struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Wes Wannemacher <w...@wantii.com>
Subject Re: [Struts2] Problem using Struts2 with EJB3 over ServiceLocator (Jboss say Caller unauthorized)
Date Fri, 02 Oct 2009 14:03:53 GMT
How are you getting a copy of your EJB in your action?

vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
agement.java:41)

That line in the stacktrace indicates that you are in the action when
you get the error, but the stacktrace dives down into a proxied object
after that. You do realize that you can't use the standard @Remote /
@Local on struts 2 action properties? Struts 2 creates it's own
objects so any JEE annotations are probably not going to work.

-Wes

On Fri, Oct 2, 2009 at 4:09 AM, Michael Obster <michael@obster.org> wrote:
> Hi everybody,
>
> After I have written some mails to JBoss security forum, I found out that
> the Servlet has a problem. As I can see that has to do with the usage of
> Struts 2 because another application with Struts 1 works.
>
> The problem I don't know where I can continue to resolve the problem an
> wanted to ask if someone can help?
>
> -----------------------------------
> Mail 1:
>
> I have a big problem using JAAS in JBoss 5.1.0GA, which I try to solve about
> 2 days (my employer is not very amused of that...). I use a own
> JASSLoginModule to authenticate a user on a LDAP directory. The roleSet is
> fetched from a database. This part works as I can see and give me the result
> - "AdminUser".
>
> But now when I call a EJB stateless session bean, I always get the Caller
> unauthorized error (Stacktrace is at bottom of the message).
>
> Can anybody give me a hint whats wrong.
>
> The Constants in the @RolesAllowed has "AdminUser" in the list. The class is
> also attached at the end of the message.
>
> <<error-statcktrace.txt>>
>
> <<UserFacadeBean.java>>
>
> ------------------------------------
> Reply 1: From Wolfgang Knauf
>
> Hi Michael,
>
> you probably checked the JBoss log of the security layer (see question 4 in
> FAQ)? Do you see output that JBoss could map a user to the required roles?
>
> Please post the relevant snippets of your login module.
>
> Best regards
>
> Wolfgang
>
> -------------------------------------
> Mail 2:
>
> Some new output was generated after enabling debugging. But the only thing I
> can see, that the error is not in the login module but somewhere in the
> servlet container.
>
> Is there something special that I have to pay attention when I'm using
> Struts2 as framework?
>
> <<error-stacktrace-with-security-debugging.txt>>
>
> --------------------------------------
> Mail 3:
>
> My web.xml:
> <<web.xml>>
>
> And the struts2 interceptor I use on sites you have to be logged in:
> JaasLoginInterceptor:
> <<JAASLoginInterceptor.java>>
>
> ---------------------------------------
>
> Hope anyone has a hint what I'm doing wrong.
>
> Kind regards,
> Michael Obster
>
>
> javax.ejb.EJBAccessException: Caller unauthorized
>        at
> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
> leBasedAuthorizationInterceptorv2.java:199)
>        at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
>        at
> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
> thenticationInterceptorv2.java:186)
>        at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
>        at
> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
> ptor.java:41)
>        at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
>        at
> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
> rShutdownInterceptor.java:67)
>        at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
>        at
> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
> ke(CurrentInvocationInterceptor.java:67)
>        at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
> java:102)
>        at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
> er.java:176)
>        at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContain
> er.java:216)
>        at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
> erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
>        at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
> erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
>        at $Proxy1287.getAllUsers(Unknown Source)
>        at
> vwg.yyy.cancard.ui.action.Usermanagement.Usermanagement.list(Userman
> agement.java:41)
>        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>        at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
> java:39)
>        at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
> sorImpl.java:25)
>        at java.lang.reflect.Method.invoke(Method.java:597)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invokeAction(DefaultA
> ctionInvocation.java:404)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invokeActionOnly(Defa
> ultActionInvocation.java:267)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:229)
>        at
> com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
