Help with Security violation

**gunnarbo** · Oct 11th, 2006, 08:43 AM

I'm using Spring 2.0 to try to access remote EJB's but I get a security violation claiming user anonymous although I enter username and password.

The same code without Spring works fine

I get this error stack:
org.springframework.remoting.RemoteAccessException : Cannot access remote service [ejb/o2s/Class]; nested exception is java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=O2SEJBAPI, module=O2SEJB.jar, ejb=Class, method=create, methodInterface=Home, signature={}.
Caused by: java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=O2SEJBAPI, module=O2SEJB.jar, ejb=Class, method=create, methodInterface=Home, signature={}.
at weblogic.rjvm.ResponseImpl.unmarshalReturn(Respons eImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(C lusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(C lusterableRemoteRef.java:250)
at com.axiomsystems.o2s.beans.Class_ijae5s_HomeImpl_9 00_WLStub.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.ejb.access.AbstractSlsbInvoker Interceptor.create(AbstractSlsbInvokerInterceptor. java:177)
at org.springframework.ejb.access.AbstractRemoteSlsbI nvokerInterceptor.newSessionBeanInstance(AbstractR emoteSlsbInvokerInterceptor.java:205)
at org.springframework.ejb.access.SimpleRemoteSlsbInv okerInterceptor.getSessionBeanInstance(SimpleRemot eSlsbInvokerInterceptor.java:108)
at org.springframework.ejb.access.SimpleRemoteSlsbInv okerInterceptor.doInvoke(SimpleRemoteSlsbInvokerIn terceptor.java:74)
at org.springframework.ejb.access.AbstractRemoteSlsbI nvokerInterceptor.invoke(AbstractRemoteSlsbInvoker Interceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :185)
at org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:209)
at $Proxy0.toString(Unknown Source)
at java.lang.String.valueOf(Unknown Source)
at java.io.PrintStream.print(Unknown Source)
at java.io.PrintStream.println(Unknown Source)
at wal.test.Spring2ToEjb.execute(Spring2ToEjb.java:56 )
at wal.test.Spring2ToEjb.main(Spring2ToEjb.java:83)

---------------------------------------
Part of my spring file.

<bean id="jndiTemplate"
class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
<prop key="java.naming.security.principal">user</prop>
<prop key="java.naming.security.credentials">pass</prop>
<prop key="java.naming.factory.initial">weblogic.jndi.WL InitialContextFactory</prop>
<prop key="java.naming.provider.url">t3://localhost:7001</prop>
</props>
</property>
</bean>

<bean id="classRemote" class="org.springframework.ejb.access.SimpleRemote StatelessSessionProxyFactoryBean">
<property name="jndiTemplate" ref="jndiTemplate"></property>
<property name="jndiName" value="ejb/o2s/Class"></property>
<property name="businessInterface" value="com.axiomsystems.o2s.ejb.ClassRemote"></property>
</bean>

Regards
Gunnar

**gunnarbo** · Oct 31st, 2006, 01:12 AM

Hi,
I've found out that the problem is that the JndiTemplate class closes the context after retrieving the home class, and then the create of the remote class fails.
The following non Spring code gets the same exception as long as I have the jndi.close() call before getting the remote object.

ClassHome home = (ClassHome) PortableRemoteObject.narrow(object,
ClassHome.class);
System.out.println(home);
jndi.close();
ClassRemote remote = home.create();
System.out.println(remote);

Any suggestion?

Regards
Gunnar

Originally Posted by gunnarbo

I'm using Spring 2.0 to try to access remote EJB's but I get a security violation claiming user anonymous although I enter username and password.

The same code without Spring works fine

I get this error stack:
org.springframework.remoting.RemoteAccessException : Cannot access remote service [ejb/o2s/Class]; nested exception is java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=O2SEJBAPI, module=O2SEJB.jar, ejb=Class, method=create, methodInterface=Home, signature={}.
Caused by: java.rmi.AccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>, application=O2SEJBAPI, module=O2SEJB.jar, ejb=Class, method=create, methodInterface=Home, signature={}.
at weblogic.rjvm.ResponseImpl.unmarshalReturn(Respons eImpl.java:191)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(C lusterableRemoteRef.java:315)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(C lusterableRemoteRef.java:250)
at com.axiomsystems.o2s.beans.Class_ijae5s_HomeImpl_9 00_WLStub.create(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknow n Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Un known Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.ejb.access.AbstractSlsbInvoker Interceptor.create(AbstractSlsbInvokerInterceptor. java:177)
at org.springframework.ejb.access.AbstractRemoteSlsbI nvokerInterceptor.newSessionBeanInstance(AbstractR emoteSlsbInvokerInterceptor.java:205)
at org.springframework.ejb.access.SimpleRemoteSlsbInv okerInterceptor.getSessionBeanInstance(SimpleRemot eSlsbInvokerInterceptor.java:108)
at org.springframework.ejb.access.SimpleRemoteSlsbInv okerInterceptor.doInvoke(SimpleRemoteSlsbInvokerIn terceptor.java:74)
at org.springframework.ejb.access.AbstractRemoteSlsbI nvokerInterceptor.invoke(AbstractRemoteSlsbInvoker Interceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethod Invocation.proceed(ReflectiveMethodInvocation.java :185)
at org.springframework.aop.framework.JdkDynamicAopPro xy.invoke(JdkDynamicAopProxy.java:209)
at $Proxy0.toString(Unknown Source)
at java.lang.String.valueOf(Unknown Source)
at java.io.PrintStream.print(Unknown Source)
at java.io.PrintStream.println(Unknown Source)
at wal.test.Spring2ToEjb.execute(Spring2ToEjb.java:56 )
at wal.test.Spring2ToEjb.main(Spring2ToEjb.java:83)

---------------------------------------
Part of my spring file.

<bean id="jndiTemplate"
class="org.springframework.jndi.JndiTemplate">
<property name="environment">
<props>
<prop key="java.naming.security.principal">user</prop>
<prop key="java.naming.security.credentials">pass</prop>
<prop key="java.naming.factory.initial">weblogic.jndi.WL InitialContextFactory</prop>
<prop key="java.naming.provider.url">t3://localhost:7001</prop>
</props>
</property>
</bean>

<bean id="classRemote" class="org.springframework.ejb.access.SimpleRemote StatelessSessionProxyFactoryBean">
<property name="jndiTemplate" ref="jndiTemplate"></property>
<property name="jndiName" value="ejb/o2s/Class"></property>
<property name="businessInterface" value="com.axiomsystems.o2s.ejb.ClassRemote"></property>
</bean>

Regards
Gunnar

**gunnarbo** · Nov 2nd, 2006, 03:38 AM

I've ended up to extend the standard JndiTemplate like this:

public class JndiTemplate extends org.springframework.jndi.JndiTemplate {
Context context = null;

@Override
public Object execute(JndiCallback contextCallback) throws NamingException {
if (context == null) {
context = createInitialContext();
}
return contextCallback.doInContext(context);
}

}

Should something like this be part of the standard jndiTemplate?

Regards
Gunnar

Thread: Help with Security violation

Thread Tools

Display

Help with Security violation

Found the problem but not the solution

solution

Posting Permissions