geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <david_jen...@yahoo.com>
Subject Re: EJB & Web App losing Subject
Date Wed, 15 Jul 2009 17:39:09 GMT

On Jul 15, 2009, at 10:23 AM, Kory Markevich wrote:

>
>
> djencks wrote:
>>
>> OK, this is weird, I've never seen a bug in this area.  What kind of
>> authentication does the web app use?  Can you show the entire stack
>> trace to the ejb security exception?
>>
>
> If that's the case then my gut is that the bug is somewhere in the  
> web app,
> but as I didn't write it and have never seen this kind of error  
> before I'm
> at a bit of a loss on where to look.  Time to get creative I guess.
>
> We are using Spring's authentication framework with a custom  
> authenticator.

Spring security may secure spring apps but it wont relate to container  
managed authorization unless you do something to hook it up.  You need  
some code that looks vaguely like this:

Subject subject = getSpringAuthenticatedSubject();
ContextManager.registerSubject(subject); //if the subject is cached in  
a session this should only happen once when the subject is first  
authenticated/constructed.

//the following should happen on every request
ContextManager.setCallers(subject, subject);
try {
//process request
} finally {
   ContextManager.clearCallers();
}

WIthout code like this the mystery is why any ejb calls succeed -- it  
sort of points to a bug where an authenticated subject is left  
associated with a thread.

I suspect someone has already solved this problem of hooking spring  
security up to geronimo security -- we should come up with a bit of  
code that does it and documentation.

thanks
david jencks


> The exception stack itself is bog-standard so I doubt it will reveal
> anything, but here it is:
>
> javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied
> 	at
> org 
> .apache 
> .openejb 
> .core.stateless.StatelessContainer.invoke(StatelessContainer.java:144)
> 	at
> org 
> .apache 
> .openejb 
> .core 
> .ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java: 
> 217)
> 	at
> org 
> .apache 
> .openejb 
> .core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
> 	at
> org 
> .apache 
> .openejb 
> .core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:245)
> 	at
> org 
> .apache 
> .openejb 
> .util 
> .proxy.Jdk13InvocationHandler.invoke(Jdk13InvocationHandler.java:49)
> 	at $Proxy39.getMyFavorites(Unknown Source)
> 	at ourcode.SomeStatelessBean.getMyFavorites(SomeStatelessBean.java: 
> 58)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at
> sun 
> .reflect 
> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at
> sun 
> .reflect 
> .DelegatingMethodAccessorImpl 
> .invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at
> org.apache.openejb.core.interceptor.ReflectionInvocationContext 
> $Invocation.invoke(ReflectionInvocationContext.java:158)
> 	at
> org 
> .apache 
> .openejb 
> .core 
> .interceptor 
> .ReflectionInvocationContext 
> .proceed(ReflectionInvocationContext.java:141)
> 	at
> org 
> .apache 
> .openejb 
> .core.interceptor.InterceptorStack.invoke(InterceptorStack.java:67)
> 	at
> org 
> .apache 
> .openejb 
> .core.stateless.StatelessContainer._invoke(StatelessContainer.java: 
> 210)
> 	at
> org 
> .apache 
> .openejb 
> .core.stateless.StatelessContainer._invoke(StatelessContainer.java: 
> 188)
> 	at
> org 
> .apache 
> .openejb 
> .core.stateless.StatelessContainer.invoke(StatelessContainer.java:165)
> 	at
> org 
> .apache 
> .openejb 
> .core 
> .ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java: 
> 217)
> 	at
> org 
> .apache 
> .openejb 
> .core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
> 	at
> org 
> .apache 
> .openejb 
> .core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:321)
> 	at
> org 
> .apache 
> .openejb 
> .util 
> .proxy.Jdk13InvocationHandler.invoke(Jdk13InvocationHandler.java:49)
> 	at $Proxy35.getMyFavorites(Unknown Source)
> 	at
> ourcode 
> .dao.impl.MyFavoritesDaoImpl.getFavoriteList(MyFavoritesDaoImpl.java: 
> 42)
> 	at
> ourcode 
> .service 
> .impl 
> .MyFavoritesServiceImpl.getFavoriteList(MyFavoritesServiceImpl.java: 
> 30)
> 	at
> ourcode 
> .web 
> .controller 
> .MyFavoritesController.getFavoriteList(MyFavoritesController.java:32)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at
> sun 
> .reflect 
> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at
> sun 
> .reflect 
> .DelegatingMethodAccessorImpl 
> .invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at
> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.doInvokeMethod 
> (HandlerMethodInvoker.java:409)
> 	at
> org.springframework.web.bind.annotation.support.HandlerMethodInvoker.invokeHandlerMethod

