How are you getting a copy of your EJB in your action?
vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
agement.java:41)
That line in the stacktrace indicates that you are in the action when
you get the error, but the stacktrace dives down into a proxied object
after that. You do realize that you can't use the standard @Remote /
@Local on struts 2 action properties? Struts 2 creates it's own
objects so any JEE annotations are probably not going to work.
-Wes
On Fri, Oct 2, 2009 at 4:09 AM, Michael Obster <mich...@obster.org> wrote:
> Hi everybody,
>
> After I have written some mails to JBoss security forum, I found out that
> the Servlet has a problem. As I can see that has to do with the usage of
> Struts 2 because another application with Struts 1 works.
>
> The problem I don't know where I can continue to resolve the problem an
> wanted to ask if someone can help?
>
> -----------------------------------
> Mail 1:
>
> I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve about
> 2 days (my employer is not very amused of that...). I use a own
> JASSLoginModule to authenticate a user on a LDAP directory. The roleSet is
> fetched from a database. This part works as I can see and give me the result
> - "AdminUser".
>
> But now when I call a EJB stateless session bean, I always get the Caller
> unauthorized error (Stacktrace is at bottom of the message).
>
> Can anybody give me a hint whats wrong.
>
> The Constants in the @RolesAllowed has "AdminUser" in the list. The class is
> also attached at the end of the message.
>
> <<error-statcktrace.txt>>
>
> <<UserFacadeBean.java>>
>
> ------------------------------------
> Reply 1: From Wolfgang Knauf
>
> Hi Michael,
>
> you probably checked the JBoss log of the security layer (see question 4 in
> FAQ)? Do you see output that JBoss could map a user to the required roles?
>
> Please post the relevant snippets of your login module.
>
> Best regards
>
> Wolfgang
>
> -------------------------------------
> Mail 2:
>
> Some new output was generated after enabling debugging. But the only thing I
> can see, that the error is not in the login module but somewhere in the
> servlet container.
>
> Is there something special that I have to pay attention when I'm using
> Struts2 as framework?
>
> <<error-stacktrace-with-security-debugging.txt>>
>
> --------------------------------------
> Mail 3:
>
> My web.xml:
> <<web.xml>>
>
> And the struts2 interceptor I use on sites you have to be logged in:
> JaasLoginInterceptor:
> <<JAASLoginInterceptor.java>>
>
> ---------------------------------------
>
> Hope anyone has a hint what I'm doing wrong.
>
> Kind regards,
> Michael Obster
>
>
> javax.ejb.EJBAccessException: Caller unauthorized
> at
> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
> leBasedAuthorizationInterceptorv2.java:199)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
> at
> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
> thenticationInterceptorv2.java:186)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
> at
> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
> ptor.java:41)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
> at
> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
> rShutdownInterceptor.java:67)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
> at
> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
> ke(CurrentInvocationInterceptor.java:67)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
> at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
> er.java:176)
> at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
> er.java:216)
> at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
> erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
> at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
> erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
> at $Proxy1287.getAllUsers(Unknown Source)
> at
> vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
> agement.java:41)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultA
> ctionInvocation.java:404)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(Defa
> ultActionInvocation.java:267)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:229)
> at
> com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
> rcept(DefaultWorkflowInterceptor.java:221)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
> alidationInterceptor.java:150)
> at
> org.apache.struts2.interceptor.validation.AnnotationValidationInterce
> ptor.doIntercept(AnnotationValidationInterceptor.java:48)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
> ept(ConversionErrorInterceptor.java:123)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
> cept(StaticParametersInterceptor.java:105)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
> Interceptor.java:83)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
> loadInterceptor.java:207)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
> ModelDrivenInterceptor.java:74)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.inte
> rcept(ScopedModelDrivenInterceptor.java:127)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.ProfilingActivationInterceptor.interce
> pt(ProfilingActivationInterceptor.java:107)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.debugging.DebuggingInterceptor.interce
> pt(DebuggingInterceptor.java:206)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
> iningInterceptor.java:115)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
> erceptor.java:143)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
> epareInterceptor.java:121)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
> vletConfigInterceptor.java:170)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
> nterceptor.java:123)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
> cept(ExceptionMappingInterceptor.java:176)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.conti
