"Dale V. Georg" wrote:
>
> We have built a J2EE application with a Swing GUI Rich Client (using the
> J2EE
> Reference Implementation application client container). When we added
> security
> to the EJBs, we found that if you call an EJB from a Swing event handler
> the
> security context is lost and the EJB container believes you to be guest.
> However, if you make the call from the main method, or a separate thread
> started from the main method, the security principal is propagated
> correctly.
>
> The output and code is included below. If anyone has seen anything like
> this
> before and knows why it may be happening, or better yet, what we can do
> to make
> it stop happening, your help would be greatly appreciated.
<vendor>
Try Sybase EAServer. We allow the client's credentials to be associated
with the object references instead of the client's threads, thereby
avoiding these problems.
</vendor>
> Regards,
> Brett Beaumont
> Dale V. Georg
>
> ================================
> Dale V. Georg
> Technical Manager
> Indus Consultancy Services
> [EMAIL PROTECTED]
> (201) 261-3100 x229
> ================================
>
> ========= Output ==========
>
> Initiating login ...
> Looking up authenticator...
> Binding name:`java:comp/env/com.ics.test.testAHome`
> Running in this thread
> bbeaumo
> Running in another thread
> bbeaumo
>
> Now testing GUI
>
> Button pressed
> guest
>
> Button pressed
> guest
> Out of wait loop
> bbeaumo
> Unbinding name:`java:comp/env/com.ics.test.testAHome`
>
> =========== Client program (Class1Client.java) ============
>
> package com.ics.test;
>
> import java.util.Properties;
> import javax.naming.*;
> import javax.ejb.*;
> import java.rmi.*;
> import java.sql.SQLException;
>
> import javax.swing.*;
> import java.awt.*;
> import java.awt.event.*;
>
> /**
> * This package is EJB-part of project. It must contain the following:
> * @Class com.ics.test.testAHome.java
> * @Class com.ics.test.testA.java
> */
> public class Class1Client extends WindowAdapter implements
> Runnable,ActionListener {
>
> private testAHome home;
>
> /** Invoked when the button is pressed, this method callls the
> * body of the client
> *
> * @param e Event
> **/
> public void actionPerformed(ActionEvent e) {
> System.out.println("\nButton pressed");
> try {
> body();
> } catch(Exception ex) {
> System.out.println("Exception in body on button press");
> }
> }
>
> /** Notifies the client that the main window has been closed
> *
> * @param e Event
> **/
> public synchronized void windowClosed(WindowEvent e) {
> this.notify();
> }
>
> /** This method is required so that the the main method doesn't
> * exit until the main window is closed
> **/
> public synchronized void waitForAWhile() {
> try
> {
> this.wait();
> } catch(Exception e) {
> System.out.println("Interrupted");
> }
> }
>
> /** Initialise the client. Looks up the home interface of the EJB
> **/
> public Class1Client() throws NamingException {
> home = lookupHome();
> }
>
> /** Main method
> *
> * @param argv The command line parameters
> **/
> public static void main(String[] argv) {
>
> // Create a client object
> Class1Client client = null;
> try {
> client = new Class1Client();
> }
> catch(Exception e) {
> System.out.println("Exception creating client : " +
> e.getMessage());
> System.exit(0);
> }
>
> try {
> // Test security propagation from current thread - succeeds
> System.out.println("Running in this thread");
> client.body();
>
> // Test security propagation from user created thread -
> succeeds
> System.out.println("Running in another thread");
> Thread t = new Thread(client);
> t.start();
> t.join();
>
> // Test security propagation from Swing GUI - fails
> System.out.println("\n\nNow testing GUI");
> client.makeWindow();
> client.waitForAWhile();
>
> // After window is closed, check if we can still propagate
> the
> // security context to the EJB container - succeeds
> System.out.println("Out of wait loop");
> client.body();
>
> } catch (Exception e) {
> e.printStackTrace();
> }
> }
>
> /** Method used to test running EJBs from a normal thread **/
> public void run() {
> try {
> body();
> } catch(Exception e) {
> System.out.println("Exception while running in second
> thread");
> }
> }
>
> public void body() throws CreateException, RemoteException,
