Bugs item #523861, was opened at 2002-02-28 15:04
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=523861&group_id=22866
Category: JBossServer
Group: v2.4 (stable)
Status: Closed
Resolution: Invalid
Priority: 5
Submitted By: John Baker (bongo_john)
Assigned to: Scott M Stark (starksm)
Summary: Intermittent Missing Security Context
Initial Comment:
jdk1.3.1_02 / Win2000 / JBoss2.4.2 with Tomcat 3.2.3
This is unfortunately hard to reproduce but thought I
should let you know. I also have found a workaround
which may be useful for others. I have been
experiencing problems with connecting to a stateless
session bean using the ClientLoginModule along side
the JDBCLoginModule.
// stack trace from first ejb call to
getCallerPrincipal
[ERROR,Default] java.lang.IllegalStateException: No
security context set
[ERROR,Default] at
org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCal
lerPrincipal(EnterpriseContext.java:258)
[ERROR,Default]
[ERROR,Default] at
com.katalyzt.toolbox.model.ejb.TModelSessionBean.getC
allerId(TModelSessionBean.java:72)
[ERROR,Default]
[ERROR,Default] at
com.katalyzt.toolbox.model.ejb.TModelSessionBean.getU
ser(TModelSessionBean.java:58)
[ERROR,Default]
[ERROR,Default] at
com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbC
reate(TModelSessionBean.java:35)
I'm very relieved that after a bit more investigation
I have found a workaround by altering some of my code
to not use getCallerPrincipal() in ejbCreate(). It
seems that intermittently the security context in not
yet available at this point in the life cycle. I
suspect that some synchronization issue is afoot. I
believe the specs allow this call in ejbCreate().
Correct me if I'm wrong on that. It doesn't ever
occurr when this is used outside of ejbCreate().
An interesting thing is that this must of been
actually going on for the last six months but I had
covered it up with a workaround for a bug in a
different app server! The getCallerPrincipal() was
until recently wrapped in a try catch that gave the
user id as "Guest" if the call failed. This was
allowing a temporary identity which would get switched
to the real one on the next call! This code was
removed a few weeks ago but as the problem is
intermittent I only noticed it this week when it
started happening a lot!!
It is extremely unpredicatable and don't really know
how to reproduce it as restarting jboss sometimes
makes it dissappear.
Hope this helps and you have a better insight into why
this might happen. It may be that something is
incorrectly configured but I really just alter
slightly your default configuration mainly for DB
access.
----------------------------------------------------------------------
>Comment By: John Baker (bongo_john)
Date: 2002-03-03 21:46
Message:
Logged In: YES
user_id=346085
Oops. Sorry. You are right. I had infact checked the wrong
table when looking into this in the EJB1.1 spec (The bean
in question was mainly written before 2.0). I hadn't
noticied that ONLY STATEFUL session beans are allowed this
call during ejbCreate(). The reason this occurred at all
was some obsolete and strange workaround code for a problem
with different appserver last year! It was difficult to
remove it all.
----------------------------------------------------------------------
Comment By: Scott M Stark (starksm)
Date: 2002-03-03 18:06
Message:
Logged In: YES
user_id=175228
Actually, my fix is invalid as it is not valid for a
stateless session bean to call getCallerPrincipal from
within ejbCreate. See Table 3 of Section 7.8.2 Operations
allowed in the methods of a stateless session bean class of
the ejb 2.0 spec.
----------------------------------------------------------------------
Comment By: Scott M Stark (starksm)
Date: 2002-03-03 16:16
Message:
Logged In: YES
user_id=175228
Fixed for the 2.4.5 release.
----------------------------------------------------------------------
Comment By: John Baker (bongo_john)
Date: 2002-03-01 11:58
Message:
Logged In: YES
user_id=346085
// Code that produces this (without this doesn't occur)
public void ejbCreate() throws CreateException
{
// Test jboss
sessionContext.getCallerPrincipal().getName();
}
// EJB XML
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>TModelSession</ejb-name>
<home>com.katalyzt.toolbox.model.ejb.TModelSessionHome</home
>
<remote>com.katalyzt.toolbox.model.ejb.TModelSession</remote
>
<ejb-
class>com.katalyzt.toolbox.model.ejb.TModelSessionBean</ejb-
class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<resource-ref>
<res-ref-name>jdbc/KatalyztDB</res-ref-name>
<res-type>javax.sql.DataSource</res-type>
<res-auth>Container</res-auth>
</resource-ref>
</session>
</enterprise-beans>
<assembly-descriptor>
<method-permission>
<role-name>ToolboxUser</role-name>
<method>
<ejb-name>TModelSession</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
<method>
<ejb-name>TModelSession</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
// JBoss XML
<jboss>
<security-domain>java:/jaas/katalyzt</security-domain>
<enterprise-beans>
<session>
<ejb-name>TModelSession</ejb-name>
<jndi-
name>katalyzt/toolbox/model/TModelSessionHome</jndi-name>
<configuration-name></configuration-name>
<resource-ref>
<res-ref-name>jdbc/KatalyztDB</res-ref-name>
<jndi-name>java:/KatalyztDB</jndi-name>
</resource-ref>
</session>
</enterprise-beans>
</jboss>
// The stack trace
[ERROR,TModelSession] TRANSACTION ROLLBACK EXCEPTION:
javax.transaction.TransactionRolledbackException: null
Embedded Exception
No security context set; nested exception is:
javax.ejb.EJBException: null
Embedded Exception
No security context set
javax.ejb.EJBException: null
Embedded Exception
No security context set
at
org.jboss.ejb.StatelessSessionEnterpriseContext.<init>
(StatelessSessi
onEnterpriseContext.java:61)
at
org.jboss.ejb.plugins.StatelessSessionInstancePool.create
(StatelessSe
ssionInstancePool.java:62)
at org.jboss.ejb.plugins.AbstractInstancePool.add
(AbstractInstancePool.j
ava:153)
at
org.jboss.ejb.plugins.AbstractInstancePool.internalGet
(AbstractInstan
cePool.java:216)
at org.jboss.ejb.plugins.AbstractInstancePool.get
(AbstractInstancePool.j
ava:191)
at
org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.in
voke(Stat
elessSessionInstanceInterceptor.java:74)
at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext
(TxInterceptorCMT.ja
va:138)
at
org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions
(TxIntercep
torCMT.java:347)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke
(TxInterceptorCMT.java:1
00)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke
(SecurityInterceptor.