> (HandlerMethodInvoker.java:132)
> 	at
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.invokeHandlerMethod

> (AnnotationMethodHandlerAdapter.java:310)
> 	at
> org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter.handle

> (AnnotationMethodHandlerAdapter.java:297)
> 	at
> org 
> .springframework 
> .web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:875)
> 	at
> org 
> .springframework 
> .web.servlet.DispatcherServlet.doService(DispatcherServlet.java:809)
> 	at
> org 
> .springframework 
> .web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java: 
> 571)
> 	at
> org 
> .springframework 
> .web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:501)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:693)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:806)
> 	at
> org 
> .apache 
> .catalina 
> .core 
> .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 
> 290)
> 	at
> org 
> .apache 
> .catalina 
> .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:378)
> 	at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.invoke 
> (FilterSecurityInterceptor.java:109)
> 	at
> org.springframework.security.intercept.web.FilterSecurityInterceptor.doFilter 
> (FilterSecurityInterceptor.java:83)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .ui 
> .SessionFixationProtectionFilter 
> .doFilterHttp(SessionFixationProtectionFilter.java:67)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .ui 
> .ExceptionTranslationFilter 
> .doFilterHttp(ExceptionTranslationFilter.java:101)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .wrapper 
> .SecurityContextHolderAwareRequestFilter 
> .doFilterHttp(SecurityContextHolderAwareRequestFilter.java:91)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .ui 
> .AbstractProcessingFilter.doFilterHttp(AbstractProcessingFilter.java: 
> 277)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security.ui.logout.LogoutFilter.doFilterHttp(LogoutFilter.java:89)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .context 
> .HttpSessionContextIntegrationFilter 
> .doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security 
> .securechannel 
> .ChannelProcessingFilter.doFilterHttp(ChannelProcessingFilter.java: 
> 116)
> 	at
> org 
> .springframework 
> .security.ui.SpringSecurityFilter.doFilter(SpringSecurityFilter.java: 
> 53)
> 	at
> org.springframework.security.util.FilterChainProxy 
> $VirtualFilterChain.doFilter(FilterChainProxy.java:390)
> 	at
> org 
> .springframework 
> .security.util.FilterChainProxy.doFilter(FilterChainProxy.java:175)
> 	at
> org 
> .springframework 
> .web 
> .filter 
> .DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:236)
> 	at
> org 
> .springframework 
> .web 
> .filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
> 	at
> org 
> .apache 
> .catalina 
> .core 
> .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 
> 235)
> 	at
> org 
> .apache 
> .catalina 
> .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at
> ourcode 
> .SetCharacterEncodingFilter.doFilter(SetCharacterEncodingFilter.java: 
> 35)
> 	at
> org 
> .apache 
> .catalina 
> .core 
> .ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java: 
> 235)
> 	at
> org 
> .apache 
> .catalina 
> .core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at
> org 
> .apache 
> .catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java: 
> 233)
> 	at
> org 
> .apache 
> .catalina.core.StandardContextValve.invoke(StandardContextValve.java: 
> 191)
> 	at
> org 
> .apache 
> .geronimo 
> .tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:56)
> 	at
> org.apache.geronimo.tomcat.GeronimoStandardContext 
> $SystemMethodValve.invoke(GeronimoStandardContext.java:406)
> 	at
> org 
> .apache 
> .geronimo 
> .tomcat 
> .valve.GeronimoBeforeAfterValve.invoke(GeronimoBeforeAfterValve.java: 
> 47)
> 	at
> org 
> .apache 
> .catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
> 	at
> org 
> .apache 
> .catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> 	at
> org 
> .apache 
> .catalina.core.StandardEngineValve.invoke(StandardEngineValve.java: 
> 109)
> 	at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java: 
> 568)
> 	at
> org 
> .apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java: 
> 286)
> 	at
> org 
> .apache.coyote.http11.Http11Processor.process(Http11Processor.java: 
> 845)
> 	at
> org.apache.coyote.http11.Http11Protocol 
> $Http11ConnectionHandler.process(Http11Protocol.java:583)
> 	at org.apache.tomcat.util.net.JIoEndpoint 
> $Worker.run(JIoEndpoint.java:447)
> 	at java.lang.Thread.run(Thread.java:619)
>
> -- 
> View this message in context: http://www.nabble.com/EJB---Web-App-losing-Subject-tp24485373s134p24502397.html
> Sent from the Apache Geronimo - Users mailing list archive at  
> Nabble.com.
>

Mime
View raw message