> nueAction(RolecheckUsermanagerInterceptor.java:86)
> at
> vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.inter
> cept(RolecheckUsermanagerInterceptor.java:71)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> vwg.yyy.cancard.ui.interceptor.JAASLoginInterceptor.intercept(JAASLo
> ginInterceptor.java:78)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
> rcept(DefaultWorkflowInterceptor.java:221)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
> alidationInterceptor.java:150)
> at
> org.apache.struts2.interceptor.validation.AnnotationValidationInterce
> ptor.doIntercept(AnnotationValidationInterceptor.java:48)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
> ept(ConversionErrorInterceptor.java:123)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
> cept(StaticParametersInterceptor.java:105)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
> Interceptor.java:83)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
> loadInterceptor.java:207)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
> ModelDrivenInterceptor.java:74)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
> iningInterceptor.java:115)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
> erceptor.java:143)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
> epareInterceptor.java:121)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
> vletConfigInterceptor.java:170)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
> nterceptor.java:123)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
> cept(ExceptionMappingInterceptor.java:176)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> vwg.yyy.cancard.ui.interceptor.RedirectMessageInterceptor.doIntercep
> t(RedirectMessageInterceptor.java:51)
> at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
> at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
> at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
> at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
> at
> org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.j
> ava:50)
> at
> org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.jav
> a:504)
> at
> org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatc
> her.java:419)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> icationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> ilterChain.java:206)
> at
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
> lter.java:96)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> icationFilterChain.java:235)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> ilterChain.java:206)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> alve.java:235)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> alve.java:191)
> at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
> yAssociationValve.java:190)
> at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
> e.java:92)
> at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
> ss(SecurityContextEstablishmentValve.java:126)
> at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
> e(SecurityContextEstablishmentValve.java:70)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> ava:127)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> ava:102)
> at
> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
> onnectionValve.java:158)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> ve.java:109)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> a:330)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :829)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
> ss(Http11Protocol.java:598)
> at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
> 7)
> at java.lang.Thread.run(Thread.java:619)
> /**
> *
> */
> package vwg.yyy.cancard.business.facade;
>
> import java.util.ArrayList;
> import java.util.List;
> import java.util.Set;
>
> import javax.annotation.PostConstruct;
> import javax.annotation.Resource;
> import javax.annotation.security.RolesAllowed;
> import javax.annotation.security.RunAs;
> import javax.ejb.EJB;
> import javax.ejb.Local;
> import javax.ejb.Remote;
> import javax.ejb.SessionContext;
> import javax.ejb.Stateless;
> import javax.persistence.EntityExistsException;
> import javax.persistence.EntityNotFoundException;
> import javax.security.auth.Subject;
> import javax.security.jacc.PolicyContext;
> import javax.security.jacc.PolicyContextException;
>
> import org.apache.log4j.Logger;
> import org.hibernate.exception.ConstraintViolationException;
> import org.jboss.ejb3.annotation.SecurityDomain;
> import org.jboss.security.auth.spi.ADLoginIdentifier;
>
> import vwg.yyy.cancard.ApplicationConstants;
> import vwg.yyy.cancard.MyApplicationException;
> import vwg.yyy.cancard.business.user.TooManyHitsException;
> import vwg.yyy.cancard.dao.ApplicationRoleDao;
> import vwg.yyy.cancard.dao.ApplicationUserDao;
> import vwg.yyy.cancard.dao.DAOFactory;
> import vwg.yyy.cancard.ldap.LDAPSearcher;
> import vwg.yyy.cancard.model.basic.ApplicationRole;
> import vwg.yyy.cancard.model.basic.ApplicationUser;
>
>
> /**
> * Implementation of user service interface.
> *
> * @author Michael Obster (michael.obs...@epos-cat.de)
> */
> @SecurityDomain("java:/jaas/cancardDomain")
> @RolesAllowed({ApplicationConstants.ROLE_ADMIN,
> ApplicationConstants.ROLE_NORMAL, "internal"})
> @RunAs("internal")
> @Local({UserFacade.class})
> @Remote({UserFacadeRemote.class})
> @Stateless
> public class UserFacadeBean implements UserFacade {
> private static final String SUBJECT_CONTEXT_KEY =
> "javax.security.auth.Subject.container";
>
> private static Logger log = Logger.getLogger(UserFacadeBean.class);
>
> /**
> * Session context for security checks.
> */
> �...@resource
> private SessionContext ctx;
>
> �...@ejb
> private DAOFactory daoFactory;
>
> private ApplicationUserDao userDao;
> private ApplicationRoleDao roleDao;
>
> /**
> * Inits the daos.
