Hi Mark,
Two guesses:
1) because JAX-RS 1.0 and Jersey does not support EE properly (and
you have written your own injectable provider for
@EJB)) there is some thing that is not connected/configured
properly; or
2) there needs to be something set up correctly in the web.xml to
declare roles and then app-sever specific credentials
you will use. See the <run-as> and <security-role> parts of the
web.xml
Can you reproduce the same behavior using just a servlet in EE ?
Note that i do not know much about this area.
Paul.
On Jan 28, 2009, at 5:18 PM, Rabick, Mark (MS) wrote:
> The Resource method that uses the injected remote interface
> "NodeRemote"
> is:
>
> @EJB private NodeRemote nodeRemote;
>
> @GET @Path("/nodeRemote")
> @Produces("text/plain")
> public String doNodeRemote() {
>
> String msg = null;
> int count = 0;
> try {
> mil.cnodb.persistence.Node exampleNode = new
> mil.cnodb.persistence.Node();
> exampleNode.setNodeTypeGeneral("DEVICE");
> count = nodeRemote.countByExample(exampleNode);
> msg = String.format("Nodes with Device: %d",
> count);
> }
> catch (CdalAccessException cae) {
> msg = new String("Access Exception: " +
> cae.getMessage());
> }
> catch (Exception e) {
> msg = new String("Exception: " +
> e.getMessage());
> }
> return msg;
> }
>
> The bean that implements NodeRemote has an interceptor that pulls the
> security principal string from the javax.ejb.SecurityContext and does
> some functional level permission checking based on the specific method
> that is called. It appears that even though I specify a particular
> principal/credential (weblogic/weblogic) in the creation of the
> initialContext, the
> javax.ejb.SecurityContext.getCallerPrincipal().toString() returns the
> javax.ws.rs.core.SecurityContext.getUserPrincipal() value which I
> guess
> is due to the deferrence to HttpServletRequest.getUserPrincipal.
>
> I haven't gotten to certificate or credential-based JAX-RS services
> yet
> to my resources are open to anonymous. I'd like to be able to specify
> either a cert or principal/credential to be passed in the HTTP message
> to my resource and pass that information to the context of an EJB
> connection.
> --mark
>
> -----Original Message-----
> From: Paul.Sandoz_at_Sun.Com [mailto:Paul.Sandoz_at_Sun.Com]
> Sent: Wednesday, January 28, 2009 10:04 AM
> Subject: RE: Comment: @EJB injection
>
> Paul Sandoz wrote:
>
> Hi Mark,
>
> When using Servlet, Jersey implements the
> SecurityContext.getUserPrincipal by deferring to
> HttpServletRequest.getUserPrincipal.
>
> However, Jersey does nothing with the java.security.Principal. Just as
> if you wrote a simple servlet to do the same thing with
> InitialContext.
>
> Perhaps there is some configuration missing in the web.xml?
>
> Have you tried a very simple application using a basic servlet to
> see if
> you can reproduce it?
>
> Paul.
> P.S. it might be easier to discuss further on users_at_jersey.dev.java.net
> .
>
> ----
> Respond to this comment at:
> http://blogs.sun.com/sandoz/entry/ejb_injection#comments
>
> mark rabick wrote:
>
> I've implemented domenico's modified code and I'm having trouble
> getting
> the appropriate principal for an explicit connection to an EJB. I
> modified the code slightly:
>
> Properties props = new Properties();
> props.put(Context.SECURITY_PRINCIPAL,
> "weblogic");
> props.put(Context.SECURITY_CREDENTIALS,
> "weblogic");
>
> Context ic = new InitialContext(props);
> for (Object o : ic.getEnvironment().keySet()) {
> String s = String.format("ENV
> key=%s val=%s", o.toString(), ic.getEnvironment().get(o));
> System.out.println(s);
> }
>
> String simpleName = c.getSimpleName();
> System.out.println("Looking up: " +
> simpleName);
> final Object o = ic.lookup(simpleName);
>
> The System.out.println of the context's env is:
>
> ENV key=java.naming.factory.initial
> val=weblogic.jndi.WLInitialContextFactory
> ENV key=java.naming.factory.url.pkgs
> val
> =weblogic.jndi.factories:weblogic.corba.j2ee.naming.url:weblogic.jndi
> .factories:weblogic.corba.j2ee.naming.url
> ENV key=java.naming.security.principal val=weblogic ENV
> key=java.naming.security.credentials val=weblogic
>
> but when I execute a remote method that checks the principal for
> appropriate permissions, it indicates that the principal is
> "<anonymous>" even though the context indicates
> otherwise. Does Jersey currently use the
> javax.ws.rs.core.SecurityContext java.security.Principal returned from
> the getUserPrincipal method?
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe_at_jersey.dev.java.net
> For additional commands, e-mail: users-help_at_jersey.dev.java.net
>