users@glassfish.java.net

_at_Timeout and _at_RunAs Problem in session ejb

From: <glassfish_at_javadesktop.org>
Date: Sun, 20 Apr 2008 05:12:42 PDT

Hi,

I have a problem with @runas anntoation in a timerService ejb.
I implement a stateless session ejb with a @timeout Method. I can invoke the timer.
But in the @TimeOut Method I want to access other ejbs in same ejb.jar. These ejbs are secured with @RolesAllowed Annotation.
When I try to access this ejbs inside the @timeOut Method the following error occurred:

[#|2008-04-20T11:34:01.507+0200|INFO|sun-appserver9.1|javax.enterprise.system.core.security|_ThreadID=31;_ThreadName=p: thread-pool-1; w: 16;|JACC Policy Provider: PolicyWrapper.implies, context(org.imixs.workflow.jee.testclient.ear/org.imixs.workflow.jee.testclient.ejb_jar)- permission((javax.security.jacc.EJBMethodPermission ModelManagerImplementation getProcessEntityList,Remote,)) domain that failed(ProtectionDomain (file:/org.imixs.workflow.jee.testclient.ear/org.imixs.workflow.jee.testclient.ejb_jar <no signer certificates>)
 null
 (principals com.sun.enterprise.deployment.PrincipalImpl "manager1")

 java.security.Permissions_at_800457 (
 (javax.security.auth.PrivateCredentialPermission javax.resource.spi.security.PasswordCredential * "*" read)
 (unresolved com.sun.corba.ee.impl.presentation.rmi.DynamicAccessPermission access null)
 (unresolved com.sun.enterprise.security.CORBAObjectPermission * *)
 (unresolved javax.security.jacc.EJBMethodPermission ScheduledWorkflowServiceImplementation cancelScheduleWorkflow,Remote,java.lang.String)
 (unresolved javax.security.jacc.EJBMethodPermission ScheduledWorkflowServiceImplementation findTimerDesciption,Remote,java.lang.String)
 (unresolved javax.security.jacc.EJBMethodPermission ScheduledWorkflowServiceImplementation scheduleWorkflow,Remote,org.imixs.workflow.ItemCollection)
 (java.net.SocketPermission localhost:1024- listen,resolve)
...
....
......
[#|2008-04-20T11:34:01.509+0200|INFO|sun-appserver9.1|javax.enterprise.system.container.ejb|_ThreadID=31;_ThreadName=p: thread-pool-1; w: 16;|
javax.ejb.AccessLocalException: Client not authorized for this invocation.

I tried to follow the introductions with @runAs Annotation from here:

http://forums.java.net/jive/thread.jspa?messageID=235977&#235977
http://java.sun.com/developer/technicalArticles/J2EE/security_annotation/#ref5

So I added the following annotation to my timerService EJB:

@RunAs("MANAGERACCESS")

Also I added this construct into the sun-ejb-jar.xml File:

...
                <ejb>
                        <ejb-name>ScheduledWorkflowServiceImplementation</ejb-name>
                        <principal>
                                <name>manager1</name>
                        </principal>
                </ejb>


Also manager1 has access to the ejbs I try to invoke during the @TimeOut Method.

Thanks for any help in this issue

Ralph
[Message sent by forum member 'rsoika' (rsoika)]

http://forums.java.net/jive/thread.jspa?messageID=270253