1 Reply Latest reply on Dec 26, 2006 10:11 AM by 843830

    isCallerInRole problem

    843830
      isCallerInRole causes an exception when invoked using a application client using ACC.

      the Session bean code is as folows:
      package bts.session;
      import javax.annotation.*;
      import javax.ejb.*;
      import javax.persistence.*;
      @Stateless
      @DeclareRoles({"user","admin"})
      @RolesAllowed({"admin","user"})
      public class UserFacade implements UserFacadeRemote {

      @PersistenceContext(unitName="BtsPU")
      private EntityManager em;

      @Resource SessionContext sessionContext;

      public UserFacade() {
      }

      @RolesAllowed("user")
      public boolean canCreateUsers() {
      return sessionContext.isCallerInRole("admin");
      }
      }


      The exception trace is :
      JACC Policy Provider: PolicyWrapper.implies, context(bts/bts-ejb_jar)- permission((javax.security.jacc.EJBMethodPermission UserFacade canCreateUsers,Remote,)) domain that failed(ProtectionDomain (file:/bts/bts-ejb_jar <no signer certificates>)
      null
      <no principals>
      java.security.Permissions@9e9a07 (
      (javax.management.MBeanTrustPermission register)
      (java.util.PropertyPermission java.version read)
      (java.util.PropertyPermission java.vm.name read)
      (java.util.PropertyPermission java.vm.vendor read)
      (java.util.PropertyPermission os.name read)
      (java.util.PropertyPermission java.vendor.url read)
      (java.util.PropertyPermission java.vm.specification.vendor read)
      (java.util.PropertyPermission java.specification.vendor read)
      (java.util.PropertyPermission os.version read)
      (java.util.PropertyPermission java.specification.name read)
      (java.util.PropertyPermission java.class.version read)
      (java.util.PropertyPermission file.separator read)
      (java.util.PropertyPermission java.vm.version read)
      (java.util.PropertyPermission os.arch read)
      (java.util.PropertyPermission java.vm.specification.name read)
      (java.util.PropertyPermission java.vm.specification.version read)
      (java.util.PropertyPermission java.specification.version read)
      (java.util.PropertyPermission java.vendor read)
      (java.util.PropertyPermission * read)
      (java.util.PropertyPermission path.separator read)
      (java.util.PropertyPermission line.separator read)
      (javax.management.MBeanPermission [com.sun.messaging.jms.*:*] *)
      (java.lang.RuntimePermission loadLibrary.*)
      (java.lang.RuntimePermission modifyThreadGroup)
      (java.lang.RuntimePermission accessDeclaredMembers)
      (java.lang.RuntimePermission queuePrintJob)
      (java.lang.RuntimePermission stopThread)
      (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
      (java.io.FilePermission C:\DOCUME~1\ssawe.ARD\LOCALS~1\Temp\\- delete)
      (java.io.FilePermission C:/Sun/SDK/domains/domain1\lib\databases\- delete)
      (java.io.FilePermission <<ALL FILES>> read,write)
      (java.net.SocketPermission localhost:1024- listen,resolve)
      (java.net.SocketPermission * connect,resolve)
      (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
      )
      )
      EJB5018: An exception was thrown during an ejb invocation on [UserFacade]
      javax.ejb.AccessLocalException: Client not authorized for this invocation.
      at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1143)
      at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:189)
      at com.sun.ejb.containers.EJBObjectInvocationHandlerDelegate.invoke(EJBObjectInvocationHandlerDelegate.java:110)
      at $Proxy51.canCreateUsers(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:585)
      at com.sun.corba.ee.impl.presentation.rmi.ReflectiveTie._invoke(ReflectiveTie.java:121)
      at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatchToServant(CorbaServerRequestDispatcherImpl.java:650)
      at com.sun.corba.ee.impl.protocol.CorbaServerRequestDispatcherImpl.dispatch(CorbaServerRequestDispatcherImpl.java:193)
      at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequestRequest(CorbaMessageMediatorImpl.java:1705)
      at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:1565)
      at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleInput(CorbaMessageMediatorImpl.java:947)
      at com.sun.corba.ee.impl.protocol.giopmsgheaders.RequestMessage_1_2.callback(RequestMessage_1_2.java:178)
      at com.sun.corba.ee.impl.protocol.CorbaMessageMediatorImpl.handleRequest(CorbaMessageMediatorImpl.java:717)
      at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.dispatch(SocketOrChannelConnectionImpl.java:473)
      at com.sun.corba.ee.impl.transport.SocketOrChannelConnectionImpl.doWork(SocketOrChannelConnectionImpl.java:1270)
      at com.sun.corba.ee.impl.orbutil.threadpool.ThreadPoolImpl$WorkerThread.run(ThreadPoolImpl.java:479)



      Please help this is driving me crazy.
        • 1. Re: isCallerInRole problem
          843830
          Changing the line
          @DeclareRoles({"user","admin"})

          TO

          @DeclareRoles("admin")

          Gets it working.

          Here is the final code
          package bts.session;

          import bts.entity.User;
          import java.util.List;
          import javax.annotation.Resource;
          import javax.annotation.security.DeclareRoles;
          import javax.annotation.security.PermitAll;
          import javax.annotation.security.RolesAllowed;
          import javax.ejb.SessionContext;
          import javax.ejb.Stateless;
          import javax.persistence.EntityManager;
          import javax.persistence.PersistenceContext;

          @Stateless
          @DeclareRoles("admin")
          @RolesAllowed("user")
          public class UserFacade implements UserFacadeRemote {

          @PersistenceContext(unitName="BtsPU")
          private EntityManager em;

          @Resource SessionContext sessionContext;

          /** Creates a new instance of UserFacade */

          public UserFacade() {
          }

          @RolesAllowed("admin")
          public User create(User user) {
          em.persist(user);
          return user;
          }

          @RolesAllowed("admin")
          public User edit(User user) {
          return em.merge(user);
          }

          @RolesAllowed("admin")
          public void destroy(User user) {
          user = em.merge(user);
          em.remove(user);
          }

          public User find(Object pk) {
          return (User) em.find(User.class, pk);
          }

          public List findAll() {
          return em.createQuery("select object(o) from User as o").getResultList();
          }

          public boolean canCreateUsers() {
          //String str = sessionContext.getCallerPrincipal().toString();
          //return true;
          return sessionContext.isCallerInRole("admin");
          }

          public boolean canDeleteUsers() {
          return sessionContext.isCallerInRole("admin");
          }

          public boolean canEditUsers() {
          return sessionContext.isCallerInRole("admin");
          }
          }

          Message was edited by:
          angrybull