Hi everybody,
After I have written some mails to JBoss security forum, I found out
that the Servlet has a problem. As I can see that has to do with the
usage of Struts 2 because another application with Struts 1 works.
The problem I don't know where I can continue to resolve the problem an
wanted to ask if someone can help?
-----------------------------------
Mail 1:
I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve
about 2 days (my employer is not very amused of that...). I use a own
JASSLoginModule to authenticate a user on a LDAP directory. The roleSet
is fetched from a database. This part works as I can see and give me the
result - "AdminUser".
But now when I call a EJB stateless session bean, I always get the
Caller unauthorized error (Stacktrace is at bottom of the message).
Can anybody give me a hint whats wrong.
The Constants in the @RolesAllowed has "AdminUser" in the list. The
class is also attached at the end of the message.
<<error-statcktrace.txt>>
<<UserFacadeBean.java>>
------------------------------------
Reply 1: From Wolfgang Knauf
Hi Michael,
you probably checked the JBoss log of the security layer (see question 4
in FAQ)? Do you see output that JBoss could map a user to the required
roles?
Please post the relevant snippets of your login module.
Best regards
Wolfgang
-------------------------------------
Mail 2:
Some new output was generated after enabling debugging. But the only
thing I can see, that the error is not in the login module but somewhere
in the servlet container.
Is there something special that I have to pay attention when I'm using
Struts2 as framework?
<<error-stacktrace-with-security-debugging.txt>>
--------------------------------------
Mail 3:
My web.xml:
<<web.xml>>
And the struts2 interceptor I use on sites you have to be logged in:
JaasLoginInterceptor:
<<JAASLoginInterceptor.java>>
---------------------------------------
Hope anyone has a hint what I'm doing wrong.
Kind regards,
Michael Obster
javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
leBasedAuthorizationInterceptorv2.java:199)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
thenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
ptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
rShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
ke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
er.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
er.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at $Proxy1287.getAllUsers(Unknown Source)
at vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
agement.java:41)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultA
ctionInvocation.java:404)
at com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(Defa
ultActionInvocation.java:267)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:229)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
rcept(DefaultWorkflowInterceptor.java:221)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
alidationInterceptor.java:150)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterce
ptor.doIntercept(AnnotationValidationInterceptor.java:48)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
ept(ConversionErrorInterceptor.java:123)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
(ParametersInterceptor.java:167)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
cept(StaticParametersInterceptor.java:105)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
Interceptor.java:83)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
loadInterceptor.java:207)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
ModelDrivenInterceptor.java:74)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.inte
rcept(ScopedModelDrivenInterceptor.java:127)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.ProfilingActivationInterceptor.interce
pt(ProfilingActivationInterceptor.java:107)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.debugging.DebuggingInterceptor.interce
pt(DebuggingInterceptor.java:206)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
iningInterceptor.java:115)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
erceptor.java:143)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
epareInterceptor.java:121)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
vletConfigInterceptor.java:170)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
nterceptor.java:123)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
cept(ExceptionMappingInterceptor.java:176)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.conti
nueAction(RolecheckUsermanagerInterceptor.java:86)
at vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.inter