> RemoveException, SQLException, NamingException {
> // Create the EJB
> com.ics.test.testA ejb = home.create();
>
> // Print out who the bean thinks I am
> System.out.println(ejb.whoAmI());
> ejb.remove();
> }
>
> /** Looks up the home interface of the test EJB
> *
> * @return Home interface of the testA EJB
> **/
> private testAHome lookupHome() throws NamingException {
> Context ctx = getInitialContext();
> com.ics.test.testAHome home = null;
> try {
> home = (com.ics.test.testAHome) ctx.lookup
> ("com.ics.test.testAHome");
> } catch (NamingException e) {
> e.printStackTrace();
> }
> return home;
> }
>
> /** Narrows the class **/
> private Object narrow(Object obj, Class c) {
> return javax.rmi.PortableRemoteObject.narrow(obj, c);
> }
>
> /** Retrieves the initial context
> *
> * @return The initial context
> **/
> private Context getInitialContext() throws NamingException {
> Context ctx = null;
> try {
> ctx = new InitialContext();
> } catch (NamingException e) {
> e.printStackTrace();
> }
> return ctx;
> }
>
> /** Creates a simpe test window **/
> public void makeWindow() {
> // Create the window and its components
> JFrame frame = new JFrame("Test Window");
> JButton button = new JButton("Test");
>
> // Add the event listeners
> button.addActionListener(this);
>
> frame.setDefaultCloseOperation(WindowConstants.DISPOSE_ON_CLOSE);
> frame.addWindowListener(this);
>
> // Prepare window for display
> frame.getContentPane().add(button);
> frame.pack();
> frame.show();
> }
>
> }
>
> ========= TestA EJB - Home Interface (TestAHome.java) =============
> package com.ics.test;
>
> import javax.ejb.*;
> import java.rmi.RemoteException;
>
> public interface testAHome extends EJBHome {
> public testA create() throws RemoteException, CreateException;
>
> }
>
> ========= TestA EJB - Remote Interface (TestA.java) ===============
> package com.ics.test;
>
> import javax.ejb.*;
> import java.rmi.RemoteException;
>
> public interface testAHome extends EJBHome {
> public testA create() throws RemoteException, CreateException;
>
> }
>
> ========== TestA EJB - Bean Implementation (testABean.java) =========
>
> package com.ics.test;
>
> import javax.ejb.*;
> import javax.naming.*;
> import java.rmi.RemoteException;
>
> /**
> * @ejbStateful Stateful
> */
> public class testABean implements SessionBean {
> private SessionContext ctx;
> private transient boolean isDirty;
> private transient boolean verboseMode = true;
>
> /**
> * Sets session context for bean
> */
> public void setSessionContext(SessionContext context) throws
> RemoteException {
> if (verboseMode) System.out.println("Bean "+id()+";
> setSessionContext
> called");
> ctx = context;
> }
>
> /**
> * Called when bean is activated
> */
> public void ejbActivate() throws RemoteException {
> if (verboseMode) System.out.println("Bean "+id()+"; ejbActivate
> called");
> }
>
> /**
> * Called when bean is activated
> */
> public void ejbPassivate() throws RemoteException {
> if (verboseMode) System.out.println("Bean "+id()+"; ejbPasivate
> called");
> }
>
> /**
> * Remove bean
> */
> public void ejbRemove() throws RemoteException {
> setModified(false);
> }
>
> /**
> * Create method
> */
> public void ejbCreate() throws RemoteException, CreateException {
> }
>
> public int id() {
> return System.identityHashCode(this);
> }
>
> /**
> * Returns true if the bean was modified
> */
> public boolean isModified() {
> return isDirty;
> }
>
> /**
> * Sets whether the bean was modified
> */
> public void setModified(boolean flag) {
> isDirty = flag;
> }
>
> public String whoAmI() {
> return ctx.getCallerPrincipal().getName();
> }
>
> }
>
> ===========================================================================
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
> of the message "signoff EJB-INTEREST". For general help, send email to
> [EMAIL PROTECTED] and include in the body of the message "help".
--
________________________________________________________________________________
Evan Ireland Sybase EAServer Engineering [EMAIL PROTECTED]
Wellington, New Zealand +64 4 934-5856
===========================================================================
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff EJB-INTEREST". For general help, send email to
[EMAIL PROTECTED] and include in the body of the message "help".
