Just curious -- is it particularly bad form to have your automated beans also log in? Perhaps create an account for these automated functions?
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Randy Shoup Sent: Monday, December 16, 2002 6:23 PM To: [EMAIL PROTECTED] Subject: [JBoss-user] MBeans, local EJBs and Authentication JBoss gurus -- I am using JBoss 3.0.4 - Tomcat 4.1.12 on Win2K. I want to get unauthenticated access to a local SLSB from an MBean, while still requiring authenticated access to my remote EJBs. I am trying to add to my application a scheduled "batch" operation which does some periodic cleanup. The scheduling part was straightforward to set up, thanks to the docs and the list. However, I am having some trouble with the authentication part. All of my remote session facades require authentication, with user/role information in an LDAP. The scheduled operation is a "system" operation, though, and so I would like to avoid requiring it to do any explicit authentication. I don't, for example, want to put a "system" or "internal" entry in the LDAP, which is intended to be just for real users. And I would like to avoid hard-coding any password anywhere. I have done the following: + created a local SLSB which does the real work + added a scheduler MBean, which periodically calls the local SLSB + added an 'unauthenticatedIdentity' entry in the login-config.xml: <application-policy name = "ime_ejb"> <authentication> <login-module code = "com.tumbleweed.ime.ejb.security.jboss3.LdapLoginModule" flag = "required"> ... <module-option name="unauthenticatedIdentity">system</module-option> </login-module> </authentication> </application-policy> + made all methods of the local SLSB 'unchecked': <method-permission> <description><![CDATA[Local EJBs are unchecked]]></description> <unchecked/> <method > <ejb-name>PackageExpireSession</ejb-name> <method-name>*</method-name> </method> </method-permission> + added no authentication calls in the MBean Still, whenever I call the SLSB from within the scheduler MBean, I get the famous "principal=null" exception: 15:05:43,431 INFO [PackageExpireTask] expirePackages(Mon Dec 16 15:05:40 PST 2002) 15:05:43,446 ERROR [SecurityInterceptor] Authentication exception, principal=null 15:05:43,446 ERROR [LogInterceptor] EJBException, causedBy: java.lang.SecurityException: Authentication exception, principal=null at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Secur ityInterceptor.java:173) at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor .java:94) at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129) at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionConta iner.java:300) at org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(BaseLoc alContainerInvoker.java:230) at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:11 0) at $Proxy38.create(Unknown Source) at com.tumbleweed.ime.ejb.scheduler.jboss3.PackageExpireTask.expirePackages (Unknown Source) at com.tumbleweed.ime.ejb.scheduler.jboss3.PackageExpireTask.perform(Unknow n Source) at org.jboss.varia.scheduler.Scheduler$Listener.handleNotification(Schedule r.java:1046) at org.jboss.mx.server.NotificationListenerProxy.handleNotification(Notific ationListenerProxy.java:71) at javax.management.NotificationBroadcasterSupport.sendNotification(Notific ationBroadcasterSupport.java:84) at javax.management.timer.Timer.sendNotifications(Timer.java:441) at javax.management.timer.Timer.access$000(Timer.java:31) at javax.management.timer.Timer$RegisteredNotification.doRun(Timer.java:612 ) at org.jboss.mx.util.SchedulableRunnable.run(SchedulableRunnable.java:164) at org.jboss.mx.util.ThreadPool$Worker.run(ThreadPool.java:225) 15:05:43,446 ERROR [PackageExpireTask] Exception in PackageExpireTask: javax.ejb .EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null BTW, if I do make an explicit login call to one of my (secured) remote facades from within the scheduler MBean, and use a valid user in my LDAP, it works fine. I have searched on the list, and taken a look at the JBoss security test cases, but I can't figure out how to get the results I want. Probably I have missed something. Any suggestions? -- Randy _________________________________________________________________ Randy Shoup (650)216-2038 Tumbleweed Communications Corporation [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