> rcept(DefaultWorkflowInterceptor.java:221)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
> alidationInterceptor.java:150)
>        at
> org.apache.struts2.interceptor.validation.AnnotationValidationInterce
> ptor.doIntercept(AnnotationValidationInterceptor.java:48)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
> ept(ConversionErrorInterceptor.java:123)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
> cept(StaticParametersInterceptor.java:105)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
> Interceptor.java:83)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
> loadInterceptor.java:207)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
> ModelDrivenInterceptor.java:74)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ScopedModelDrivenInterceptor.inte
> rcept(ScopedModelDrivenInterceptor.java:127)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.ProfilingActivationInterceptor.interce
> pt(ProfilingActivationInterceptor.java:107)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.debugging.DebuggingInterceptor.interce
> pt(DebuggingInterceptor.java:206)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
> iningInterceptor.java:115)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
> erceptor.java:143)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
> epareInterceptor.java:121)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
> vletConfigInterceptor.java:170)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
> nterceptor.java:123)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
> cept(ExceptionMappingInterceptor.java:176)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.conti
> nueAction(RolecheckUsermanagerInterceptor.java:86)
>        at
> vwg.yyy.cancard.ui.interceptor.RolecheckUsermanagerInterceptor.inter
> cept(RolecheckUsermanagerInterceptor.java:71)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> vwg.yyy.cancard.ui.interceptor.JAASLoginInterceptor.intercept(JAASLo
> ginInterceptor.java:78)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.DefaultWorkflowInterceptor.doInte
> rcept(DefaultWorkflowInterceptor.java:221)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.validator.ValidationInterceptor.doIntercept(V
> alidationInterceptor.java:150)
>        at
> org.apache.struts2.interceptor.validation.AnnotationValidationInterce
> ptor.doIntercept(AnnotationValidationInterceptor.java:48)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ConversionErrorInterceptor.interc
> ept(ConversionErrorInterceptor.java:123)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.StaticParametersInterceptor.inter
> cept(StaticParametersInterceptor.java:105)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.CheckboxInterceptor.intercept(Checkbox
> Interceptor.java:83)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.FileUploadInterceptor.intercept(FileUp
> loadInterceptor.java:207)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ModelDrivenInterceptor.intercept(
> ModelDrivenInterceptor.java:74)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ChainingInterceptor.intercept(Cha
> iningInterceptor.java:115)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.I18nInterceptor.intercept(I18nInt
> erceptor.java:143)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.PrepareInterceptor.doIntercept(Pr
> epareInterceptor.java:121)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.interceptor.ServletConfigInterceptor.intercept(Ser
> vletConfigInterceptor.java:170)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ParametersInterceptor.doIntercept
> (ParametersInterceptor.java:167)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.AliasInterceptor.intercept(AliasI
> nterceptor.java:123)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> com.opensymphony.xwork2.interceptor.ExceptionMappingInterceptor.inter
> cept(ExceptionMappingInterceptor.java:176)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> vwg.yyy.cancard.ui.interceptor.RedirectMessageInterceptor.doIntercep
> t(RedirectMessageInterceptor.java:51)
>        at
> com.opensymphony.xwork2.interceptor.MethodFilterInterceptor.intercept
> (MethodFilterInterceptor.java:86)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:224)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation$2.doProfiling(Default
> ActionInvocation.java:223)
>        at
> com.opensymphony.xwork2.util.profiling.UtilTimerStack.profile(UtilTim
> erStack.java:455)
>        at
> com.opensymphony.xwork2.DefaultActionInvocation.invoke(DefaultActionI
> nvocation.java:221)
>        at
> org.apache.struts2.impl.StrutsActionProxy.execute(StrutsActionProxy.j
> ava:50)
>        at
> org.apache.struts2.dispatcher.Dispatcher.serviceAction(Dispatcher.jav
> a:504)
>        at
> org.apache.struts2.dispatcher.FilterDispatcher.doFilter(FilterDispatc
> her.java:419)
>        at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> icationFilterChain.java:235)
>        at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> ilterChain.java:206)
