[JBoss-user] [Security & JAAS/JBoss] - AuthenticationCacheTimeout effecting one session bean but no

Thu, 12 May 2005 11:20:14 -0700 

JBoss 3.2.3 in production.  I have two session beans using the same 
SecurityDomain and AuthenticationCache.  After logging in under srp I allow the 
timeout period to expire.  The MapperBean is always called with a remote call 
and the calls to the FGMapperBean are always called from the MapperBean locally 
i.e. from the same container.  I then make a call to the first bean 
(MapperBean) and no security exception is thrown, however, the first call to 
the second bean (FGMapperBean) does throw a security exception.  Why doesn't 
the MapperBean throw the first exception?

The jboss.xml for each bean is as follows:
MapperBean
<?xml version="1.0" encoding="utf-8"?>
  | <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.0//EN" 
"http://www.jboss.org/j2ee/dtd/jboss_3_0.dtd";>
  | <jboss>
  |    
<security-domain>java:/jaas/MSSQLServer2000MetaDataSecurityRealm</security-domain>
  |    <unauthenticated-principal>Anonymous</unauthenticated-principal>
  |    <enterprise-beans>
  |       <session>
  |          <ejb-name>MapperEJB</ejb-name>
  |          <jndi-name>IMapperHomeRemote</jndi-name>
  |          <ejb-local-ref>
  |             <ejb-ref-name>ejb/IVocabularyMgrHomeLocal</ejb-ref-name>
  |             <jndi-name>IVocabularyMgrHomeLocal</jndi-name>
  |          </ejb-local-ref>
  |          <ejb-local-ref>
  |             <ejb-ref-name>ejb/IVocabularyTranslationHomeLocal</ejb-ref-name>
  |             <jndi-name>IVocabularyTranslationHomeLocal</jndi-name>
  |          </ejb-local-ref>
  |          <ejb-ref>
  |             
<ejb-ref-name>MSSQLServer2000MetaDataActivityGroupFgMapper</ejb-ref-name>
  |             
<jndi-name>MSSQLServer2000MetaDataActivityGroupFgMapperRemote</jndi-name>
  |          </ejb-ref>
  | 

FGMapperBean
<?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.0//EN" 
"http://www.jboss.org/j2ee/dtd/jboss_3_0.dtd";>
  | <jboss>
  |     
<security-domain>java:/jaas/MSSQLServer2000Sequencher_02DSecurityRealm</security-domain>
  |     <unauthenticated-principal>Anonymous</unauthenticated-principal>
  |     <enterprise-beans>
  |         <session>
  |             
<ejb-name>MSSQLServer2000Sequencher_02DAmbiguityFgMapper</ejb-name>
  |             
<jndi-name>MSSQLServer2000Sequencher_02DAmbiguityFgMapper</jndi-name>
  |             
<local-jndi-name>MSSQLServer2000Sequencher_02DAmbiguityFgMapperLocal</local-jndi-name>
  |             <ejb-local-ref>
  |                 
<ejb-ref-name>ejb/MSSQLServer2000Sequencher_02D_AmbiguityDataInfo</ejb-ref-name>
  |                 
<jndi-name>MSSQLServer2000Sequencher_02D_AmbiguityDataInfo</jndi-name>
  |             </ejb-local-ref>
  |     
  |             <ejb-local-ref>
  |                 
<ejb-ref-name>ejb/MSSQLServer2000Sequencher_02D_BlobData</ejb-ref-name>
  |                 
<jndi-name>MSSQLServer2000Sequencher_02D_BlobData</jndi-name>
  |             </ejb-local-ref>
  |     
  |         </session>
  | 

The ejb-jar.xml for each bean is:
MapperBean

  | <?xml version="1.0" encoding="utf-8"?>
  | 
  | <!DOCTYPE ejb-jar
  |   PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" 
"http://java.sun.com/dtd/ejb-jar_2_0.dtd";>
  | <ejb-jar>
  |    <enterprise-beans>
  |       <session>
  |          <ejb-name>MapperEJB</ejb-name>
  |          <home>com.genecodes.mapperremote.IMapperHomeRemote</home>
  |          <remote>com.genecodes.mapperremote.IMapperRemote</remote>
  |          <ejb-class>mapper.MapperBean</ejb-class>
  |          <session-type>Stateless</session-type>
  |          <transaction-type>Container</transaction-type>
  |          <ejb-local-ref>
  |             <ejb-ref-name>ejb/IVocabularyMgrHomeLocal</ejb-ref-name>
  |             <ejb-ref-type>Session</ejb-ref-type>
  |             <local-home>vocabulary.IVocabularyMgrHomeLocal</local-home>
  |             <local>vocabulary.IVocabularyMgrLocal</local>
  |             <ejb-link>VocabularyMgrEJB</ejb-link>
  |          </ejb-local-ref>
  |          <ejb-local-ref>
  |             <ejb-ref-name>ejb/IVocabularyTranslationHomeLocal</ejb-ref-name>
  |             <ejb-ref-type>Session</ejb-ref-type>
  |             
<local-home>translation.IVocabularyTranslationHomeLocal</local-home>
  |             <local>translation.IVocabularyTranslationLocal</local>
  |             <ejb-link>TranslationEJB</ejb-link>
  |          </ejb-local-ref>
  |          <ejb-ref>
  |             <description/>
  |             
<ejb-ref-name>MSSQLServer2000MetaDataActivityGroupFgMapper</ejb-ref-name>
  |             <ejb-ref-type>Session</ejb-ref-type>
  |             <home>com.genecodes.mapper.IFineGrainedMapperRemoteHome</home>
  |             <remote>com.genecodes.mapper.IFineGrainedMapperRemote</remote>
  |             
<local-home>com.genecodes.mapper.IFineGrainedMapperHome</local-home>
  |             <local>com.genecodes.mapper.IFineGrainedMapper</local>
  |          </ejb-ref>
  | .......
  |    <assembly-descriptor>
  |       <method-permission>
  |          <unchecked/>
  |          <method>
  |             <ejb-name>MapperEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |          <method>
  |             <ejb-name>VocabularyMgrEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |          <method>
  |             <ejb-name>TranslationEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |       </method-permission>
  |       <container-transaction>
  |          <method>
  |             <ejb-name>MapperEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |          <method>
  |             <ejb-name>VocabularyMgrEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |          <method>
  |             <ejb-name>TranslationEJB</ejb-name>
  |             <method-name>*</method-name>
  |          </method>
  |          <trans-attribute>Required</trans-attribute>
  |       </container-transaction>
  |    </assembly-descriptor>
  | 

