[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

praenti Tue, 13 Oct 2009 01:27:01 -0700

Hi,

What I have to if I want to use the WebAuthentication further? Do I have to 
change the complete login to Web based authentication? I've seen I need then 
j_security_check, but I always get then that this resource is not available 
from tomcat.


For now I tried to use the WebAuthetication but the user is not authenticated 
then. I only get this error:

  | vwg.audi.cancard.MyApplicationException: User is not authenticated or the 
isUserInRole check failed at 
vwg.audi.cancard.ui.action.Login.execute(Login.java:177) at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) 
at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597) at 
com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultActionInvocation.java:441)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(DefaultActionInvocation.java:280)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:243)
 at 
com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doIntercept(DefaultWorkflowInterceptor.java:165)
 at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
 at com.opensymphony.xwork2.!
 DefaultActionInvocation.invoke(DefaultActionInvocation.java:237) at 
com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(ValidationInterceptor.java:252)
 at 
org.apache.struts2.interceptor.validation.AnnotationValidationInterceptor.doIntercept(AnnotationValidationInterceptor.java:68)
 at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
 at 
com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.intercept(ConversionErrorInterceptor.java:122)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
 at 
com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept(ParametersInterceptor.java:195)
 at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
 at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvoc!
 ation.java:237) at com.opensymphony.xwork2.interceptor.Paramet!
 ersInter
ceptor.doIntercept(ParametersInterceptor.java:195) at 
com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept(MethodFilterInterceptor.java:87)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
 at 
com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.intercept(StaticParametersInterceptor.java:179)
 at 
com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionInvocation.java:237)
 at 
  | ...
  | 

The code I used in my Struts2 action:

  | if(username == null || password == null)
  |             throw new RuntimeException("username or password is null");
  |             WebAuthentication pwl = new WebAuthentication();
  |             pwl.login(username, password);
  | 
  |             //Only when there is web login, does the principal be visible
  |             log.info("User 
Principal="+ServletActionContext.getRequest().getUserPrincipal());
  |             //Some basic checks to see if the user who just did a 
programmatic login has a role of "AuthorizedUser"
  |             log.info("isUserInRole(Authorized 
User)="+ServletActionContext.getRequest().isUserInRole("AuthorizedUser"));
  |             if(ServletActionContext.getRequest().getUserPrincipal() == null 
|| !ServletActionContext.getRequest().isUserInRole("AuthorizedUser"))
  |             throw new MyApplicationException("User is not authenticated or 
the isUserInRole check failed");
  | 
  |             //Log the user out
  |             pwl.logout();
  | 
  |             if(ServletActionContext.getRequest().getUserPrincipal() != null 
|| ServletActionContext.getRequest().isUserInRole("AuthorizedUser"))
  |             throw new MyApplicationException("User is still authenticated 
or pass: isUserInRole(Authorized User)");
  | 

In my log I see these two lines:

  | 10:21:16,515 INFO  [Login] User Principal=null
  | 10:21:16,531 INFO  [Login] isUserInRole(Authorized User)=false
  | 

But now the output of my JAAS login module is missing. I think that this is not 
running anymore. Something is missing...

Regards,
Michael

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260010#4260010

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260010

_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea

Reply via email to