I have been playing with axis beta1, jboss2.4.4 with tomcat4.0.1 bundled together in order to create a web service with an ejb implementation.
It is working quite well. By doing a stateful ejb, I also played with the request, session and application scope of the web service and the whole chain is working fine. The stateful ejb is doing what it is supposed to do, and with a session scope web service, axis is making sure that my ejb client session is reused across requests.
I also managed to setup JAAS permissions on the ejb and having the web service client code to login in order to make a successful call.
I have actually two questions:
1) May be this is due to my poor knowledge of ejb, but I read in a couple of places that the stateful ejb will be maintained by the ejb container as long as the client is not timing out (or explicitly calling remove). What does this mean in the axis context? If I declare my web service with an application scope, does it mean that my stateful bean will always be maintained (as long as ejb container does not stop)? In the case of a session scope, with a java client program to the web service, what does it mean to timeout and if it can timeout, is it propagated to the ejb stateful bean? Obviously, if the Call object that I am using to do the web service calls is destroyed, the ejb stateful bean is recycled. But does it mean that it will never be recycled as long as this object is alive?
2) The second question is actually more a problem than a question. When setting JAAS security on the ejb implementation, if the web service client code is getting a security exception, it seems that I can not do any further call to the web service. In the axis client code included below, I login as user1. user1 has the right to call getValue, but not setValue (those rights are defined through JAAS permissions on the ejb implementation: some <method-permission> in the ejb-jar.xml used to deploy the ejb). Calling getValue is working ok. When calling setValue, I get an exception. So far, so good. Trying to call getValue again, and I get some weird exceptions. Any ideas?
Thanks.
Thomas
Code:
======
System.out.println ("user1");
Service service = new Service ();
Call call = (Call) service.createCall ();
call.setTargetEndpointAddress (new java.net.URL (END_POINT_URL));
call.setUsername ("user1");
call.setPassword ("user1");
call.setMaintainSession (true);
call.setOperationName (new QName ("Demo", "getValue"));
System.out.println (call.invoke (new Object []{}));
try {
call.setOperationName (new QName ("Demo", "setValue"));
call.invoke (new Object []{user + " value"});
}
catch (Exception e) {
System.out.println (e);
}
call.setOperationName (new QName ("Demo", "getValue"));
System.out.println (call.invoke (new Object []{}));
Output:
======
run-axis-client:
[java] user1
[java] getValue return
[java] java.rmi.ServerException: Transaction rolled back; nested exception is:
[java] java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
[java] java.lang.SecurityException: Insufficient method permissions, principal=user1, method=setValue, required
Roles=[role2], principalRoles=[role1, guest]
[java] java.rmi.NoSuchObjectException: Could not activate; nested exception is:
[java] java.io.FileNotFoundException: H:\JBoss-2.4.4_Tomcat-4.0.1\jboss\db\sessions\Demo\1020409195143.ser (The
system cannot find the file specified)
