[jboss-user] [EJB3] - Re: security in ejb3.1 using jboss 6.0 CR1

[aravind kopparthi]

aravind kopparthi [http://community.jboss.org/people/aravindsk] created the 
discussion

"Re: security in ejb3.1 using jboss 6.0 CR1"

To view the discussion, visit: http://community.jboss.org/message/575244#575244

--------------------------------------------------------------
Here is the log that i got ( when i enabled debug).

logged in as admin expecting that i will get a permission denied when calling 
getMembers() in SLSB since it is annotated as @RolesAllowed("businessowner").



user=admin
roles=*HttpInvoker,JBossAdmin,WebAppUser*


REST/WEB-REQUEST

@Path("/members")
@RequestScoped
*public* *class* MemberRESTService
{

      @EJB
      Private SLSBProcessBean memberBean;
      @GET
      @Produces(MediaType.+APPLICATION_XML+)
*public* List<Member> findMember() {
*return* memberBean.getMembers()
      }
}

-----------EJB----------
@Stateless
Public class SLSBProcessBean {


@RolesAllowed("businessowner")
Public List getMembers()
{
            //Business Logic
            Return members;
}
}

 config
META-INF/Jboss.xml

<jboss>
    <security-domain>java:/jaas/myapp-secure-domain</security-domain>
</jboss>


WEB-INF/jboss-web.xml
<jboss-web>

  <security-domain>java:/jaas/myapp-secure-domain </security-domain>

</jboss-web>

------------------------------------------------------------------------------------------------------------------------------------LOG-------------------------------------------------------

11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] 
Security checking request GET /javaee6-app/rest/members
11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] We 
have cached auth type FORM for principal 
GenericPrincipal[*admin(HttpInvoker,JBossAdmin,WebAppUser*,)]
11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   Checking constraint 
'SecurityConstraint[All resources]' against GET /rest/members--> false
11:44:16,109 DEBUG [org.apache.catalina.realm.RealmBase]   No applicable 
constraint located
11:44:16,109 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase]  Not 
subject to any constraint
11:44:16,109 DEBUG [org.jboss.resteasy.core.SynchronousDispatcher] PathInfo: 
members
11:44:16,109 DEBUG [org.jboss.resteasy.cdi.CdiConstructorInjector] Beans found 
for class com.sak.home.service.rest.MemberRESTService : [Managed Bean [class 
com.sak.home.service.rest.MemberRESTService] with qualifiers [...@any @Default 
@Exact]]
11:44:16,109 DEBUG 
[org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver]
 Resolving reference for [EJB Reference: beanInterface 
'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] in 
org.jboss.metadata.ejb.jboss.jbossmetad...@1f
11:44:16,109 DEBUG 
[org.jboss.ejb3.ejbref.resolver.ejb30.impl.EJB30MetaDataBasedEjbReferenceResolver]
 Found match in EJB SLSBProcessBean for [EJB Reference: beanInterface 
'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null']
11:44:16,109 DEBUG 
[org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver]
 Found specified beanInterface that is not a direct beanInterface of EJB 
SLSBProcessBean: com.sak.home.process.SLSBProcessBean
11:44:16,109 DEBUG 
[org.jboss.metadata.ejb.jboss.jndi.resolver.impl.JNDIPolicyBasedSessionBeanJNDINameResolver]
 Resolved JNDI Name for Interface com.sak.home.process.SLSBProcessBean of type 
NO_INTERFACE is SLSBProcessBean/no-interface
11:44:16,109 DEBUG 
[org.jboss.ejb3.ejbref.resolver.ejb31.impl.EJB31MetaDataBasedEjbReferenceResolver]
 Resolved JNDI Name for [EJB Reference: beanInterface 
'com.sak.home.process.SLSBProcessBean', beanName '', mappedName 'null'] of EJB 
SLSBProcessBean: SLSBProcessBean/no-interface
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/575244#575244]

Start a new discussion in EJB3 at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]


_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user