>        at
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
> lter.java:96)
>        at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
> icationFilterChain.java:235)
>        at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
> ilterChain.java:206)
>        at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
> alve.java:235)
>        at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
> alve.java:191)
>        at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
> yAssociationValve.java:190)
>        at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
> e.java:92)
>        at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
> ss(SecurityContextEstablishmentValve.java:126)
>        at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
> e(SecurityContextEstablishmentValve.java:70)
>        at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
> ava:127)
>        at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
> ava:102)
>        at
> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
> onnectionValve.java:158)
>        at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
> ve.java:109)
>        at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
> a:330)
>        at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
> :829)
>        at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
> ss(Http11Protocol.java:598)
>        at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
> 7)
>        at java.lang.Thread.run(Thread.java:619)
> /**
>  *
>  */
> package vwg.yyy.cancard.business.facade;
>
> import java.util.ArrayList;
> import java.util.List;
> import java.util.Set;
>
> import javax.annotation.PostConstruct;
> import javax.annotation.Resource;
> import javax.annotation.security.RolesAllowed;
> import javax.annotation.security.RunAs;
> import javax.ejb.EJB;
> import javax.ejb.Local;
> import javax.ejb.Remote;
> import javax.ejb.SessionContext;
> import javax.ejb.Stateless;
> import javax.persistence.EntityExistsException;
> import javax.persistence.EntityNotFoundException;
> import javax.security.auth.Subject;
> import javax.security.jacc.PolicyContext;
> import javax.security.jacc.PolicyContextException;
>
> import org.apache.log4j.Logger;
> import org.hibernate.exception.ConstraintViolationException;
> import org.jboss.ejb3.annotation.SecurityDomain;
> import org.jboss.security.auth.spi.ADLoginIdentifier;
>
> import vwg.yyy.cancard.ApplicationConstants;
> import vwg.yyy.cancard.MyApplicationException;
> import vwg.yyy.cancard.business.user.TooManyHitsException;
> import vwg.yyy.cancard.dao.ApplicationRoleDao;
> import vwg.yyy.cancard.dao.ApplicationUserDao;
> import vwg.yyy.cancard.dao.DAOFactory;
> import vwg.yyy.cancard.ldap.LDAPSearcher;
> import vwg.yyy.cancard.model.basic.ApplicationRole;
> import vwg.yyy.cancard.model.basic.ApplicationUser;
>
>
> /**
>  * Implementation of user service interface.
>  *
>  * @author Michael Obster (michael.obster@epos-cat.de)
>  */
> @SecurityDomain("java:/jaas/cancardDomain")
> @RolesAllowed({ApplicationConstants.ROLE_ADMIN,
> ApplicationConstants.ROLE_NORMAL, "internal"})
> @RunAs("internal")
> @Local({UserFacade.class})
> @Remote({UserFacadeRemote.class})
> @Stateless
> public class UserFacadeBean implements UserFacade {
>        private static final String SUBJECT_CONTEXT_KEY =
> "javax.security.auth.Subject.container";
>
>        private static Logger log = Logger.getLogger(UserFacadeBean.class);
>
>        /**
>     * Session context for security checks.
>     */
>    @Resource
>    private SessionContext ctx;
>
>        @EJB
>        private DAOFactory daoFactory;
>
>    private ApplicationUserDao userDao;
>    private ApplicationRoleDao roleDao;
>
>        /**
>         * Inits the daos.
>         */
>        @PostConstruct
>        public void initDao() {
>                userDao = daoFactory.getApplicationUserDao();
>        roleDao = daoFactory.getApplicationRoleDao();
>        }
>
>    public List<ApplicationUser> getAllUsers() {
>        return userDao.findAllOrdered("lastname, firstname");
>    }
>
>    public ApplicationUser saveUser(ApplicationUser user, boolean
> updateZebra) {
>        if (updateZebra) {
>            // Update current user from zebra
>            LDAPSearcher searcher = new LDAPSearcher();
>            searcher.updateUserAD(user);
>        }
>        return userDao.merge(user);
>    }
>
>    public boolean deleteUser(String gid) {
>        try {
>            userDao.remove(gid);
>        } catch (EntityNotFoundException e) {
>            log.debug(e);
>            throw new MyApplicationException("db.alreadydeleted");
>        } catch (EntityExistsException e) {
>            log.debug(e.getCause());
>            if (e.getCause() instanceof ConstraintViolationException) {
>                // User still used elsewhere
>                throw new MyApplicationException("db.stillused");
>            }
>            else {
>                // Should never happen
