On Jul 24, 2009, at 7:24 AM, Juergen Weber wrote:
Hi,
I wanted to test the call chain like this:
Java Client -> as tomcat -> UnSecured3Bean -> as apache ->
Secured3Bean
i.e. the first bean should call the second one with another user
that the
first bean is running under:
SimpleCallbackHandler handler = new SimpleCallbackHandler(
user, password.toCharArray());
LoginContext lc = new LoginContext("geronimo-admin",
handler);
lc.login();
Subject subject = lc.getSubject();
System.out.println("lc.getSubject: " + subject);
Callers oldCallers =
ContextManager.pushNextCaller(subject);
try
{
s1 = secured3Bean.secureMethod(input);
}
finally
{
ContextManager.popCallers(oldCallers);
}
But this results in NPE in
java.lang.NullPointerException
at
org
.apache
.geronimo
.security.ContextManager.getCurrentContext(ContextManager.java:201)
at
org
.apache
.geronimo
.openejb
.GeronimoSecurityService
.isCallerAuthorized(GeronimoSecurityService.java:102)
,which is the second line of
assert context != null : "No registered context";
return context.getContext();
so it should never be null.
Is that a bug or is s.th. wrong with my code? I append the sample
project.
Geronimo uses the AccessControlContext for the Subject to evaluate
security decisions. So, you need to get Geronimo to compute and store
this ACC for you.
You can do this by calling ContextManager login(String realm,
CallbackHandler callbackHandler, Configuration configuration) or
login(String realm, CallbackHandler callbackHandler) instead of
creating your own LoginContext, or by calling
ContextManager.registerSubject(Subject subject) after logging in.
After you've registered the Subject, setting the callers will result
in the lookup for the ACC succeeding instead of giving you an NPE.
At the moment I don't recall why we pass Subjects around rather than
identity objects that have both the Subject and the ACC in them.
thanks
david jencks
Thanks,
Juergen
http://www.nabble.com/file/p24645453/SecuredEJBGeronimo.zip
SecuredEJBGeronimo.zip
unsecureMethod called
callerPrincipal: tomcat
is caller in role Member_admin: false
lc.getSubject: Subject:
Principal: users
Principal: tomcatgroup
Principal: apache
java.lang.NullPointerException
at
org
.apache
.geronimo
.security.ContextManager.getCurrentContext(ContextManager.java:201)
at
org
.apache
.geronimo
.openejb
.GeronimoSecurityService
.isCallerAuthorized(GeronimoSecurityService.java:102)
at
org
.apache
.openejb
.core.stateless.StatelessContainer.invoke(StatelessContainer.java:151)
at
org
.apache
.openejb
.core
.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:
217)
at
org
.apache
.openejb
.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
at
org
.apache
.openejb
.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:281)
at $Proxy73.secureMethod(Unknown Source)
at ejb3.UnSecured3Bean.unsecureMethod(UnSecured3Bean.java:57)
--
View this message in context:
http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24645453.html
Sent from the Apache Geronimo - Users mailing list archive at
Nabble.com.
