Problem with getCallerPrincipal().getName()

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem with getCallerPrincipal().getName()

Ivan S. Dubrov-2
Hello,

I wish to use J2EE security for both Web module and EJB module. So I configured realm, mapped principals to the security roles, develop appropriate J2EE deployment descriptors. Declarative role-based security works perfectly.

When it turns to the programmatic security I have problems determining logged in user name in the EJB module. In the Web module everything is OK, I can call request.getUserPrincipal().getName() and it return authorized user name (for example, "joe"). But when I try to get user name from the EJB with the EJBContext.getCallerPrincipal().getName(), I get the following string:

"MyRealm:[org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal:manager]"

I can only get user group from this string, "manager", but not the user name. So it seems to me that important piece of information, user identity, is lost while propagating security context from the Web module to the EJB module.

It looks to me like a design flaw.

Any comments on this? How can I overcome this problem? I do not want to pass username as a parameter to the EJB, since this is not secure (user calling EJB can pass somebody else name). Of course, in my case these calls can be performed only from the Web module, but anyway.

Ivan Dubrov
Reply | Threaded
Open this post in threaded view
|

Re: Problem with getCallerPrincipal().getName()

David Jencks
I noticed some of this recently too.

I think there are at least two things to discuss here:

1. Why is the caller principal (one of the) group principals.  In  
general, how is the caller principal determined?
-- I'm not sure about the answer to this, I hope to have some time to  
investigate soon, but it may be a while.

2. Should getName() from one of our RealmPrincipals return an  
explanatory string or just the getName() of the wrapped principal?
-- It makes sense to me to return the name of the wrapped principal.

I think it would be a good idea to file a jira issue on at least the  
first of these.  With a little discussion we can probably settle (2)  
quickly.

Thanks
david jencks


On Jun 9, 2005, at 9:32 PM, Ivan S. Dubrov wrote:

> Hello,
>
> I wish to use J2EE security for both Web module and EJB module. So I  
> configured realm, mapped principals to the security roles, develop  
> appropriate J2EE deployment descriptors. Declarative role-based  
> security works perfectly.
>
> When it turns to the programmatic security I have problems determining  
> logged in user name in the EJB module. In the Web module everything is  
> OK, I can call request.getUserPrincipal().getName() and it return  
> authorized user name (for example, "joe"). But when I try to get user  
> name from the EJB with the EJBContext.getCallerPrincipal().getName(),  
> I get the following string:
>
> "MyRealm:
> [org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal:
> manager]"
>
> I can only get user group from this string, "manager", but not the  
> user name. So it seems to me that important piece of information, user  
> identity, is lost while propagating security context from the Web  
> module to the EJB module.
>
> It looks to me like a design flaw.
>
> Any comments on this? How can I overcome this problem? I do not want  
> to pass username as a parameter to the EJB, since this is not secure  
> (user calling EJB can pass somebody else name). Of course, in my case  
> these calls can be performed only from the Web module, but anyway.
>
> Ivan Dubrov
>

Reply | Threaded
Open this post in threaded view
|

Web Service tests

Stefan Schmidt-25
Hi,

I am currently trying to get some JAX-RPC Web services running on
Geronimo. Since there are not too many examples out there I chose to try
the jBoss examples which are described here:
http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch12.html.

After inserting a proper url in the HelloService.wsdl (<soap:address
location="http://localhost:8080/hello-servlet/Hello?WSDL"/>) I was able
to deploy the war file with the JSE Web Service.

The problem here is if I invoke
http://localhost:8080/hello-servlet/Hello?method=hello&s=test I get the
following SOAP-Fault:
[....]
<faultcode>soapenv:Server.userException</faultcode>
-
    <faultstring>
org.xml.sax.SAXParseException: Premature end of file.
</faultstring>
[...]

..when I use the supplied Client I get the following error:
[..]
     [java]  faultString: Tried to invoke method public abstract
java.lang.String org.jboss.chap12.hello.Hello.hello(java.lang.String)
throws java.rmi.RemoteException with arguments java.lang.String.  The
arguments do not match the signature.; nested exception is:
     [java]     java.lang.IllegalArgumentException: object is not an
instance of declaring class
[...]

In a second attempt I tried to deploy the hello-ejb.jar example which
serves as an EJB endpoint. Unfortunately I get a exception during
deployment:
[...]
558 WARN  [BasicLifecycleMonitor] Exception occured while notifying listener
java.lang.NoSuchMethodError:
org.apache.geronimo.webservices.SoapHandler.addWebService
(Ljava/lang/String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
        at org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
[...]

