I failed to add that I can't specify credentials for this runas, because this is the bean that is supposed to initialize those credentials, so if it's the first time it loads, it will fail to log in, which means it will never work.
I need some way to run-as "Admin" without having to specify credentials. It's not a security leak, as this bean ONLY has an @PostConstruct method, so no methods are exposed which can be exploited, so magic execution as "Admin" is acceptable. Quintin Beukes On Mon, Oct 19, 2009 at 12:15 PM, Quintin Beukes <[email protected]> wrote: > Hey, > > I have the following in my deploy plan: > <sec:security> > <sec:role-mappings> > <sec:role role-name="Admin"> > <sec:principal > class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" > name="Admin"/> > </sec:role> > </sec:role-mappings> > </sec:security> > > When I add @RunAs("Admin") to a bean, I get the following: > 2009-10-19 12:11:30,857 INFO [startup] Assembling app: > /opt/kms/server/geronimo-2.2-20091019/var/temp/geronimo-deployer49287.tmpdir/KMSPlatform-ejb.jar > 2009-10-19 12:11:30,891 INFO [startup] Jndi(name=SiteBeanLocal) --> > Ejb(deployment-id=KMSPlatform-ejb/SiteBean) > 2009-10-19 12:11:30,891 INFO [startup] Jndi(name=SiteBeanRemote) --> > Ejb(deployment-id=KMSPlatform-ejb/SiteBean) > 2009-10-19 12:11:30,892 INFO [startup] > Jndi(name=InitializeDataBeanLocal) --> > Ejb(deployment-id=KMSPlatform-ejb/InitializeDataBean) > 2009-10-19 12:11:30,892 INFO [startup] > Jndi(name=KMSPlatformEjbStartupBeanLocal) --> > Ejb(deployment-id=KMSPlatform-ejb/KMSPlatformEjbStartupBean) > 2009-10-19 12:11:30,892 INFO [startup] > Jndi(name=SpringContextBeanLocal) --> > Ejb(deployment-id=KMSPlatform-ejb/SpringContextBean) > 2009-10-19 12:11:30,892 INFO [startup] Created > Ejb(deployment-id=KMSPlatform-ejb/KMSPlatformEjbStartupBean, > ejb-name=KMSPlatformEjbStartupBean, > container=DefaultStatelessContainer) > 2009-10-19 12:11:30,892 INFO [startup] Created > Ejb(deployment-id=KMSPlatform-ejb/SpringContextBean, > ejb-name=SpringContextBean, container=DefaultStatelessContainer) > 2009-10-19 12:11:30,892 INFO [startup] Created > Ejb(deployment-id=KMSPlatform-ejb/SiteBean, ejb-name=SiteBean, > container=DefaultStatelessContainer) > 2009-10-19 12:11:30,892 INFO [startup] Created > Ejb(deployment-id=KMSPlatform-ejb/InitializeDataBean, > ejb-name=InitializeDataBean, container=DefaultStatelessContainer) > 2009-10-19 12:11:30,892 INFO [startup] Deployed > Application(path=/opt/kms/server/geronimo-2.2-20091019/var/temp/geronimo-deployer49287.tmpdir/KMSPlatform-ejb.jar) > 2009-10-19 12:11:30,894 ERROR [GBeanInstanceState] Error while > starting; GBean is now in the FAILED state: > abstractName="net.kunye/KMSPlatform-ejb/1.0/jar?EJBModule=net.kunye/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=KMSPlatformEjbStartupBean" > java.lang.IllegalStateException: no run-as identity configured for role: Admin > at > org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager.getSubjectForRole(ApplicationPrincipalRoleConfigurationManager.java:109) > at > org.apache.geronimo.openejb.EjbDeployment.<init>(EjbDeployment.java:109) > at > org.apache.geronimo.openejb.EjbDeploymentGBean.<init>(EjbDeploymentGBean.java:56) > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native > Method) > at > sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) > at > sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) > at java.lang.reflect.Constructor.newInstance(Constructor.java:513) > at > org.apache.xbean.recipe.ReflectionUtil$ConstructorFactory.create(ReflectionUtil.java:952) > at > org.apache.xbean.recipe.ObjectRecipe.internalCreate(ObjectRecipe.java:276) > at > org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:96) > at > org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:61) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:911) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:269) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:525) > at > org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110) > at > org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145) > at > org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119) > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175) > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44) > at > org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103) > at > org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:539) > at > org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377) > at > org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456) > at > org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190) > at > org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546) > at > org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527) > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34) > at > org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:851) > at > org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:237) > at org.apache.geronimo.kernel.KernelGBean.invoke(KernelGBean.java:342) > at sun.reflect.GeneratedMethodAccessor105.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at > org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34) > at > org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130) > at > org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:851) > at > org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:237) > at > org.apache.geronimo.system.jmx.MBeanGBeanBridge.invoke(MBeanGBeanBridge.java:172) > at > com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836) > at > com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761) > at > javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426) > at > javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72) > at > javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366) > at > javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788) > at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305) > at sun.rmi.transport.Transport$1.run(Transport.java:159) > at java.security.AccessController.doPrivileged(Native Method) > at sun.rmi.transport.Transport.serviceCall(Transport.java:155) > at > sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535) > at > sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790) > at > sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649) > at > java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885) > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907) > at java.lang.Thread.run(Thread.java:619) > 2009-10-19 12:11:30,894 INFO [SessionFactoryImpl] closing > > Can someone please advise. > > Quintin Beukes >
