geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Trygve Hardersen <try...@jotta.no>
Subject security problem
Date Fri, 13 Mar 2009 12:59:21 GMT
Hi

I'm developing an application using Geronimo 2.2-SNAPSHOT. The whole system
is rather complex but I'll try to explain only what's needed in this
context.

I have a stateless session bean called SSB, with a method called getX:

SSB#getX(java.lang.String)

Our security model has 5 roles; admin, anonymous, customer, partner and
system. Users can only be in one role. SSB is accessible for all roles, but
the getX does not allow anonymous access. So I have these annotations:

@DeclareRoles({
    Constants.ROLE_ADMIN,
    Constants.ROLE_ANONYMOUS,
    Constants.ROLE_CUSTOMER,
    Constants.ROLE_PARTNER,
    Constants.ROLE_SYSTEM})
public class SSB ....

@RolesAllowed({
    Constants.ROLE_ADMIN,
    Constants.ROLE_CUSTOMER,
    Constants.ROLE_PARTNER,
    Constants.ROLE_SYSTEM})
public X getX(String y)

In my testsuite I have a simple testcase to verify that access by users in
the anonymous role (unauthenticated web users) is not permitted for the getX
method:

SSB anonymous_service = LOG_IN_AS_ANONYMOUS_USER....
X obj = null;
EJBAccessException eae = null;
try{
        obj = anonymous_service.getX("test");
}catch (EJBAccessException e) {
          eae = e;
}
Assert.assertNull(obj);
Assert.assertNotNull(eae);
Assert.assertEquals(eae.getMessage(), "Unauthorized Access by Principal
Denied");

I've not had any problems with this test for months. However yesterday I
decided to change the method signature of getX to support an optional list
of int flags than control the object initialization (which related records
to get from the DB):

public X getX(String y, int... flags)

After this the test shown above fails. I get an object back and no
exception. The security system still works; I can check the user manually
using the SessionContext resource. But the container authorization does not
trigger.

This seems like a bug in the Geronimo security system to me. I'm guessing
that the method is not recognized when using the vararg (int...) signature.

Any idea what to do about this? Currently I work around the issue by
manually checking the role name using
javax.ejb.EJBContext#isCallerInRole(java.lang.String).

Thanks for your help!

Trygve

Mime
View raw message