Skip to main content

"Default Principal To Role Mapping" isUserInRole/isCallerInRole

3 replies [Last post]
drfranknfurter
Offline
Joined: 2008-08-13
Points: 0

I have actived the Default Principal To Role Mapping to avoid having to map the roles in web.xml or in sun-web.xml. This works fine for annotations on EJB methods, but not when I invoke isCallerInRole on the SessionContext in the EJB container or isUserInRole on the HttpServletRequest in the web-tier.

After debugging the isUserInRole call I came to the conclusion that the final check is not just on the role but that the url, for which the bean is a backing bean, is brought into the equation as well.

The isCallerInRole throws an exception complaining that there is no security mapping available.
Unfortunately mapping the roles in sun-web.xml is not an option.

Is this supposed to be happing and how can I get around it?

Thanks

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
drfranknfurter
Offline
Joined: 2008-08-13
Points: 0

Thanks for pointing me to the generated.policy

I noticed the difference in the file if I use @DeclareRole and when I don't. It causes the following line to be added to the grant statement:

permission javax.security.jacc.EJBRoleRefPermission "MenuService", "masterdata.organisation.read";

So @DeclareRoles or definition of roles in web.xml / ejb-jar.xml adds the roles to the generated policy, but @RolesAllowed does not effect your policy, but does somehow do a "temporary declare" with Default p2r mapping enable.

Am I correct in saying the above?

I do find it a bit weird that a isCallerInRole does not follow the same behaviour.

monzillo
Offline
Joined: 2004-05-08
Points: 0

the default p2r mapping "should" effect all the contexts of use that you are interested it.

It will only work for the roles that have been declared in the corresponding web.xml and ejb-jar.xml files [Declaring a role is different from defining a corresponding p2r mapping]

Off the top of my head, I can't explain why you should ever get an exception from a call to isCallerInRole. You may have found a bug. If you can reproduce the exception, I'd be interested in seeing the stack trace,

You can see the policy that supports the isUser/CallerInRole calls by looking in the application specific policy files under domainx/generated/policy/app-name/module-name/granted.policy

the grants of WebRoleRefPermission and EJBRoleRefPermission establish what principals are mapped to the corresponding role, in a named context (i.e. a servlet, or an ejb). By looking at the policy file, we can see if the proper grants have been created for all of the roles you are interested in.

Ron

drfranknfurter
Offline
Joined: 2008-08-13
Points: 0

Ahh, I still need to define the roles even if I enable default p2r mapping. But I will have to map them as well if I disable default p2r. Would I still need to declare them in the xml if I use the @DeclareRole if not is there a programmatic why to do what @DeclareRole does?

Here's the exception that I get:

[#|2008-10-02T09:59:38.798+0200|SEVERE|sun-appserver9.1|com.sun.ejb.containers.EJBContextImpl|_ThreadID=16;_ThreadName=httpSSLWorkerThread-8080-0;_RequestID=44351f2b-a930
-47fd-a3d6-b9e0a7025b5e;|##c68f766b-9d83-455b-8e0a-558859f4c4fe##BUG##No mapping available for role reference masterdata.organisation.read##com.sun.ejb.containers.EJBCont
extImpl|isCallerInRole|425
java.lang.IllegalArgumentException: No mapping available for role reference masterdata.organisation.read
at com.sun.ejb.containers.EJBContextImpl.isCallerInRole(EJBContextImpl.java:425)
at com.place.zero.min.service.config.impl.menu.MenuServiceBean.getMenu(MenuServiceBean.java:182)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1067)
at com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:176)
at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:4005)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:483)
at com.sun.ejb.Invocation.proceed(Invocation.java:498)
at com.place.zero.sss.one.domain.interceptor.ContextInterceptor.setupSessionContext(ContextInterceptor.java:22)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:579)
at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:483)
at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:205)
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:3978)
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:203)
at com.sun.ejb.containers.EJBObjectInvocationHandlerDelegate.invoke(EJBObjectInvocationHandlerDelegate.java:77)
at $Proxy73.getMenu(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.privateInvoke(StubInvocationHandlerImpl.java:233)
at com.sun.corba.ee.impl.presentation.rmi.StubInvocationHandlerImpl.invoke(StubInvocationHandlerImpl.java:152)
at com.sun.corba.ee.impl.presentation.rmi.bcel.BCELStubBase.invoke(BCELStubBase.java:225)
at com.place.zero.min.config.dto.menu.__MenuService_Remote_DynamicStub.getMenu(za/sita/ifms/min/config/dto/menu/__MenuService_Remote_DynamicStub.java)
at com.place.zero.min.config.dto.menu._MenuService_Wrapper.getMenu(za/sita/ifms/min/config/dto/menu/_MenuService_Wrapper.java)
at com.place.zero.sss.one.web.NavigationBean.initPanelNavigationItems(NavigationBean.java:126)
at com.place.zero.sss.one.web.NavigationBean.getPanelNavigationItems(NavigationBean.java:50)
at com.place.zero.sss.one.web.NavigationBean$$FastClassByCGLIB$$81f050af.invoke()
at net.sf.cglib.proxy.MethodProxy.invoke(MethodProxy.java:149)
at org.springframework.aop.framework.Cglib2AopProxy$CglibMethodInvocation.invokeJoinpoint(Cglib2AopProxy.java:700)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:149)
at com.place.zero.wbn.aop.ModelExceptionInterceptor.invoke(ModelExceptionInterceptor.java:22)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
at org.springframework.aop.framework.Cglib2AopProxy$DynamicAdvisedInterceptor.intercept(Cglib2AopProxy.java:635)
at com.place.zero.sss.one.web.NavigationBean$$EnhancerByCGLIB$$80a482d0.getPanelNavigationItems()
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:261)
at javax.el.CompositeELResolver.getValue(CompositeELResolver.java:143)
at com.sun.faces.el.FacesCompositeELResolver.getValue(FacesCompositeELResolver.java:64)
at com.sun.el.parser.AstValue.getValue(AstValue.java:138)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:206)
at com.sun.facelets.el.TagValueExpression.getValue(TagValueExpression.java:71)
at javax.faces.component.UISelectItems.getValue(UISelectItems.java:130)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at com.sun.facelets.util.DevTools.writeAttributes(DevTools.java:243)
at com.sun.facelets.util.DevTools.writeStart(DevTools.java:287)
at com.sun.facelets.util.DevTools.writeComponent(DevTools.java:192)
at com.sun.facelets.util.DevTools.writeComponent(DevTools.java:210)
at com.sun.facelets.util.DevTools.writeComponent(DevTools.java:210)
at com.sun.facelets.util.DevTools.writeComponent(DevTools.java:210)
at com.sun.facelets.util.DevTools.writeComponent(DevTools.java:210)
at com.sun.facelets.util.DevTools.debugHtml(DevTools.java:107)
at com.sun.facelets.FaceletViewHandler.handleRenderException(FaceletViewHandler.java:692)
at com.sun.facelets.FaceletViewHandler.renderView(FaceletViewHandler.java:660)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:178)
at org.apache.myfaces.trinidadinternal.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:188)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:106)
at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:251)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:144)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:245)
at org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:411)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:317)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at com.place.zero.common.jee.web.ErrorRedirectionFilter.doFilter(ErrorRedirectionFilter.java:49)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:238)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:195)
at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:138)
at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:230)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:198)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:288)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:271)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:202)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:272)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:380)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
|#]