Google Grupper har inte längre stöd för nya Usenet-inlägg eller -prenumerationer. Historiskt innehåll förblir synligt.
Dismiss

Security Problem in weblogic

431 visningar
Hoppa till det första olästa meddelandet

Suni

oläst,
18 maj 2005 00:44:182005-05-18
till
Something related to security in weblogic. The error trace is as
follows...

java.rmi.AccessException: [EJB:010160]Security Violation: User:
'<anonymous>' has insufficient permission to access EJB: type=<ejb>,
application=jmetro, module=jmetro.jar, ejb=MySessionBean,
method=create, methodInterface=Home, signature={}.
at
weblogic.ejb20.internal.MethodDescriptor.checkMethodPermissionsRemote(MethodDescriptor.java:550)
at
weblogic.ejb20.internal.StatelessEJBHome.create(StatelessEJBHome.java:157)
at
com.sunny.metro.server.ejb.MySessionBean_tc67pu_HomeImpl.create(MySessionBean_tc67pu_HomeImpl.java:66)
at
com.sunny.metro.timer.StartTimerServlet.init(StartTimerServlet.java:35)


The scenario is as follows..

I have a servlet. In its init() method, I am accessing a session
bean(MySessionBean) to perform some functionaity..
public void init(ServletConfig config) throws ServletException {
super.init(config);
System.out.println("%%%%%% This is invoking the servlet %%%%%%");
mySessionHome = Session.getMySessionHome();
try {
mySession = mySessionHome.create();
mySession.createTimer();
} catch (RemoteException e) {
e.printStackTrace();
} catch (CreateException e) {
e.printStackTrace();
}
}

I put some method permissions for this session bean for the method
create in ejb-jar.xml.

The ejb-jar.xml excerpt for the MySessionBean..
<session id="MySessionBean">
<display-name>MySessionBean</display-name>
<ejb-name>MySessionBean</ejb-name>
<home>com.sunny.metro.server.ejb.MySessionHome</home>
<remote>com.sunny.metro.server.ejb.MySession</remote>

<ejb-class>com.sunny.metro.server.ejb.MySessionBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>MetroAdmin</role-name>
<role-link>AWSAdmin</role-link>
<!--Comment the above line and uncomment the following
line for "All Users are Admin" mode
<role-link>AWSUser</role-link>
-->
</security-role-ref>
<security-role-ref>
<role-name>MetroDesigner</role-name>
<role-link>AWSDesigner</role-link>
</security-role-ref>
</session>

...
<method-permission>
<role-name>AWSAdmin</role-name>
<role-name>AWSDesigner</role-name>
<!-- Uncomment the following line for "All Users are Admin"
mode
<role-name>AWSUser</role-name>
-->
<method>
<ejb-name>MySessionBean</ejb-name>
<method-name>create</method-name>
</method>
</method-permission>
The servlet's web.xml...
<web-app>
<servlet>
<servlet-name>StartTimerServlet</servlet-name>
<display-name>Timer</display-name>
<description>This is to Start the Timer</description>

<servlet-class>com.sunny.metro.timer.StartTimerServlet</servlet-class>
<load-on-startup>1</load-on-startup>
<run-as>
<role-name>AWSAdmin</role-name>
</run-as>
</servlet>
<servlet-mapping>
<servlet-name>StartTimerServlet</servlet-name>
<url-pattern>/servlets/JMetroTimer</url-pattern>
</servlet-mapping>
<security-role>
<description>Administrator</description>
<role-name>AWSAdmin</role-name>
</security-role>
</web-app>

And weblogic.xml is ...

<weblogic-web-app>

<security-role-assignment>
<role-name>AWSAdmin</role-name>
<principal-name>system</principal-name>
</security-role-assignment>

<run-as-role-assignment>
<role-name>AWSAdmin</role-name>
<run-as-principal-name>system</run-as-principal-name>
</run-as-role-assignment>

</weblogic-web-app>

Please let me know if this is a known issue in weblogic or I am missing
something. BTW I am using weblogic90b.

Thanks,
Suni.

0 nya meddelanden