Dominik,
It may help to check out the policy in effect for your app.
you can find the policy file under
domains/domainx/generated/policy/<appname>/<module-name>/{granted.policy,excluded.poliy}
positive grants are in granted.policy, negative grants are in
excluded.policy (if any).
look in granted.policy for an "unqualified grant of an
EJBMethodPermission, with name = the EJbName of your session bean; which
I think may be JpaPersonDao. and with a method spec that applies to the
save method.
You can see more details of the definition of EJBMethodPermission at:
http://java.sun.com/javaee/6/docs/api/javax/security/jacc/EJBMethodPermission.html
also if you set the logging level of the SECURITY Logger to FINE, the
Glassfish Policy subsystem will
log a detailed msg describing the nature of the failed permission check.
if (logger.isLoggable(Level.FINE)) {
Exception ex = new Exception();
ex.fillInStackTrace();
logger.log(Level.FINE, "JACC Policy Provider, failed
Permission Check at :", ex);
}
AccessController.doPrivileged(new PrivilegedAction() {
public Object run() {
logger.info("JACC Policy Provider: Failed
Permission Check, context(" + contextId2 + ")- permission(" +
permission2 + ")");
if (logger.isLoggable(Level.FINE)) {
logger.fine("Domain that failed(" + domain2
+ ")");
}
return null;
}
});
It may be that the @PermitAll annotation is not being used or
interpreted properly.
Ron
On 12/18/09 14:42, Dominik Dorn wrote:
> Hi!
>
> I'm giving up... I'm trying now for days to simply persist an entity
> (retrieving works perfectly!)
> but always get a javax.ejb.AccessLocalException exception:
>
> [#|2009-12-18T20:03:38.788+0100|INFO|glassfishv3.0|javax.enterprise.system.core.security.com.sun.enterprise.security|_ThreadID=25;_ThreadName=http-thread-pool-8080-(2);|Audit:
> [EJB] Authorization for user =ANONYMOUS for ejb = (JpaPersonDao)
> method = (public abstract void
> com.jsug.vereinsverwaltung.core.dao.PersonDao.save(com.jsug.vereinsverwaltung.core.domain.Person))
> returned =false|#]
>
> [#|2009-12-18T20:03:38.788+0100|WARNING|glassfishv3.0|javax.enterprise.system.container.ejb.com.sun.ejb.containers|_ThreadID=25;_ThreadName=http-thread-pool-8080-(2);|A
> system exception occurred during an invocation on EJB JpaPersonDao
> method public void
> com.jsug.vereinsverwaltung.core.dao.JpaPersonDao.save(com.jsug.vereinsverwaltung.core.domain.Person)
> javax.ejb.AccessLocalException: Client not authorized for this invocation.
> at
> com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1801)
> at
> com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:188)
> at
> com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:84)
> at $Proxy422.save(Unknown Source)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.jboss.weld.util.Reflections.invokeAndWrap(Reflections.java:517)
> at
> org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:123)
> at
> com.jsug.vereinsverwaltung.core.dao.PersonDao_$$_javassist_664.save(PersonDao_$$_javassist_664.java)
> at
> com.jsug.vereinsverwaltung.core.services.MemberListService.persist(MemberListService.java:27)
> at
> com.jsug.vereinsverwaltung.core.beans.AddMemberBean.save(AddMemberBean.java:36)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.sun.el.parser.AstValue.invoke(AstValue.java:234)
> at
> com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
> at
> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
> at
> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:72)
> at
> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:98)
> at
> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
> at
> com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
> at javax.faces.component.UICommand.broadcast(UICommand.java:315)
> at
> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:775)
> at
> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1267)
> at
> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
> at
> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
> at
> org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at
> org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:74)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> at
> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> at
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
> at
> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
> at
> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
> at
> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
> at
> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> at
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> at
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
> at java.lang.Thread.run(Thread.java:619)
> |#]
>
> [#|2009-12-18T20:03:38.791+0100|SEVERE|glassfishv3.0|javax.enterprise.resource.webcontainer.jsf.application|_ThreadID=25;_ThreadName=http-thread-pool-8080-(2);|java.lang.RuntimeException:
> Error invoking method save on interface
> com.jsug.vereinsverwaltung.core.dao.PersonDao
> javax.faces.el.EvaluationException: java.lang.RuntimeException: Error
> invoking method save on interface
> com.jsug.vereinsverwaltung.core.dao.PersonDao
> at
> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:102)
> at
> com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
> at javax.faces.component.UICommand.broadcast(UICommand.java:315)
> at
> javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:775)
> at
> javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1267)
> at
> com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
> at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:101)
> at
> com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
> at javax.faces.webapp.FacesServlet.service(FacesServlet.java:312)
> at