cept(RolecheckUsermanagerInterceptor.java:71)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at vwg.yyy.cancard.ui.interceptor.JAASLoginInterceptor.intercept(JAASLo
ginInterceptor.java:78)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
rcept(DefaultWorkflowInterceptor.java:221)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
alidationInterceptor.java:150)
at org.apache.struts2.interceptor.validation.AnnotationValidationInterce
ptor.doIntercept(AnnotationValidationInterceptor.java:48)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
ept(ConversionErrorInterceptor.java:123)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
(ParametersInterceptor.java:167)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
cept(StaticParametersInterceptor.java:105)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
Interceptor.java:83)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
loadInterceptor.java:207)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
ModelDrivenInterceptor.java:74)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
iningInterceptor.java:115)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
erceptor.java:143)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
epareInterceptor.java:121)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
vletConfigInterceptor.java:170)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
(ParametersInterceptor.java:167)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
nterceptor.java:123)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
cept(ExceptionMappingInterceptor.java:176)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at vwg.yyy.cancard.ui.interceptor.RedirectMessageInterceptor.doIntercep
t(RedirectMessageInterceptor.java:51)
at com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
(MethodFilterInterceptor.java:86)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:224)
at com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
ActionInvocation.java:223)
at com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
erStack.java:455)
at com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
nvocation.java:221)
at org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.j
ava:50)
at org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.jav
a:504)
at org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatc
her.java:419)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
lter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
yAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
e.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
ss(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
e(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
onnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
ss(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
7)
at java.lang.Thread.run(Thread.java:619) /**
*
*/
package vwg.yyy.cancard.business.facade;
import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import javax.annotation.PostConstruct;
import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.annotation.security.RunAs;
import javax.ejb.EJB;
import javax.ejb.Local;
import javax.ejb.Remote;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.persistence.EntityExistsException;
import javax.persistence.EntityNotFoundException;
import javax.security.auth.Subject;
import javax.security.jacc.PolicyContext;
import javax.security.jacc.PolicyContextException;
import org.apache.log4j.Logger;
import org.hibernate.exception.ConstraintViolationException;
import org.jboss.ejb3.annotation.SecurityDomain;
import org.jboss.security.auth.spi.ADLoginIdentifier;
import vwg.yyy.cancard.ApplicationConstants;
import vwg.yyy.cancard.MyApplicationException;
import vwg.yyy.cancard.business.user.TooManyHitsException;
import vwg.yyy.cancard.dao.ApplicationRoleDao;
import vwg.yyy.cancard.dao.ApplicationUserDao;
import vwg.yyy.cancard.dao.DAOFactory;
import vwg.yyy.cancard.ldap.LDAPSearcher;
import vwg.yyy.cancard.model.basic.ApplicationRole;
import vwg.yyy.cancard.model.basic.ApplicationUser;
/**
* Implementation of user service interface.
*
* @author Michael Obster (michael.obs...@epos-cat.de)
*/
@SecurityDomain("java:/jaas/cancardDomain")
@RolesAllowed({ApplicationConstants.ROLE_ADMIN,
ApplicationConstants.ROLE_NORMAL, "internal"})
@RunAs("internal")
@Local({UserFacade.class})
@Remote({UserFacadeRemote.class})
@Stateless
public class UserFacadeBean implements UserFacade {
private static final String SUBJECT_CONTEXT_KEY =
"javax.security.auth.Subject.container";
private static Logger log = Logger.getLogger(UserFacadeBean.class);
/**
* Session context for security checks.
*/
@Resource
private SessionContext ctx;
@EJB
private DAOFactory daoFactory;
private ApplicationUserDao userDao;
private ApplicationRoleDao roleDao;
/**
* Inits the daos.