FGMapperBean

  | <?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise 
JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd";>
  | <ejb-jar>
  |      <enterprise-beans>
  |         <session>
  |             <display-name>AmbiguityFgMapper</display-name>
  |             
<ejb-name>MSSQLServer2000Sequencher_02DAmbiguityFgMapper</ejb-name>
  |             <home>com.genecodes.mapper.IFineGrainedMapperRemoteHome</home>
  |             <remote>com.genecodes.mapper.IFineGrainedMapperRemote</remote>
  |             
<local-home>com.genecodes.mapper.IFineGrainedMapperHome</local-home>
  |             <local>com.genecodes.mapper.IFineGrainedMapper</local>
  |             
<ejb-class>com.genecodes.mssqlserver2000sequencher_02d.mapper.sequencher.fgmap.AmbiguityFgMapperBean</ejb-class>
  |             <session-type>Stateless</session-type>
  |             <transaction-type>Container</transaction-type>
  |     
  |             <ejb-local-ref>
  |                 <description>AmbiguityDataInfo entity bean 
reference</description>
  |                 
<ejb-ref-name>ejb/MSSQLServer2000Sequencher_02D_AmbiguityDataInfo</ejb-ref-name>
  |                 <ejb-ref-type>Entity</ejb-ref-type>
  |                 
<local-home>com.genecodes.mssqlserver2000sequencher_02d.ambiguitydatainfo.AmbiguityDataInfoHome</local-home>
  |                 
<local>com.genecodes.mssqlserver2000sequencher_02d.ambiguitydatainfo.AmbiguityDataInfo</local>
  |                 
<ejb-link>MSSQLServer2000Sequencher_02D_AmbiguityDataInfo</ejb-link>
  |             </ejb-local-ref>
  |     
  |             <ejb-local-ref>
  |                 <description>BlobData entity bean reference</description>
  |                 
<ejb-ref-name>ejb/MSSQLServer2000Sequencher_02D_BlobData</ejb-ref-name>
  |                 <ejb-ref-type>Entity</ejb-ref-type>
  |                 
<local-home>com.genecodes.mssqlserver2000sequencher_02d.blobdata.BlobDataHome</local-home>
  |                 
<local>com.genecodes.mssqlserver2000sequencher_02d.blobdata.BlobData</local>
  |                 <ejb-link>MSSQLServer2000Sequencher_02D_BlobData</ejb-link>
  |             </ejb-local-ref>
  | .......
  |     <assembly-descriptor>
  |             <method-permission>
  |                     <description>Administrator and User roles have access 
to the following beans</description>
  |                     <unchecked/>
  |                     <method>
  |                             
<ejb-name>MSSQLServer2000Sequencher_02D_ABIAnalysisParameters</ejb-name>
  |                             <method-name>*</method-name>
  |                     </method>
  |                     <method>
  |                             
<ejb-name>MSSQLServer2000Sequencher_02D_ABIClone</ejb-name>
  |                             <method-name>*</method-name>
  |                     </method>
  |                     <method>
  |                             
<ejb-name>MSSQLServer2000Sequencher_02D_ABIColorData</ejb-name>
  |                             <method-name>*</method-name>
  |                     </method>
  |                     <method>
  |                             
<ejb-name>MSSQLServer2000Sequencher_02D_ABIComb</ejb-name>
  |                             <method-name>*</method-name>
  |                     </method>
  | 

SecurityDomain configuration in Login-config.xml

  |     <application-policy name = "MSSQLServer2000MetaDataSecurityRealm">
  |        <authentication>
  |           <login-module code = 
"com.synapps.jmx.jaas.srp.SynappsSRPCacheLoginModule" flag = "required">
  |              <module-option name = 
"cacheJndiName">srp/AuthenticationCache</module-option>
  |           </login-module>
  |           <login-module code = 
"com.synapps.jmx.jaas.srp.DatabaseRoleLoginModule" flag = "required">
  |              <module-option name = 
"dsJndiName">java:/MSSQLServer2000MetaData</module-option>
  |              <module-option name = "rolesQuery">SELECT Role, 'Roles' FROM 
USER_ROLE WHERE UserID=?</module-option>
  |              <module-option name= "activityLogging">INSERT INTO ActivityLog 
VALUES(?,?,?,?,?,?,?,?,?,?)</module-option>
  |               <module-option name = 
"password-stacking">useFirstPass</module-option>
  |           </login-module> 
  |        </authentication>
  |     </application-policy>
  | 


View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3877522#3877522

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3877522


-------------------------------------------------------
This SF.Net email is sponsored by Oracle Space Sweepstakes
Want to be the first software developer in space?
Enter now for the Oracle Space Sweepstakes!
http://ads.osdn.com/?ad_id=7393&alloc_id=16281&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to