geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Quintin Beukes <quin...@last.za.net>
Subject Re: Geronimo 2.2 fails can't load beans with @RunAs("Role")
Date Mon, 19 Oct 2009 10:20:14 GMT
I failed to add that I can't specify credentials for this runas,
because this is the bean that is supposed to initialize those
credentials, so if it's the first time it loads, it will fail to log
in, which means it will never work.

I need some way to run-as "Admin" without having to specify
credentials. It's not a security leak, as this bean ONLY has an
@PostConstruct method, so no methods are exposed which can be
exploited, so magic execution as "Admin" is acceptable.

Quintin Beukes



On Mon, Oct 19, 2009 at 12:15 PM, Quintin Beukes <quintin@last.za.net> wrote:
> Hey,
>
> I have the following in my deploy plan:
>  <sec:security>
>    <sec:role-mappings>
>      <sec:role role-name="Admin">
>        <sec:principal
> class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
>                  name="Admin"/>
>      </sec:role>
>    </sec:role-mappings>
>  </sec:security>
>
> When I add @RunAs("Admin") to a bean, I get the following:
> 2009-10-19 12:11:30,857 INFO  [startup] Assembling app:
> /opt/kms/server/geronimo-2.2-20091019/var/temp/geronimo-deployer49287.tmpdir/KMSPlatform-ejb.jar
> 2009-10-19 12:11:30,891 INFO  [startup] Jndi(name=SiteBeanLocal) -->
> Ejb(deployment-id=KMSPlatform-ejb/SiteBean)
> 2009-10-19 12:11:30,891 INFO  [startup] Jndi(name=SiteBeanRemote) -->
> Ejb(deployment-id=KMSPlatform-ejb/SiteBean)
> 2009-10-19 12:11:30,892 INFO  [startup]
> Jndi(name=InitializeDataBeanLocal) -->
> Ejb(deployment-id=KMSPlatform-ejb/InitializeDataBean)
> 2009-10-19 12:11:30,892 INFO  [startup]
> Jndi(name=KMSPlatformEjbStartupBeanLocal) -->
> Ejb(deployment-id=KMSPlatform-ejb/KMSPlatformEjbStartupBean)
> 2009-10-19 12:11:30,892 INFO  [startup]
> Jndi(name=SpringContextBeanLocal) -->
> Ejb(deployment-id=KMSPlatform-ejb/SpringContextBean)
> 2009-10-19 12:11:30,892 INFO  [startup] Created
> Ejb(deployment-id=KMSPlatform-ejb/KMSPlatformEjbStartupBean,
> ejb-name=KMSPlatformEjbStartupBean,
> container=DefaultStatelessContainer)
> 2009-10-19 12:11:30,892 INFO  [startup] Created
> Ejb(deployment-id=KMSPlatform-ejb/SpringContextBean,
> ejb-name=SpringContextBean, container=DefaultStatelessContainer)
> 2009-10-19 12:11:30,892 INFO  [startup] Created
> Ejb(deployment-id=KMSPlatform-ejb/SiteBean, ejb-name=SiteBean,
> container=DefaultStatelessContainer)
> 2009-10-19 12:11:30,892 INFO  [startup] Created
> Ejb(deployment-id=KMSPlatform-ejb/InitializeDataBean,
> ejb-name=InitializeDataBean, container=DefaultStatelessContainer)
> 2009-10-19 12:11:30,892 INFO  [startup] Deployed
> Application(path=/opt/kms/server/geronimo-2.2-20091019/var/temp/geronimo-deployer49287.tmpdir/KMSPlatform-ejb.jar)
> 2009-10-19 12:11:30,894 ERROR [GBeanInstanceState] Error while
> starting; GBean is now in the FAILED state:
> abstractName="net.kunye/KMSPlatform-ejb/1.0/jar?EJBModule=net.kunye/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=KMSPlatformEjbStartupBean"
> java.lang.IllegalStateException: no run-as identity configured for role: Admin
>        at org.apache.geronimo.security.jacc.mappingprovider.ApplicationPrincipalRoleConfigurationManager.getSubjectForRole(ApplicationPrincipalRoleConfigurationManager.java:109)
>        at org.apache.geronimo.openejb.EjbDeployment.<init>(EjbDeployment.java:109)
>        at org.apache.geronimo.openejb.EjbDeploymentGBean.<init>(EjbDeploymentGBean.java:56)
>        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
>        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
>        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
>        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
>        at org.apache.xbean.recipe.ReflectionUtil$ConstructorFactory.create(ReflectionUtil.java:952)
>        at org.apache.xbean.recipe.ObjectRecipe.internalCreate(ObjectRecipe.java:276)
>        at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:96)
>        at org.apache.xbean.recipe.AbstractRecipe.create(AbstractRecipe.java:61)
