Hmmm, @Service seems still quite bogus wrt. Permissions.
1) The problem above described in the first posting is still not resolved.
2) When calling a method of the bean from a servlet (which needs no
authentication)
one gets an authentication exception even if the whole bean is annotated
with
@RunAs("staff"):
BEAN:
|
| @Service
| @SecurityDomain("shared")
| @RunAs("staff")
| public class UpdateService
| implements UpdateServiceM
| {
| ...
| public String getUpdateList(final String site) { ... }
| ...
| }
|
| SERVLET:
| public class UpdatesServlet extends HttpServlet {
| ...
| private String getList(String site) throws Exception {
| InitialContext ctx = new InitialContext();
| UpdateServiceM svc = (UpdateServiceM)
| ctx.lookup(Version.getAppnameName() +
"/UpdateService/local");
| return svc.getUpdateList(site);
| }
| protected void doGet(HttpServletRequest req, HttpServletResponse resp)
| throws IOException
| {
| String s = req.getParameter("site");
| ...
| s = getList(site);
| ...
| }
| ...
| }
|
| EXCEPTION:
| 2006-06-23 14:38:02,520 DEBUG
[http-192.168.21.1-8080-2:web.UpdatesServlet:83] - doGet
| javax.ejb.EJBAccessException: Authentication failure
| at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
| at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
| at
org.jboss.ejb3.service.ServiceLocalProxy.invoke(ServiceLocalProxy.java:75)
| at $Proxy275.getUpdateList(Unknown Source)
| at web.UpdatesServlet.getList(UpdatesServlet.java:54)
| at web.UpdatesServlet.doGet(UpdatesServlet.java:79)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
| ...
So should I file a bug (currently I've the feeling, that nobody cares about
it)? :(
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3953016#3953016
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3953016
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
