users@glassfish.java.net

Glassfish denies access to JSF page with HTTP 403

From: <forums_at_java.net>
Date: Wed, 5 Sep 2012 14:22:23 -0500 (CDT)

I have a managed bean tied to my index.xhtml JSF page which uses an injected
EJB like this: // Code inside managed bean @EJB QueryEndpointLocal
queryEndpoint; public void search() { //... SearchResult result =
queryEndpoint.search(query, resultFormat); //... } QueryEndpoint in turn
takes advantage of another EJB named QueryEngine: // Code inside
QueryEndpoint @EJB QueryEngine queryEngine; Currently, I have another EJB
very similar to QueryEngine named QueryEngineLite. Their difference is that
QueryEngineLite uses a local dump file which is bundled to the enterprise
application as a resource while QueryEngine connects to an HBASE database.
They are both loaded at startup and have a @PostConstruct-annotated method
which initializes the connection. Only one of them are used by QueryEndpoint
in a deployed application, and the other one just sits around with Startup
and PostConstruct annotations commented-out. I know there are far better ways
to handle this and my current solutions is a bad one, but that will change in
future phases of the project. We have a plan to take advantage of
AppServer-managed connection pools to communicate with HBASE, but for now the
connection is handled by a library which uses HBASE's java API. Now, I don't
have any problem when I use the Lite EJB. Interfaces work, web services work
and everything's fine. Just when I use the HBASE-tied EJB (QueryEngine),
Glassfish responds with HTTP 403 error to requests for index.xhtml and the
following lines get inserted in server.log: INFO: JACC Policy Provider:Failed
Permission Check: context (" App/App-war_war ") , permission ("
("javax.security.jacc.WebUserDataPermission" "" "GET") ") INFO: JACC Policy
Provider:Failed Permission Check: context (" App/App-war_war ") , permission
(" ("javax.security.jacc.WebUserDataPermission" "" "GET:CONFIDENTIAL") ")
INFO: JACC Policy Provider:Failed Permission Check: context ("
App/App-war_war ") , permission ("
("javax.security.jacc.WebUserDataPermission" "/favicon.ico" "GET") ") INFO:
JACC Policy Provider:Failed Permission Check: context (" App/App-war_war ") ,
permission (" ("javax.security.jacc.WebUserDataPermission" "/favicon.ico"
"GET:CONFIDENTIAL") ") I have no idea why this happens and how it can be
fixed. I should note that it's only the JSF page that does not work when the
first engine EJB is used. Other parts of the application such as web services
work perfectly with both engines. Thanks in advance for your help.

--
[Message sent by forum member 'arash1988']
View Post: http://forums.java.net/node/889888