>        at org.apache.geronimo.gbean.runtime.GBeanInstance.createInstance(GBeanInstance.java:911)
>        at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:269)
>        at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>        at org.apache.geronimo.gbean.runtime.GBeanInstance.start(GBeanInstance.java:525)
>        at org.apache.geronimo.gbean.runtime.GBeanDependency.attemptFullStart(GBeanDependency.java:110)
>        at org.apache.geronimo.gbean.runtime.GBeanDependency.addTarget(GBeanDependency.java:145)
>        at org.apache.geronimo.gbean.runtime.GBeanDependency$1.running(GBeanDependency.java:119)
>        at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.fireRunningEvent(BasicLifecycleMonitor.java:175)
>        at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor.access$300(BasicLifecycleMonitor.java:44)
>        at org.apache.geronimo.kernel.basic.BasicLifecycleMonitor$RawLifecycleBroadcaster.fireRunningEvent(BasicLifecycleMonitor.java:253)
>        at org.apache.geronimo.gbean.runtime.GBeanInstanceState.attemptFullStart(GBeanInstanceState.java:295)
>        at org.apache.geronimo.gbean.runtime.GBeanInstanceState.start(GBeanInstanceState.java:103)
>        at org.apache.geronimo.gbean.runtime.GBeanInstanceState.startRecursive(GBeanInstanceState.java:125)
>        at org.apache.geronimo.gbean.runtime.GBeanInstance.startRecursive(GBeanInstance.java:539)
>        at org.apache.geronimo.kernel.basic.BasicKernel.startRecursiveGBean(BasicKernel.java:377)
>        at org.apache.geronimo.kernel.config.ConfigurationUtil.startConfigurationGBeans(ConfigurationUtil.java:456)
>        at org.apache.geronimo.kernel.config.KernelConfigurationManager.start(KernelConfigurationManager.java:190)
>        at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:546)
>        at org.apache.geronimo.kernel.config.SimpleConfigurationManager.startConfiguration(SimpleConfigurationManager.java:527)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:851)
>        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:237)
>        at org.apache.geronimo.kernel.KernelGBean.invoke(KernelGBean.java:342)
>        at sun.reflect.GeneratedMethodAccessor105.invoke(Unknown Source)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at org.apache.geronimo.gbean.runtime.ReflectionMethodInvoker.invoke(ReflectionMethodInvoker.java:34)
>        at org.apache.geronimo.gbean.runtime.GBeanOperation.invoke(GBeanOperation.java:130)
>        at org.apache.geronimo.gbean.runtime.GBeanInstance.invoke(GBeanInstance.java:851)
>        at org.apache.geronimo.kernel.basic.BasicKernel.invoke(BasicKernel.java:237)
>        at org.apache.geronimo.system.jmx.MBeanGBeanBridge.invoke(MBeanGBeanBridge.java:172)
>        at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:836)
>        at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:761)
>        at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1426)
>        at javax.management.remote.rmi.RMIConnectionImpl.access$200(RMIConnectionImpl.java:72)
>        at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1264)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1366)
>        at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:788)
>        at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
>        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)
>        at sun.rmi.transport.Transport$1.run(Transport.java:159)
>        at java.security.AccessController.doPrivileged(Native Method)
>        at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
>        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
>        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
>        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
>        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
>        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
>        at java.lang.Thread.run(Thread.java:619)
> 2009-10-19 12:11:30,894 INFO  [SessionFactoryImpl] closing
>
> Can someone please advise.
>
> Quintin Beukes
>

Mime
View raw message