>                throw (EntityExistsException) e.fillInStackTrace();
>            }
>        }
>        return true;
>    }
>
>    public ApplicationUser findUserById(String userId) throws
> EntityNotFoundException {
>        return userDao.findById(userId);
>    }
>
>    public ApplicationUser findFullUserById(String userId) throws
> EntityNotFoundException {
>        ApplicationUser user = userDao.findById(userId);
>        return userDao.fetchFullUser(user);
>    }
>
>    public List<ApplicationRole> getAllRoles() {
>        return roleDao.findAllOrdered("reihe");
>    }
>
>    public List<ApplicationUser> findDirectoryUsers(ApplicationUser user)
>                throws TooManyHitsException {
>        LDAPSearcher searcher = new LDAPSearcher();
>        return searcher.findByCriteriaAD(user);
>    }
>
>    public ApplicationUser findDirectoryUser(String userId) {
>        LDAPSearcher searcher = new LDAPSearcher();
>        ApplicationUser user = new ApplicationUser();
>        user.setId(userId);
>        searcher.updateUserAD(user);
>        return user;
>    }
>
>        @Override
>        public List<ApplicationUser> findByCriteria(String firstname,
>                        String lastname, String department, String phone,
>                        String email, String id) {
>                LDAPSearcher searcher = new LDAPSearcher();
>                return searcher.findByCriteria(firstname, lastname,
>                                department, phone, email, id);
>        }
>
>        @Override
>        public List<ApplicationRole> getRolesNotUser(ApplicationUser user) {
>                user = userDao.fetchFullUser(user);
>                return roleDao.findNonRolesOfUser(user);
>        }
>
>        @Override
>        public List<ApplicationRole> getUserRoles(ApplicationUser user) {
>                user = userDao.fetchFullUser(user);
>                return new ArrayList<ApplicationRole>(user.getRole());
>        }
>
>        @Override
>        public boolean addRole(ApplicationRole role, ApplicationUser user) {
>                user = userDao.fetchFullUser(user);
>                return userDao.linkRoleToUser(role, user);
>        }
>
>        @Override
>        public boolean deleteRole(ApplicationRole role, ApplicationUser user)
> {
>                user = userDao.fetchFullUser(user);
>                return userDao.unlinkRoleToUser(role, user);
>        }
>
>        @Override
>        public ApplicationRole findRoleById(String roleId)
>                        throws EntityNotFoundException {
>                return roleDao.findById(roleId);
>        }
>
>        public void updateUser() throws MyApplicationException {
>        // Get user from DB
>        LDAPSearcher searcher = new LDAPSearcher();
>        ApplicationUser dbUser=null;
>        try {
>                dbUser = userDao.findById(getUserId(ctx));
>        }
>        catch(EntityNotFoundException e) {
>            throw new MyApplicationException("User not found in database.",
> e);
>        }
>
>        // Get current user data from zebra
> //        searcher.updateUserAD(dbUser);
>
>        // Save user
> //        userDao.merge(dbUser);
>    }
>
>    /**
>     * Static helper method: Get userId from EJB context.
>     *
>     * @param ctx SessionContext for no-ad-case
>     * @return userId
>     */
>    public static String getUserId(SessionContext ctx) {
>        try {
>            Subject subject = (Subject)
> PolicyContext.getContext(UserFacadeBean.SUBJECT_CONTEXT_KEY)
> ;
>            Set<ADLoginIdentifier> pc =
> subject.getPublicCredentials(ADLoginIdentifier.class);
>            if (pc == null || pc.isEmpty()) {
>                /*
>                 * Should only happen in JUnit case, return user name as GID
>                 * NOT dangerous because:
>                 * - Spiider is the only login method on production server
>                 * - The following update from Zebra will fail and throw an
> Exception
>                 */
>                log.warn("Logging in without ADLoginIdentifier, should only
> happen in JUnit test!");
>                return ctx.getCallerPrincipal().getName();
>            }
>            else {
>                return pc.iterator().next().getUserId();
>            }
>        } catch (PolicyContextException e) {
>            throw new MyApplicationException("Jaas subject could not be
> retrieved.", e);
>        }
>    }
>
>        @Override
>        public boolean userHasRole(ApplicationRole role, ApplicationUser
> user) {
>                user = userDao.fetchFullUser(user);
>                Set<ApplicationRole> roles = user.getRole();
>                if (roles.contains(role)) {
>                        return true;
>                }
>                else {
>                        return false;
>                }
>        }
>
>        @Override
>        public ApplicationRole getRolesById(String roleid) {
>                ApplicationRole role = roleDao.findById(roleid);
>                return role;
>        }
>
> }
>
> ...