*/
@PostConstruct
public void initDao() {
userDao = daoFactory.getApplicationUserDao();
roleDao = daoFactory.getApplicationRoleDao();
}
public List<ApplicationUser> getAllUsers() {
return userDao.findAllOrdered("lastname, firstname");
}
public ApplicationUser saveUser(ApplicationUser user, boolean updateZebra) {
if (updateZebra) {
// Update current user from zebra
LDAPSearcher searcher = new LDAPSearcher();
searcher.updateUserAD(user);
}
return userDao.merge(user);
}
public boolean deleteUser(String gid) {
try {
userDao.remove(gid);
} catch (EntityNotFoundException e) {
log.debug(e);
throw new MyApplicationException("db.alreadydeleted");
} catch (EntityExistsException e) {
log.debug(e.getCause());
if (e.getCause() instanceof ConstraintViolationException) {
// User still used elsewhere
throw new MyApplicationException("db.stillused");
}
else {
// Should never happen
throw (EntityExistsException) e.fillInStackTrace();
}
}
return true;
}
public ApplicationUser findUserById(String userId) throws
EntityNotFoundException {
return userDao.findById(userId);
}
public ApplicationUser findFullUserById(String userId) throws
EntityNotFoundException {
ApplicationUser user = userDao.findById(userId);
return userDao.fetchFullUser(user);
}
public List<ApplicationRole> getAllRoles() {
return roleDao.findAllOrdered("reihe");
}
public List<ApplicationUser> findDirectoryUsers(ApplicationUser user)
throws TooManyHitsException {
LDAPSearcher searcher = new LDAPSearcher();
return searcher.findByCriteriaAD(user);
}
public ApplicationUser findDirectoryUser(String userId) {
LDAPSearcher searcher = new LDAPSearcher();
ApplicationUser user = new ApplicationUser();
user.setId(userId);
searcher.updateUserAD(user);
return user;
}
@Override
public List<ApplicationUser> findByCriteria(String firstname,
String lastname, String department, String phone,
String email, String id) {
LDAPSearcher searcher = new LDAPSearcher();
return searcher.findByCriteria(firstname, lastname,
department, phone, email, id);
}
@Override
public List<ApplicationRole> getRolesNotUser(ApplicationUser user) {
user = userDao.fetchFullUser(user);
return roleDao.findNonRolesOfUser(user);
}
@Override
public List<ApplicationRole> getUserRoles(ApplicationUser user) {
user = userDao.fetchFullUser(user);
return new ArrayList<ApplicationRole>(user.getRole());
}
@Override
public boolean addRole(ApplicationRole role, ApplicationUser user) {
user = userDao.fetchFullUser(user);
return userDao.linkRoleToUser(role, user);
}
@Override
public boolean deleteRole(ApplicationRole role, ApplicationUser user) {
user = userDao.fetchFullUser(user);
return userDao.unlinkRoleToUser(role, user);
}
@Override
public ApplicationRole findRoleById(String roleId)
throws EntityNotFoundException {
return roleDao.findById(roleId);
}
public void updateUser() throws MyApplicationException {
// Get user from DB
LDAPSearcher searcher = new LDAPSearcher();
ApplicationUser dbUser=null;
try {
dbUser = userDao.findById(getUserId(ctx));
}
catch(EntityNotFoundException e) {
throw new MyApplicationException("User not found in database.", e);
}
// Get current user data from zebra
// searcher.updateUserAD(dbUser);
// Save user
// userDao.merge(dbUser);
}
/**
* Static helper method: Get userId from EJB context.
*
* @param ctx SessionContext for no-ad-case
* @return userId
*/
public static String getUserId(SessionContext ctx) {
try {
Subject subject = (Subject)
PolicyContext.getContext(UserFacadeBean.SUBJECT_CONTEXT_KEY)
;
Set<ADLoginIdentifier> pc =
subject.getPublicCredentials(ADLoginIdentifier.class);
if (pc == null || pc.isEmpty()) {
/*
* Should only happen in JUnit case, return user name as GID
* NOT dangerous because:
* - Spiider is the only login method on production server
* - The following update from Zebra will fail and throw an
Exception
*/
log.warn("Logging in without ADLoginIdentifier, should only
happen in JUnit test!");
return ctx.getCallerPrincipal().getName();
}
else {
return pc.iterator().next().getUserId();
}
} catch (PolicyContextException e) {
throw new MyApplicationException("Jaas subject could not be
retrieved.", e);
}
}
@Override
public boolean userHasRole(ApplicationRole role, ApplicationUser user) {
user = userDao.fetchFullUser(user);
Set<ApplicationRole> roles = user.getRole();
if (roles.contains(role)) {
return true;
}
else {
return false;
}
}
@Override
public ApplicationRole getRolesById(String roleid) {
ApplicationRole role = roleDao.findById(roleid);
return role;
}
}
...