java:127)
at org.jboss.ejb.plugins.LogInterceptor.invoke
(LogInterceptor.java:170)
at org.jboss.ejb.StatelessSessionContainer.invoke
(StatelessSessionContai
ner.java:286)
at
org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invok
e(JRMPCon
tainerInvoker.java:410)
at java.lang.reflect.Method.invoke(Native Method)
at sun.rmi.server.UnicastServerRef.dispatch
(UnicastServerRef.java:241)
at sun.rmi.transport.Transport$1.run
(Transport.java:152)
at java.security.AccessController.doPrivileged
(Native Method)
at sun.rmi.transport.Transport.serviceCall
(Transport.java:148)
at sun.rmi.transport.tcp.TCPTransport.handleMessages
(TCPTransport.java:4
65)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run
(TCPTransport
.java:706)
at java.lang.Thread.run(Thread.java:484)
java.lang.IllegalStateException: No security context set
at
org.jboss.ejb.EnterpriseContext$EJBContextImpl.getCallerPrin
cipal(Ent
erpriseContext.java:258)
at
com.katalyzt.toolbox.model.ejb.TModelSessionBean.ejbCreate
(TModelSess
ionBean.java:51)
at java.lang.reflect.Method.invoke(Native Method)
at
org.jboss.ejb.StatelessSessionEnterpriseContext.<init>
(StatelessSessi
onEnterpriseContext.java:54)
at
org.jboss.ejb.plugins.StatelessSessionInstancePool.create
(StatelessSe
ssionInstancePool.java:62)
at org.jboss.ejb.plugins.AbstractInstancePool.add
(AbstractInstancePool.j
ava:153)
at
org.jboss.ejb.plugins.AbstractInstancePool.internalGet
(AbstractInstan
cePool.java:216)
at org.jboss.ejb.plugins.AbstractInstancePool.get
(AbstractInstancePool.j
ava:191)
at
org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.in
voke(Stat
elessSessionInstanceInterceptor.java:74)
at org.jboss.ejb.plugins.TxInterceptorCMT.invokeNext
(TxInterceptorCMT.ja
va:138)
at
org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions
(TxIntercep
torCMT.java:347)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke
(TxInterceptorCMT.java:1
00)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke
(SecurityInterceptor.
java:127)
at org.jboss.ejb.plugins.LogInterceptor.invoke
(LogInterceptor.java:170)
at org.jboss.ejb.StatelessSessionContainer.invoke
(StatelessSessionContai
ner.java:286)
at
org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invok
e(JRMPCon
tainerInvoker.java:410)
at java.lang.reflect.Method.invoke(Native Method)
at sun.rmi.server.UnicastServerRef.dispatch
(UnicastServerRef.java:241)
at sun.rmi.transport.Transport$1.run
(Transport.java:152)
at java.security.AccessController.doPrivileged
(Native Method)
at sun.rmi.transport.Transport.serviceCall
(Transport.java:148)
at sun.rmi.transport.tcp.TCPTransport.handleMessages
(TCPTransport.java:4
65)
at
sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run
(TCPTransport
.java:706)
at java.lang.Thread.run(Thread.java:484)
// JAAS login from auth.conf
// The katalyzt server login module - Use the jdbc DB table
login module
katalyzt {
/* A JDBC based LoginModule
LoginModule options:
dsJndiName: The name of the DataSource of the database
containing the Principals, Roles tables
principalsQuery: The prepared statement query equivalent to:
"select Password from Principals where PrincipalID=?"
rolesQuery: The prepared statement query equivalent to:
"select Role, RoleGroup from Roles where PrincipalID=?"
*/
org.jboss.security.auth.spi.DatabaseServerLoginModule
required
dsJndiName="java:/KatalyztDB"
principalsQuery="select USER_PWD from TUSER where
USER_NAME = ?"
rolesQuery="select 'ToolboxUser', 'Roles' from TUSER
where USER_NAME = ?"
;
};
----------------------------------------------------------------------
Comment By: Scott M Stark (starksm)
Date: 2002-02-28 17:36
Message:
Logged In: YES
user_id=175228
Show the full server side stack trace along with the
jboss.xml descriptor, the ejb-jar.xml descriptor method
permissions for the TModelSessionBean, and the JAAS login
configuration that corresponds to the security-domain setup
in the jboss.xml descriptor.
----------------------------------------------------------------------
You can respond by visiting:
http://sourceforge.net/tracker/?func=detail&atid=376685&aid=523861&group_id=22866
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