> org.apache.catalina.core.StandardWrapper.service(StandardWrapper.java:1523)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:343)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at
> org.primefaces.webapp.filter.FileUploadFilter.doFilter(FileUploadFilter.java:79)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at com.ocpsoft.pretty.PrettyFilter.doFilter(PrettyFilter.java:74)
> at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:256)
> at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:215)
> at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:277)
> at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:188)
> at
> org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:641)
> at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:97)
> at
> com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:85)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:185)
> at
> org.apache.catalina.connector.CoyoteAdapter.doService(CoyoteAdapter.java:332)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:233)
> at
> com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:165)
> at
> com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:791)
> at
> com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:693)
> at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:954)
> at
> com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:170)
> at
> com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:135)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:102)
> at
> com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:88)
> at
> com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:76)
> at
> com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:53)
> at
> com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:57)
> at com.sun.grizzly.ContextTask.run(ContextTask.java:69)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:330)
> at
> com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:309)
> at java.lang.Thread.run(Thread.java:619)
> Caused by: java.lang.RuntimeException: Error invoking method save on
> interface com.jsug.vereinsverwaltung.core.dao.PersonDao
> at org.jboss.weld.util.Reflections.invokeAndWrap(Reflections.java:529)
> at
> org.jboss.weld.bean.proxy.EnterpriseBeanProxyMethodHandler.invoke(EnterpriseBeanProxyMethodHandler.java:123)
> at
> com.jsug.vereinsverwaltung.core.dao.PersonDao_$$_javassist_664.save(PersonDao_$$_javassist_664.java)
> at
> com.jsug.vereinsverwaltung.core.services.MemberListService.persist(MemberListService.java:27)
> at
> com.jsug.vereinsverwaltung.core.beans.AddMemberBean.save(AddMemberBean.java:36)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at com.sun.el.parser.AstValue.invoke(AstValue.java:234)
> at
> com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:297)
> at
> org.jboss.weld.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:43)
> at
> org.jboss.weld.el.WeldMethodExpression.invoke(WeldMethodExpression.java:72)
> at
> com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:98)
> at
> javax.faces.component.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:88)
> ... 40 more
> Caused by: java.lang.reflect.InvocationTargetException
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.jboss.weld.util.Reflections.invokeAndWrap(Reflections.java:517)
> ... 54 more
> Caused by: javax.ejb.EJBAccessException
> at
> com.sun.ejb.containers.BaseContainer.mapLocal3xException(BaseContainer.java:2213)
> at
> com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2004)
> at
> com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1906)
> at
> com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:198)
> at
> com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:84)
> at $Proxy422.save(Unknown Source)
> ... 59 more
> Caused by: javax.ejb.AccessLocalException: Client not authorized for
> this invocation.
> at
> com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1801)
> at
> com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:188)
> ... 61 more
> |#]
>
>
> The Interface looks like this:
> public interface PersonDao
> {
> public void save(Person object);
> public Person edit(Person object);
> public void remove(Person object);
> public Person find(Object id);
> public List<Person> findAll();
> public List<Person> findRange(int start, int limit);
> }
>
> implemenation:
> package com.jsug.vereinsverwaltung.core.dao;
>
> import com.jsug.vereinsverwaltung.core.domain.Person;
>
>
> import javax.annotation.security.PermitAll;
> import javax.ejb.Stateless;
> import javax.enterprise.inject.Default;
> import javax.faces.bean.ManagedBean;
> import javax.inject.Named;
>
>
> @Stateless
> @Named
> @ManagedBean
> @Default
> @PermitAll
> public class JpaPersonDao extends AbstractJPADAO<Person> implements
> PersonDao {
> // can be left empty
>
>
> public JpaPersonDao() {
> super();
> System.out.println("createing jpaPersonDao");
> }
>
> @Override
> @PermitAll
> public void save(Person object) {
> persist(object);
> }
> }
>
>
> public abstract class AbstractJPADAO<T> implements AbstractDAO<T> {
>
> private Class<T> persistentClass;
>
>
> @PersistenceContext (unitName = "jsugPU")
> protected EntityManager em;
>
> protected EntityManager getEm() {
> return em;
> }
>
> protected void setEm(EntityManager em) {
> this.em = em;
> }
>
> protected Class<T> getPersistentClass() {
> return persistentClass;
> }
>
> public AbstractJPADAO() {
> this.persistentClass = (Class<T>) ((ParameterizedType) getClass()
>
> .getGenericSuperclass()).getActualTypeArguments()[0];
> }
>
> @Override
> public void persist(T object)
> {
> System.out.println("called persist on object");
> System.out.println("object = " + object);
> em.persist(object);
> }
>
> ...
> }
>
>
> What am I doing wrong?
>
> Shouldn't @PermitAll solve the problem? Why is persisting disallowed?
>
> Thanks,
> Dominik
>