> 16:01:50,566 INFO  [SpiiderLoginModule] Logged into LDAP server,
> javax.naming.ld
> ap.InitialLdapContext@6857da
> 16:01:50,581 INFO  [SpiiderLoginModule] getRoleSets using rolesQuery: SELECT
> u.u
> serid, r."role" FROM "security".application_user u,
> "security".application_role
> r, "security".user_role ur WHERE u.userid = ? AND u.userid = ur.user_id AND
> ur.r
> ole_id = r."role", gid: 79A44E672EA8C49B
> 16:01:50,769 ERROR [[default]] Servlet.service() for servlet default threw
> excep
> tion
> javax.ejb.EJBAccessException: Caller unauthorized
> ...
>
> /**
>  *
>  */
> package vwg.audi.cancard.ui.interceptor;
>
> import javax.servlet.http.HttpServletRequest;
>
> import org.apache.log4j.Logger;
> import org.apache.struts2.ServletActionContext;
>
> import vwg.yyy.cancard.business.LoginFacade;
> import vwg.yyy.cancard.ui.JAASConstants;
>
> import com.opensymphony.xwork2.Action;
> import com.opensymphony.xwork2.ActionInvocation;
> import com.opensymphony.xwork2.interceptor.Interceptor;
>
> /**
>  * JAASLoginFilter
>  *
>  * @author Michael Obster
>  */
> public class JAASLoginInterceptor implements Interceptor {
>
>        private static final long serialVersionUID = -1983088770872827621L;
>
>        private Logger log = Logger.getLogger(this.getClass());
>
>        String loginDomain = "";
>        String clientLoginDomain = "";
>
>        LoginFacade loginFacade;
>
>        @Override
>        public void init() {
>
>        }
>
>        @Override
>        public String intercept(ActionInvocation actionInvocation) throws
> Exception {
>                loginDomain =
> ServletActionContext.getServletContext().getInitParameter("jaasLoginDomain");
>                clientLoginDomain =
> ServletActionContext.getServletContext().getInitParameter("jaasClientLoginDomain");
>                if (log.isDebugEnabled()) {
>                        log.debug("init JAASInterceptor: loginDomain:" +
> loginDomain + " clientLoginDomain:" + clientLoginDomain);
>                }
>
>                HttpServletRequest request =
> ServletActionContext.getRequest();
>                String servletPath = request.getServletPath();
>                String pathInfo = request.getPathInfo();
>                String path = (servletPath == null ? "" : servletPath)
>                                        + (pathInfo == null ? "" :
pathInfo);
>                if (log.isDebugEnabled()) {
>                        log.debug("Login INTERCEPT");
>                }
>                loginFacade = new LoginFacade(loginDomain,
> clientLoginDomain);
>
>
>                if (!JAASConstants.USER_IS_VALID.equals(request
>                                                .getSession().getAttribute(
>
>  JAASConstants.USER_VALIDITY))) {
>                        log.info("requested path: " + path);
>                        return Action.LOGIN;
>                }
>
>                //Perform client-login
>                String username =
> (String)request.getSession().getAttribute(JAASConstants.USERNAME);
>        String strPassword  =
> (String)request.getSession().getAttribute(JAASConstants.PASSWORD);
>
>        // Classic login by username and password
>        loginFacade.clientLogin(username, strPassword);
>        if (log.isDebugEnabled()) {
>                log.debug("*****CLIENTLOGIN COMPLETE****");
>        }
>
>                return actionInvocation.invoke();
>        }
>
>        @Override
>        public void destroy() {
>                loginFacade.logout();
>        }
>
>
>
> }
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
> For additional commands, e-mail: user-help@struts.apache.org
>



-- 
Wes Wannemacher

Head Engineer, WanTii, Inc.
Need Training? Struts, Spring, Maven, Tomcat...
Ask me for a quote!

---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org


Mime
View raw message