Both of these Applications work perfectly in jBoss and I can't see why
they shouldn't work in Geronimo.

I would be grateful if someone could try to deploy these applications as
well and tell me whether this is rather my problem or a Geronimo Problem.

Thanks in advance.

Stefan
Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

Jeremy Boynes
Quick question - are you using the current HEAD build? There were a
couple of bugs in our JAF implementation which would lead to similar
failures to the first one which I checked fixes in for earlier this week.

--
Jeremy

Stefan Schmidt wrote:

> Hi,
>
> I am currently trying to get some JAX-RPC Web services running on
> Geronimo. Since there are not too many examples out there I chose to try
> the jBoss examples which are described here:
> http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch12.html.
>
> After inserting a proper url in the HelloService.wsdl (<soap:address
> location="http://localhost:8080/hello-servlet/Hello?WSDL"/>) I was able
> to deploy the war file with the JSE Web Service.
>
> The problem here is if I invoke
> http://localhost:8080/hello-servlet/Hello?method=hello&s=test I get the
> following SOAP-Fault:
> [....]
> <faultcode>soapenv:Server.userException</faultcode>
> -
>    <faultstring>
> org.xml.sax.SAXParseException: Premature end of file.
> </faultstring>
> [...]
>
> ..when I use the supplied Client I get the following error:
> [..]
>     [java]  faultString: Tried to invoke method public abstract
> java.lang.String org.jboss.chap12.hello.Hello.hello(java.lang.String)
> throws java.rmi.RemoteException with arguments java.lang.String.  The
> arguments do not match the signature.; nested exception is:
>     [java]     java.lang.IllegalArgumentException: object is not an
> instance of declaring class
> [...]
>
> In a second attempt I tried to deploy the hello-ejb.jar example which
> serves as an EJB endpoint. Unfortunately I get a exception during
> deployment:
> [...]
> 558 WARN  [BasicLifecycleMonitor] Exception occured while notifying
> listener
> java.lang.NoSuchMethodError:
> org.apache.geronimo.webservices.SoapHandler.addWebService
> (Ljava/lang/String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
>        at org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
> [...]
>
> Both of these Applications work perfectly in jBoss and I can't see why
> they shouldn't work in Geronimo.
>
> I would be grateful if someone could try to deploy these applications as
> well and tell me whether this is rather my problem or a Geronimo Problem.
>
> Thanks in advance.
>
> Stefan

Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

Stefan Schmidt-25
I am using a build which is about two weeks old, so you might be correct
that your fixes are not included. Are the 'latest unstable build'
downloads current or do I have to use maven (last time it took 6
attempts before it worked without a build error)?

:Stefan

Jeremy Boynes wrote:

> Quick question - are you using the current HEAD build? There were a
> couple of bugs in our JAF implementation which would lead to similar
> failures to the first one which I checked fixes in for earlier this week.
>
> --
> Jeremy
>
> Stefan Schmidt wrote:
>
>> Hi,
>>
>> I am currently trying to get some JAX-RPC Web services running on
>> Geronimo. Since there are not too many examples out there I chose to
>> try the jBoss examples which are described here:
>> http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch12.html.
>>
>> After inserting a proper url in the HelloService.wsdl (<soap:address
>> location="http://localhost:8080/hello-servlet/Hello?WSDL"/>) I was
>> able to deploy the war file with the JSE Web Service.
>>
>> The problem here is if I invoke
>> http://localhost:8080/hello-servlet/Hello?method=hello&s=test I get
>> the following SOAP-Fault:
>> [....]
>> <faultcode>soapenv:Server.userException</faultcode>
>> -
>>    <faultstring>
>> org.xml.sax.SAXParseException: Premature end of file.
>> </faultstring>
>> [...]
>>
>> ..when I use the supplied Client I get the following error:
>> [..]
>>     [java]  faultString: Tried to invoke method public abstract
>> java.lang.String org.jboss.chap12.hello.Hello.hello(java.lang.String)
>> throws java.rmi.RemoteException with arguments java.lang.String.  The
>> arguments do not match the signature.; nested exception is:
>>     [java]     java.lang.IllegalArgumentException: object is not an
>> instance of declaring class
>> [...]
>>
>> In a second attempt I tried to deploy the hello-ejb.jar example which
>> serves as an EJB endpoint. Unfortunately I get a exception during
>> deployment:
>> [...]
>> 558 WARN  [BasicLifecycleMonitor] Exception occured while notifying
>> listener
>> java.lang.NoSuchMethodError:
>> org.apache.geronimo.webservices.SoapHandler.addWebService
>> (Ljava/lang/String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
>>
>>        at
>> org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
>> [...]
>>
>> Both of these Applications work perfectly in jBoss and I can't see
>> why they shouldn't work in Geronimo.
>>
>> I would be grateful if someone could try to deploy these applications
>> as well and tell me whether this is rather my problem or a Geronimo
>> Problem.
>>
>> Thanks in advance.
>>
>> Stefan
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

