of access
> pattern without
> seeing a problem. What is the username/principal being passed to the
> DatabaseServerLoginModule
> for authentication when you see the failure?
>
> If you have a test ear that reproduces the problem I can look into the
> issue
> myself.
>
> ----- Original Message -----
> From: "Schouten, Andreas" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Friday, August 24, 2001 1:35 AM
> Subject: RE: [JBoss-dev] security exception in 2.4 final
>
>
> > I reproduced the error today.
> > back to 2.4.0.23 o.k
> > -> 2.4.0.26 faild
> > -> 2.4.0.23 o.k
> > -> 2.4.0 faild
> >
> > fist I copied my jboss.jcml from the 23 release but in the last test I
> > merged my configuration into the jBoss.jcml from final release.
> >
> > I will descripe the steps leading to the error more, perhaps You can
> give
> my
> > a hint how I can locate the problem.
> >
> > 1. Login with a customised login page. -> succsessful
> > 2. The fist page contains only data from tomcat (no remote calls)
> > 3. The second page is genarated with several remote calls. Several
> stateles
> > SB's and EB's are created.
> > 4. The generation of the third (this is the second thread which calls
> beans)
> > fails with the security exception.
> >
> >
> >
> >
> > > -----Original Message-----
> > > From: Scott M Stark [SMTP:[EMAIL PROTECTED]]
> > > Sent: 23 August 2001 21:04
> > > To: [EMAIL PROTECTED]
> > > Subject: Re: [JBoss-dev] security exception in 2.4 final
> > >
> > > This is the binary I am using for the JBossStore site and I don't see
> this
> > > problem for restricted content. The example2 in the JAAS tutorial also
> > > uses the DatabaseServerLoginModule and creates a stateless session
> bean
> > > on each access and this does not show this problem.
> > >
> > > Is the username in the database when this starts to fail?
> > >
>
>
>
> _______________________________________________
> Jboss-development mailing list
> [EMAIL PROTECTED]
> http://lists.sourceforge.net/lists/listinfo/jboss-development
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-development
