JBoss gurus --
I am using JBoss 3.0.4 - Tomcat 4.1.12 on Win2K. I want to get
unauthenticated access to a local SLSB from an MBean, while still
requiring authenticated access to my remote EJBs.
I am trying to add to my application a scheduled "batch" operation
which does some periodic cleanup. The scheduling part was
straightforward to set up, thanks to the docs and the list. However, I
am having some trouble with the authentication part.
All of my remote session facades require authentication, with
user/role information in an LDAP. The scheduled operation is a "system"
operation, though, and so I would like to avoid requiring it to do any
explicit authentication. I don't, for example, want to put a "system"
or "internal" entry in the LDAP, which is intended to be just for real
users. And I would like to avoid hard-coding any password anywhere.
I have done the following:
+ created a local SLSB which does the real work
+ added a scheduler MBean, which periodically calls the local SLSB
+ added an 'unauthenticatedIdentity' entry in the login-config.xml:
<application-policy name = "ime_ejb">
<authentication>
<login-module code =
"com.tumbleweed.ime.ejb.security.jboss3.LdapLoginModule"
flag = "required">
...
<module-option
name="unauthenticatedIdentity">system</module-option>
</login-module>
</authentication>
</application-policy>
+ made all methods of the local SLSB 'unchecked':
<method-permission>
<description><![CDATA[Local EJBs are unchecked]]></description>
<unchecked/>
<method >
<ejb-name>PackageExpireSession</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
+ added no authentication calls in the MBean
Still, whenever I call the SLSB from within the scheduler MBean, I
get the famous "principal=null" exception:
15:05:43,431 INFO [PackageExpireTask] expirePackages(Mon Dec 16
15:05:40 PST 2002)
15:05:43,446 ERROR [SecurityInterceptor] Authentication exception,
principal=null
15:05:43,446 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Authentication exception, principal=null
at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
at
org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
at
org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(BaseLocalContainerInvoker.java:230)
at
org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:110)
at $Proxy38.create(Unknown Source)
at
com.tumbleweed.ime.ejb.scheduler.jboss3.PackageExpireTask.expirePackages(Unknown
Source)
at
com.tumbleweed.ime.ejb.scheduler.jboss3.PackageExpireTask.perform(Unknown
Source)
at
org.jboss.varia.scheduler.Scheduler$Listener.handleNotification(Scheduler.java:1046)
at
org.jboss.mx.server.NotificationListenerProxy.handleNotification(NotificationListenerProxy.java:71)
at
javax.management.NotificationBroadcasterSupport.sendNotification(NotificationBroadcasterSupport.java:84)
at javax.management.timer.Timer.sendNotifications(Timer.java:441)
at javax.management.timer.Timer.access$000(Timer.java:31)
at
javax.management.timer.Timer$RegisteredNotification.doRun(Timer.java:612)
at
org.jboss.mx.util.SchedulableRunnable.run(SchedulableRunnable.java:164)
at org.jboss.mx.util.ThreadPool$Worker.run(ThreadPool.java:225)
15:05:43,446 ERROR [PackageExpireTask] Exception in PackageExpireTask:
javax.ejb
.EJBException: checkSecurityAssociation; CausedByException is:
Authentication exception, principal=null
BTW, if I do make an explicit login call to one of my (secured)
remote facades from within the scheduler MBean, and use a valid user in
my LDAP, it works fine.
I have searched on the list, and taken a look at the JBoss security
test cases, but I can't figure out how to get the results I want.
Probably I have missed something.
Any suggestions?
-- Randy
_________________________________________________________________
Randy Shoup (650)216-2038
Tumbleweed Communications Corporation [EMAIL PROTECTED]
-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
- RE: [JBoss-user] MBeans, local EJBs and Authentication Randy Shoup
- RE: [JBoss-user] MBeans, local EJBs and Authentication John Fawcett
- Re: [JBoss-user] MBeans, local EJBs and Authentication Scott M Stark
- RE: [JBoss-user] MBeans, local EJBs and Authentication Randy Shoup
- Re: [JBoss-user] MBeans, local EJBs and Authentication Randy Shoup
