|
Home > Archive > WebSphere Application Server > January 2004 > Initiating an EJB call from valueUnbound() method
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Initiating an EJB call from valueUnbound() method
|
|
| atp1mas 2004-01-19, 2:54 pm |
| Backround Information:Our application architecture involves the use of Stru=
ts action classes that communicate with stateless session beans that in tur=
n make use of either entity beans or JDBC (designed to be configurable) dir=
ectly to access and/or update the database.We designed our app such that th=
e session bean extends our simple Java PublishedService class, where the bu=
siness logic is held. So, when I refer to a =93service=94, I mean an ejb me=
thod call.The security role of ALLAUTHENTICATED is defined in the Assembly =
Descriptor of the ejb jar, and is defined as the method permission for the =
jar.When we initiate a service call from an action class to place a =93lock=
=94 (this is NOT a traditional database lock, just a programmatically set f=
lag on a row on the database) on an object, the object is only available fo=
r update by the person who placed the lock until such time as it is =93unlo=
cked=94. When an object is successfully =93locked=94 an object is added to =
the session(userSession.setAttribute("MILEAGECARRIER", carrierLock). It is =
later removed upon an explicit =93unlock=94 service call from an action cla=
ss. The unlock action can also be initiated as a result of a session timeou=
t, which is where we have a problem.Problem Description:We added code to th=
e carrierLock object=92s valueUnbound() method to initiate a call to our un=
lock() service as described above. Upon timeout, it appears from the stack =
trace shown below, that at the point in time when the service is invoked fr=
om the value unbound method, the following call:sessionContext.getCallerPri=
ncipal().getName().toUpperCase();does NOT return the user as we expect. Is =
there a way around this?Stack Trace:363014 [Thread-5] DEBUG net.atpco.milea=
ge.webgateway.CarrierLock - [ENTER] valueUnbound().363014 [Thread-5] INFO n=
et.atpco.mileage.webgateway.CarrierLock - [EXIT] valueUnbound().363014 [Thr=
ead-5] DEBUG net.atpco.mileage.webgateway.CarrierLock - CarrierLock Object =
[P / TW], Lock Time [2003-12-04 08:08:15.208487] is being removed from sess=
ion:-HudOdxhrcqzx7ODFGOoL0_ At time :2003.12.04 AD at 08:11:40 AM EST363014=
[Thread-5] DEBUG net.atpco.mileage.webgateway.GenericLock - ENTER getLocal=
BusinessServices()[12/4/03 8:11:41:169 EST] 3ec86e7 SecurityColla A SECJ005=
3E: Authorization failed for /UNAUTHENTICATED while invoking (Home)ejb/net/=
atpco/ejb/mileage/services/MileageServicesLocalHome create:4 securityName: =
/UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the requir=
ed roles: ALLAUTHENTICATED [12/4/03 8:11:41:310 EST] 3ec86e7 ExceptionUtil =
E CNTR0019E: Non-application exception occurred while processing method "cr=
eate". Exception data: com.ibm.websphere.csi.CSIException: SECJ0053E: Autho=
rization failed for /UNAUTHENTICATED while invoking (Home)ejb/net/atpco/ejb=
/mileage/services/MileageServicesLocalHome create:4 securityName: /UNAUTHEN=
TICATED;accessID: UNAUTHENTICATED is not granted any of the required roles:=
ALLAUTHENTICATED
| |
| Ken Hygh 2004-01-19, 2:54 pm |
| atp1mas wrote:quote:
> Backround Information:Our application architecture involves the use of Struts action classes that communicate with stateless session beans that in turn make use of either entity beans or JDBC (designed to be configurable) directly to access and/or updat
e the database.We designed our app such that the session bean extends our simple Java PublishedService class, where the business logic is held. So, when I refer to a “service”, I mean an ejb method call.The security role of ALLAUTHENTICATED is defined in
the Assembly Descriptor of the ejb jar, and is defined as the method permission for the jar.When we initiate a service call from an action class to place a “lock” (this is NOT a traditional database lock, just a programmatically set flag on a row on the d
atabase) on an object, the object is only available for update by the person who placed the lock until such time as it is “unlocked”. When an object is successfully “locked” an object is added to the session(userSession.setAt
tribute("MILEAGECARRIER", carrierLock). It is later removed upon an explicit “unlock” service call from an action class. The unlock action can also be initiated as a result of a session timeout, which is where we have a problem.Problem Description:We adde
d code to the carrierLock object’s valueUnbound() method to initiate a call to our unlock() service as described above. Upon timeout, it appears from the stack trace shown below, that at the point in time when the service is invoked from the value unbound
method, the following call:sessionContext.getCallerPrincipal().getName().toUpperCase();does NOT return the user as we expect. Is there a way around this?Stack Trace:363014 [Thread-5] DEBUG net.atpco.mileage.webgateway.CarrierLock - [ENTER] valueUnbound()
.363014 [Thread-5] INFO net.atpco.mileage.webgateway.CarrierLock - [EXIT] valueUnbound().363014 [Thread-5] DEBUG net.atpco.mileage.webgateway.CarrierLock - CarrierLock Object [P / TW], Lock Time [2003-12-04 08:08:15.208487] i
s being removed from session:-HudOdxhrcqzx7ODFGOoL0_ At time :2003.12.04 AD at 08:11:40 AM EST363014 [Thread-5] DEBUG net.atpco.mileage.webgateway.GenericLock - ENTER getLocalBusinessServices()[12/4/03 8:11:41:169 EST] 3ec86e7 SecurityColla A SECJ0053E: A
uthorization failed for /UNAUTHENTICATED while invoking (Home)ejb/net/atpco/ejb/mileage/services/MileageServicesLocalHome create:4 securityName: /UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the required roles: ALLAUTHENTICATED [12/4/03
8:11:41:310 EST] 3ec86e7 ExceptionUtil E CNTR0019E: Non-application exception occurred while processing method "create". Exception data: com.ibm.websphere.csi.CSIException: SECJ0053E: Authorization failed for /UNAUTHENTICATED while invoking (Home)ejb/net
/atpco/ejb/mileage/services/MileageServicesLocalHome create:4 securityName: /UNAUTHENTICATED;accessID: UNAUTHENTICATED is not granted any of the required roles: ALLAUTHENTICATED
I _think_ the problem is that there's no security context, and no user
principal, on the thread doing the session expirations. There's no
security context associated with the Session either.
Unless someone else here has a solution, you may need to relax the
security for the unlock method,
Ken
|
|
|
|
|