16:01:50,566 INFO [SpiiderLoginModule] Logged into LDAP server, javax.naming.ld
ap.initialldapcont...@6857da
16:01:50,581 INFO [SpiiderLoginModule] getRoleSets using rolesQuery: SELECT u.u
serid, r."role" FROM "security".application_user u, "security".application_role
r, "security".user_role ur WHERE u.userid = ? AND u.userid = ur.user_id AND ur.r
ole_id = r."role", gid: 79A44E672EA8C49B
16:01:50,769 ERROR [[default]] Servlet.service() for servlet default threw excep
tion
javax.ejb.EJBAccessException: Caller unauthorized
...
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd";>
<display-name>CANCardViewer</display-name>
<context-param>
<!-- the JAAS Login Domain -->
<param-name>jaasLoginDomain</param-name>
<param-value>cancardDomain</param-value>
</context-param>
<context-param>
<!-- the JAAS Client Login Domain -->
<param-name>jaasClientLoginDomain</param-name>
<param-value>client-login</param-value>
</context-param>
<context-param>
<param-name>jmesaPreferencesLocation</param-name>
<param-value>
/resources/jmesa.properties
</param-value>
</context-param>
<context-param>
<param-name>jmesaMessagesLocation</param-name>
<param-value>applicationResources</param-value>
</context-param>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.FilterDispatcher
</filter-class>
</filter>
<!--
This is not necessary if a ServiceLocator fetches the data from EJB layer
<filter>
<filter-name>SpringOpenEntityManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>SpringOpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>worksheet</servlet-name>
<servlet-class>org.jmesa.worksheet.servlet.WorksheetServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>worksheet</servlet-name>
<url-pattern>*.wrk</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
/**
*
*/
package vwg.audi.cancard.ui.interceptor;
import javax.servlet.http.HttpServletRequest;
import org.apache.log4j.Logger;
import org.apache.struts2.ServletActionContext;
import vwg.yyy.cancard.business.LoginFacade;
import vwg.yyy.cancard.ui.JAASConstants;
import com.opensymphony.xwork2.Action;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
/**
* JAASLoginFilter
*
* @author Michael Obster
*/
public class JAASLoginInterceptor implements Interceptor {
private static final long serialVersionUID = -1983088770872827621L;
private Logger log = Logger.getLogger(this.getClass());
String loginDomain = "";
String clientLoginDomain = "";
LoginFacade loginFacade;
@Override
public void init() {
}
@Override
public String intercept(ActionInvocation actionInvocation) throws
Exception {
loginDomain =
ServletActionContext.getServletContext().getInitParameter("jaasLoginDomain");
clientLoginDomain =
ServletActionContext.getServletContext().getInitParameter("jaasClientLoginDomain");
if (log.isDebugEnabled()) {
log.debug("init JAASInterceptor: loginDomain:" +
loginDomain + " clientLoginDomain:" + clientLoginDomain);
}
HttpServletRequest request = ServletActionContext.getRequest();
String servletPath = request.getServletPath();
String pathInfo = request.getPathInfo();
String path = (servletPath == null ? "" : servletPath)
+ (pathInfo == null ? "" : pathInfo);
if (log.isDebugEnabled()) {
log.debug("Login INTERCEPT");
}
loginFacade = new LoginFacade(loginDomain, clientLoginDomain);
if (!JAASConstants.USER_IS_VALID.equals(request
.getSession().getAttribute(
JAASConstants.USER_VALIDITY))) {
log.info("requested path: " + path);
return Action.LOGIN;
}
//Perform client-login
String username =
(String)request.getSession().getAttribute(JAASConstants.USERNAME);
String strPassword =
(String)request.getSession().getAttribute(JAASConstants.PASSWORD);
// Classic login by username and password
loginFacade.clientLogin(username, strPassword);
if (log.isDebugEnabled()) {
log.debug("*****CLIENTLOGIN COMPLETE****");
}
return actionInvocation.invoke();
}
@Override
public void destroy() {
loginFacade.logout();
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
