Unchecked in JBoss does not mean anonymous by default. A caller still must be authenticated, but there will be no authorization check. If you want to allow anonymous access to an unchecked ejb you need to configure the security domain login modules to allow this. Most JBoss login modules support this using the unauthenticatedIdentity module option so read up on that.
-- xxxxxxxxxxxxxxxxxxxxxxxx Scott Stark Chief Technology Officer JBoss Group, LLC xxxxxxxxxxxxxxxxxxxxxxxx
Sebastian Hauer wrote:
Hi,
I was just having a problem with the in EJB 2.0 introduced <unchecked /> role for method permissions in JBoss 3.0.x. I have an mbean which needs to make a bean call, due to the fact that the mbean has no caller principal associated with it I can not make this bean call until it has a security domain set in jboss.xml. This is the first time I am using <unchecked /> and maybe it is not a good idea to use it anyway but I was wondering if I am possibly doing something wrong or if this is a bug in JBoss.
Here is my dd for this bean:
-------------------------------------------------------------------
<?xml version="1.0" ?> <!DOCTYPE ejb-jar PUBLIC
"-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN"
"http://java.sun.com/dtd/ejb-jar_2_0.dtd";>
<ejb-jar>
<enterprise-beans>
<session>
<ejb-name>SequenceNumberBroker</ejb-name>
<home>com.sknt.picasso.ejbeans.SequenceNumberBrokerHome</home>
<remote>com.sknt.picasso.ejbeans.SequenceNumberBroker</remote>
<ejb-class>com.sknt.picasso.ejbeans.SequenceNumberBrokerBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Bean</transaction-type>
</session>
</enterprise-beans>
<assembly-descriptor> <method-permission> <unchecked /> <method> <ejb-name>SequenceNumberBroker</ejb-name> <method-name>*</method-name> </method> </method-permission> </assembly-descriptor> </ejb-jar> -------------------------------------------------------------------
And here the stacktrace I am getting:
------------------------------------------------------------------- java.rmi.ServerException: EJBException:; nested exception is: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Secur ityInterceptor.java:174) at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor .java:94) at org.jboss.ejb.plugins.CleanShutdownInterceptor.invokeHome(CleanShutdownI nterceptor.java:126) at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133) at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionConta iner.java:300) at org.jboss.ejb.Container.invoke(Container.java:756) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517) at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:99) at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:1 02) at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.jav a:77) at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80) at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198) at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76) at $Proxy86.create(Unknown Source) at com.sknt.picasso.lib.BeanRefHandler.getSequenceNumberBrokerBean(BeanRefH andler.java:878) -------------------------------------------------------------------
I also cranked up the logging and saw that my JAAS login modules get invoked while trying to access this bean. I would not expect that they get called.
Regards, Sebastian
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
