Krister Wicksell [http://community.jboss.org/people/kriwic] created the discussion
"Re: Can't get SessionContext.isCallerInRole(...) to work from remote call." To view the discussion, visit: http://community.jboss.org/message/603396#603396 -------------------------------------------------------------- Since I did not get any reply on this post I thought I explain a little better. I would like to get some feedback before I report this as a bug because I don't know if I have missed something. When I access a stateless bean from outside of JBoss via its remote interface from a Java client SessionContext.isCallerInRole(...) always return false. How ever when I access the same bean from a JSP running in the same JBoss SessionContext.isCallerInRole(...) works correctly. This behavior is in JBoss 5 & 6. In JBoss 4 it works OK for both cases. In my small test case I have a stateless bean interface named Test. It have only one method checkRole(). This method should return true if the caller have the role administrator. @Remote public interface Test { public boolean checkRole(); } The implementation of the role is as follows below. It uses the security domain zert and the only method return the result of SessionContext.isCallerInRole("administrator"). @Stateless @Remote({Test.class}) @SecurityDomain("zert") @DeclareRoles({"administrator", "producer", "consumer"}) public class TestBean implements Test { @Resource private SessionContext context; @Override public boolean checkRole() { return context.isCallerInRole("administrator"); } } The security domain zert has only one user called admin. The admin user is in the roles, administrator, producer and consumer. This can be seen in the listing below. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE server PUBLIC -//JBoss//DTD MBean Service 4.0//EN http://www.jboss.org/j2ee/dtd/jboss-service_4_0.dtd> <server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig"> <attribute name="PolicyConfig" serialDataType="jbxb"> <jaas:policy xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd" xmlns:jaas="urn:jboss:security-config:4.1" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";> <jaas:application-policy name="zert"> <jaas:authentication> <jaas:login-module code="org.jboss.security.auth.spi.XMLLoginModule" flag="required"> <jaas:module-option name="userInfo"> <ur:users xsi:schemaLocation="urn:jboss:user-roles:1.0 resource:user-roles_1_0.xsd" xmlns:ur="urn:jboss:user-roles:1.0"> <ur:user name="admin" password="test"> <ur:role name="administrator"></ur:role> <ur:role name="producer"></ur:role> <ur:role name="consumer"></ur:role> </ur:user> </ur:users> </jaas:module-option> <jaas:module-option name="unauthenticatedIdentity">guest</jaas:module-option> </jaas:login-module> </jaas:authentication> </jaas:application-policy> </jaas:policy> </attribute> <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends> <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends> </mbean> </server> When the Test bean is accessed via the remote interface using the following test client, then SessionContext.isCallerInRole(...) always return false. For me this looks like a bug! public class TestClient { public static void main(String[] argv) { try { System.setProperty("java.security.auth.login.config", "auth.conf"); ConnectionHandler connectionHandler = new ConnectionHandler("admin", "test"); LoginContext loginContext = new LoginContext("zert", connectionHandler); loginContext.login(); System.out.println(runTest()); loginContext.logout(); } catch (Exception e) { e.printStackTrace(); } } public static String runTest() throws Exception { Hashtable<String, String> env = new Hashtable<String, String>(); env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.naming.NamingContextFactory"); env.put(Context.PROVIDER_URL, "localhost"); InitialContext context = new InitialContext(env); Test test = (Test)context.lookup("zert/TestBean/remote"); return "Is administrator: " + test.checkRole(); } ... } How ever when I access the same bean the following JSP the method workd correctly and returns true. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.1//EN http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd> <%@page contentType="text/html; charset=UTF-8" %> <%@page import="se.zert.test.*"%> <html xmlns="http://www.w3.org/1999/xhtml";> <head> <title>Test</title> </head> <body> <%=TestClient.runTest()%> </body> </html> Does anyone have a good answer to why the bean reacts different when accessed from outside of JBoss than inside of JBoss? Thanks in advance! /Krister -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/603396#603396] Start a new discussion in EJB3 at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2029]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