> */
> �...@postconstruct
> public void initDao() {
> userDao = daoFactory.getApplicationUserDao();
> roleDao = daoFactory.getApplicationRoleDao();
> }
>
> public List<ApplicationUser> getAllUsers() {
> return userDao.findAllOrdered("lastname, firstname");
> }
>
> public ApplicationUser saveUser(ApplicationUser user, boolean
> updateZebra) {
> if (updateZebra) {
> // Update current user from zebra
> LDAPSearcher searcher = new LDAPSearcher();
> searcher.updateUserAD(user);
> }
> return userDao.merge(user);
> }
>
> public boolean deleteUser(String gid) {
> try {
> userDao.remove(gid);
> } catch (EntityNotFoundException e) {
> log.debug(e);
> throw new MyApplicationException("db.alreadydeleted");
> } catch (EntityExistsException e) {
> log.debug(e.getCause());
> if (e.getCause() instanceof ConstraintViolationException) {
> // User still used elsewhere
> throw new MyApplicationException("db.stillused");
> }
> else {
> // Should never happen
> throw (EntityExistsException) e.fillInStackTrace();
> }
> }
> return true;
> }
>
> public ApplicationUser findUserById(String userId) throws
> EntityNotFoundException {
> return userDao.findById(userId);
> }
>
> public ApplicationUser findFullUserById(String userId) throws
> EntityNotFoundException {
> ApplicationUser user = userDao.findById(userId);
> return userDao.fetchFullUser(user);
> }
>
> public List<ApplicationRole> getAllRoles() {
> return roleDao.findAllOrdered("reihe");
> }
>
> public List<ApplicationUser> findDirectoryUsers(ApplicationUser user)
> throws TooManyHitsException {
> LDAPSearcher searcher = new LDAPSearcher();
> return searcher.findByCriteriaAD(user);
> }
>
> public ApplicationUser findDirectoryUser(String userId) {
> LDAPSearcher searcher = new LDAPSearcher();
> ApplicationUser user = new ApplicationUser();
> user.setId(userId);
> searcher.updateUserAD(user);
> return user;
> }
>
> �...@override
> public List<ApplicationUser> findByCriteria(String firstname,
> String lastname, String department, String phone,
> String email, String id) {
> LDAPSearcher searcher = new LDAPSearcher();
> return searcher.findByCriteria(firstname, lastname,
> department, phone, email, id);
> }
>
> �...@override
> public List<ApplicationRole> getRolesNotUser(ApplicationUser user) {
> user = userDao.fetchFullUser(user);
> return roleDao.findNonRolesOfUser(user);
> }
>
> �...@override
> public List<ApplicationRole> getUserRoles(ApplicationUser user) {
> user = userDao.fetchFullUser(user);
> return new ArrayList<ApplicationRole>(user.getRole());
> }
>
> �...@override
> public boolean addRole(ApplicationRole role, ApplicationUser user) {
> user = userDao.fetchFullUser(user);
> return userDao.linkRoleToUser(role, user);
> }
>
> �...@override
> public boolean deleteRole(ApplicationRole role, ApplicationUser user)
> {
> user = userDao.fetchFullUser(user);
> return userDao.unlinkRoleToUser(role, user);
> }
>
> �...@override
> public ApplicationRole findRoleById(String roleId)
> throws EntityNotFoundException {
> return roleDao.findById(roleId);
> }
>
> public void updateUser() throws MyApplicationException {
> // Get user from DB
> LDAPSearcher searcher = new LDAPSearcher();
> ApplicationUser dbUser=null;
> try {
> dbUser = userDao.findById(getUserId(ctx));
> }
> catch(EntityNotFoundException e) {
> throw new MyApplicationException("User not found in database.",
> e);
> }
>
> // Get current user data from zebra
> // searcher.updateUserAD(dbUser);
>
> // Save user
> // userDao.merge(dbUser);
> }
>
> /**
> * Static helper method: Get userId from EJB context.
