I am running JBAS 4.0.4GA_Patch1. I have an annotated EJB3 MDB, with the
following annotations:
@SecurityDomain("myRealm")
| @RunAs("system")
| @RolesAllowed( {
| "admin", "system"
| })
|
Inside of my MDB, I am calling a function on a SLSB (called "UserBean").
Inside of my SLSB UserBean, I execute the following call (notice the injected
SessionContext):
| @Resource SessionContext context;
|
| public someFunc(..)
| {
| Principal p = this.context.getCallerPrincipal();
| }
|
Now, this SLSB call works just fine if I access the SLSB from, say, a
web-services call (I get the proper principal returned). However, when I call
it from an MDB, I get the following exception:
"java.lang.IllegalStateException: No valid security context for the caller
identity".
After doing a bit of digging, I noticed that inside of the SecurityAssociation
class, the peekRunAsIdentity() function is being called with a depth of 1.
Inside of peekRunAsIdentity, the peek() function is trying to determine a valid
"runas" role. If I debug this, I can see the correct "system" role in the
stack (ArrayList) object, complete with an "anonymous" principal name.
However, the depth always gets set to -1 inside of the peek function, and so
the "RunAs" role is ignored. The peek() function (incorrectly) assumes that
the principal is null, and throws an IllegalStateException.
Something seems amiss here...like I said, my code works fine, so long as its
not invoked from an MDB. Can anybody comment on this?
Thanks!
David
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3977365#3977365
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3977365
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
