struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Obster <mich...@obster.org>
Subject [Struts2] Problem using Struts2 with EJB3 over ServiceLocator (Jboss say Caller unauthorized)
Date Fri, 02 Oct 2009 08:09:55 GMT
Hi everybody,

After I have written some mails to JBoss security forum, I found out 
that the Servlet has a problem. As I can see that has to do with the 
usage of Struts 2 because another application with Struts 1 works.

The problem I don't know where I can continue to resolve the problem an 
wanted to ask if someone can help?

-----------------------------------
Mail 1:

I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve 
about 2 days (my employer is not very amused of that...). I use a own 
JASSLoginModule to authenticate a user on a LDAP directory. The roleSet 
is fetched from a database. This part works as I can see and give me the 
result - "AdminUser".

But now when I call a EJB stateless session bean, I always get the 
Caller unauthorized error (Stacktrace is at bottom of the message).

Can anybody give me a hint whats wrong.

The Constants in the @RolesAllowed has "AdminUser" in the list. The 
class is also attached at the end of the message.

<<error-statcktrace.txt>>

<<UserFacadeBean.java>>

------------------------------------
Reply 1: From Wolfgang Knauf

Hi Michael,

you probably checked the JBoss log of the security layer (see question 4 
in FAQ)? Do you see output that JBoss could map a user to the required 
roles?

Please post the relevant snippets of your login module.

Best regards

Wolfgang

-------------------------------------
Mail 2:

Some new output was generated after enabling debugging. But the only 
thing I can see, that the error is not in the login module but somewhere 
in the servlet container.

Is there something special that I have to pay attention when I'm using 
Struts2 as framework?

<<error-stacktrace-with-security-debugging.txt>>

--------------------------------------
Mail 3:

My web.xml:
<<web.xml>>

And the struts2 interceptor I use on sites you have to be logged in:
JaasLoginInterceptor:
<<JAASLoginInterceptor.java>>

---------------------------------------

Hope anyone has a hint what I'm doing wrong.

Kind regards,
Michael Obster


Mime
View raw message