users@glassfish.java.net

EJBMethodPermission with custom JACC implementation

From: <glassfish_at_javadesktop.org>
Date: Thu, 22 May 2008 09:22:03 PDT

We deployed an application that uses EJB's and now at startup, I get a javax.ejb.AccessLocalException. ala:

javax.ejb.AccessLocalException: Client not authorized for this invocation.
        at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1218)
        at com.sun.ejb.containers.EJBLocalHomeInvocationHandler.invoke(EJBLocalHomeInvocationHandler.java:216)
        at $Proxy20.checkStatus(Unknown Source)
        at com.sun.ejb.containers.TimerBeanContainer.doAfterApplicationDeploy(TimerBeanContainer.java:140)
        at com.sun.enterprise.server.AbstractLoader.loadEjbs(AbstractLoader.java:617)
        at com.sun.enterprise.server.ApplicationLoader.doLoad(ApplicationLoader.java:188)
        at com.sun.enterprise.server.TomcatApplicationLoader.doLoad(TomcatApplicationLoader.java:126)
        at com.sun.enterprise.server.AbstractLoader.load(AbstractLoader.java:244)
        at com.sun.enterprise.server.AbstractManager.loadOneSystemApp(AbstractManager.java:393)
        at com.sun.enterprise.server.ondemand.SystemAppLoader.loadSystemApps(SystemAppLoader.java:124)
        at com.sun.enterprise.server.ondemand.EjbServiceGroup.loadSystemApps(EjbServiceGroup.java:183)
        at com.sun.enterprise.server.ondemand.EjbServiceGroup.start(EjbServiceGroup.java:141)
        at com.sun.enterprise.server.ondemand.ServiceGroup$1.run(ServiceGroup.java:193)
        at java.security.AccessController.doPrivileged(Native Method)

According to my logging, neither the super.implies, originalPolicy.implies nor the PolicyConfiguration for the context allow access.

What's really weird is that it works fine with the default JACC implementation.

From my Policy.implies method, the permission, protectionDomain and context Id are:

  permission.getClass() = javax.security.jacc.EJBMethodPermission
  permission.getName() = TimerBean
  permission.getActions() = checkStatus,LocalHome,java.lang.String,boolean
  protectionDomain.getCodeSource().getLocation() = file:/__ejb_container_timer_app/ejb_jar
  PolicyContext.getContextID() = __ejb_container_timer_app/ejb_jar

The PolicyConfiguration returned has no roles or permissions defined for the context.

Any idea what the deal is?
[Message sent by forum member 'brian_of_fortent' (brian_of_fortent)]

http://forums.java.net/jive/thread.jspa?messageID=276047
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.