> *
> * @param ctx SessionContext for no-ad-case
> * @return userId
> */
> public static String getUserId(SessionContext ctx) {
> try {
> Subject subject = (Subject)
> PolicyContext.getContext(UserFacadeBean.SUBJECT_CONTEXT_KEY)
> ;
> Set<ADLoginIdentifier> pc =
> subject.getPublicCredentials(ADLoginIdentifier.class);
> if (pc == null || pc.isEmpty()) {
> /*
> * Should only happen in JUnit case, return user name as GID
> * NOT dangerous because:
> * - Spiider is the only login method on production server
> * - The following update from Zebra will fail and throw an
> Exception
> */
> log.warn("Logging in without ADLoginIdentifier, should only
> happen in JUnit test!");
> return ctx.getCallerPrincipal().getName();
> }
> else {
> return pc.iterator().next().getUserId();
> }
> } catch (PolicyContextException e) {
> throw new MyApplicationException("Jaas subject could not be
> retrieved.", e);
> }
> }
>
> �...@override
> public boolean userHasRole(ApplicationRole role, ApplicationUser
> user) {
> user = userDao.fetchFullUser(user);
> Set<ApplicationRole> roles = user.getRole();
> if (roles.contains(role)) {
> return true;
> }
> else {
> return false;
> }
> }
>
> �...@override
> public ApplicationRole getRolesById(String roleid) {
> ApplicationRole role = roleDao.findById(roleid);
> return role;
> }
>
> }
>
> ...
> 16:01:50,566 INFO [SpiiderLoginModule] Logged into LDAP server,
> javax.naming.ld
> ap.initialldapcont...@6857da
> 16:01:50,581 INFO [SpiiderLoginModule] getRoleSets using rolesQuery: SELECT
> u.u
> serid, r."role" FROM "security".application_user u,
> "security".application_role
> r, "security".user_role ur WHERE u.userid = ? AND u.userid = ur.user_id AND
> ur.r
> ole_id = r."role", gid: 79A44E672EA8C49B
> 16:01:50,769 ERROR [[default]] Servlet.service() for servlet default threw
> excep
> tion
> javax.ejb.EJBAccessException: Caller unauthorized
> ...
>
> /**
> *
> */
> package vwg.audi.cancard.ui.interceptor;
>
> import javax.servlet.http.HttpServletRequest;
>
> import org.apache.log4j.Logger;
> import org.apache.struts2.ServletActionContext;
>
> import vwg.yyy.cancard.business.LoginFacade;
> import vwg.yyy.cancard.ui.JAASConstants;
>
> import com.opensymphony.xwork2.Action;
> import com.opensymphony.xwork2.ActionInvocation;
> import com.opensymphony.xwork2.interceptor.Interceptor;
>
> /**
> * JAASLoginFilter
> *
> * @author Michael Obster
> */
> public class JAASLoginInterceptor implements Interceptor {
>
> private static final long serialVersionUID = -1983088770872827621L;
>
> private Logger log = Logger.getLogger(this.getClass());
>
> String loginDomain = "";
> String clientLoginDomain = "";
>
> LoginFacade loginFacade;
>
> �...@override
> public void init() {
>
> }
>
> �...@override
> public String intercept(ActionInvocation actionInvocation) throws
> Exception {
> loginDomain =
> ServletActionContext.getServletContext().getInitParameter("jaasLoginDomain");
> clientLoginDomain =
> ServletActionContext.getServletContext().getInitParameter("jaasClientLoginDomain");
> if (log.isDebugEnabled()) {
> log.debug("init JAASInterceptor: loginDomain:" +
> loginDomain + " clientLoginDomain:" + clientLoginDomain);
> }
>
> HttpServletRequest request =
> ServletActionContext.getRequest();
> String servletPath = request.getServletPath();
> String pathInfo = request.getPathInfo();
> String path = (servletPath == null ? "" : servletPath)
> + (pathInfo == null ? "" : pathInfo);
> if (log.isDebugEnabled()) {
> log.debug("Login INTERCEPT");
> }
> loginFacade = new LoginFacade(loginDomain,
> clientLoginDomain);
>
>
> if (!JAASConstants.USER_IS_VALID.equals(request
> .getSession().getAttribute(
>
> JAASConstants.USER_VALIDITY))) {
> log.info("requested path: " + path);
> return Action.LOGIN;
> }
>
> //Perform client-login
> String username =
> (String)request.getSession().getAttribute(JAASConstants.USERNAME);
> String strPassword =
> (String)request.getSession().getAttribute(JAASConstants.PASSWORD);
>
> // Classic login by username and password
> loginFacade.clientLogin(username, strPassword);
> if (log.isDebugEnabled()) {
> log.debug("*****CLIENTLOGIN COMPLETE****");
> }
>
> return actionInvocation.invoke();
> }
>
> �...@override
> public void destroy() {
> loginFacade.logout();
> }
>
>
>
> }
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
> For additional commands, e-mail: user-h...@struts.apache.org
>
--
Wes Wannemacher
Head Engineer, WanTii, Inc.
Need Training? Struts, Spring, Maven, Tomcat...
Ask me for a quote!
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@struts.apache.org
For additional commands, e-mail: user-h...@struts.apache.org