Jeremy Boynes
Stefan Schmidt wrote:
> I am using a build which is about two weeks old, so you might be correct
> that your fixes are not included. Are the 'latest unstable build'
> downloads current or do I have to use maven (last time it took 6
> attempts before it worked without a build error)?
>

Looking at the site the rev number is older than my checkin so I'm
afraid it is back to maven (where there appear to be problems right now)
or hold on until a new binary is uploaded. I will ask on the dev list if
someone can build and refresh the distro.

--
Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

Stefan Schmidt-25
Yes I experienced those maven problems already (three attempts failed).
Thanks for asking to upload a new binary distribution.

:Stefan

Jeremy Boynes wrote:

> Stefan Schmidt wrote:
>
>> I am using a build which is about two weeks old, so you might be
>> correct that your fixes are not included. Are the 'latest unstable
>> build' downloads current or do I have to use maven (last time it took
>> 6 attempts before it worked without a build error)?
>>
>
> Looking at the site the rev number is older than my checkin so I'm
> afraid it is back to maven (where there appear to be problems right
> now) or hold on until a new binary is uploaded. I will ask on the dev
> list if someone can build and refresh the distro.
>
> --
> Jeremy
>

Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

Stefan Schmidt-25
In reply to this post by Jeremy Boynes
Hi Jeremy,

thanks for your fixes to the problem. The JAX-RPC Service Endpoint
example works now nicely (apart from a  warning).

However, when I try to deploy the JAX-RPC EJB Endpoint example I still
get the following error:

[...]
16:10:57,915 ERROR [GBeanInstanceState] Error while starting; GBean is
now in th
e FAILED state: objectName="openejb:type=WSContainer,name=HelloBean"
java.lang.NoSuchMethodError:
org.apache.geronimo.webservices.SoapHandler.addWebService(Ljava/lang/String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
        at org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
[...]

Could you indicate if this error was caused by a Geronimo bug or rather
a bad descriptor (or mapping)?

If you like I can provide the hello-ejb.jar example file from the jBoss
4 documentation for you to see the error yourself.

Have you got any simple JAX-RPC EJB endpoint example working on Geronimo
that you could share here?

Thanks,

Stefan

Jeremy Boynes wrote:

> Quick question - are you using the current HEAD build? There were a
> couple of bugs in our JAF implementation which would lead to similar
> failures to the first one which I checked fixes in for earlier this week.
>
> --
> Jeremy
>
> Stefan Schmidt wrote:
>
>> Hi,
>>
>> I am currently trying to get some JAX-RPC Web services running on
>> Geronimo. Since there are not too many examples out there I chose to
>> try the jBoss examples which are described here:
>> http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch12.html.
>>
>> After inserting a proper url in the HelloService.wsdl (<soap:address
>> location="http://localhost:8080/hello-servlet/Hello?WSDL"/>) I was
>> able to deploy the war file with the JSE Web Service.
>>
>> The problem here is if I invoke
>> http://localhost:8080/hello-servlet/Hello?method=hello&s=test I get
>> the following SOAP-Fault:
>> [....]
>> <faultcode>soapenv:Server.userException</faultcode>
>> -
>>    <faultstring>
>> org.xml.sax.SAXParseException: Premature end of file.
>> </faultstring>
>> [...]
>>
>> ..when I use the supplied Client I get the following error:
>> [..]
>>     [java]  faultString: Tried to invoke method public abstract
>> java.lang.String org.jboss.chap12.hello.Hello.hello(java.lang.String)
>> throws java.rmi.RemoteException with arguments java.lang.String.  The
>> arguments do not match the signature.; nested exception is:
>>     [java]     java.lang.IllegalArgumentException: object is not an
>> instance of declaring class
>> [...]
>>
>> In a second attempt I tried to deploy the hello-ejb.jar example which
>> serves as an EJB endpoint. Unfortunately I get a exception during
>> deployment:
>> [...]
>> 558 WARN  [BasicLifecycleMonitor] Exception occured while notifying
>> listener
>> java.lang.NoSuchMethodError:
>> org.apache.geronimo.webservices.SoapHandler.addWebService
>> (Ljava/lang/String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
>>
>>        at
>> org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
>> [...]
>>
>> Both of these Applications work perfectly in jBoss and I can't see
>> why they shouldn't work in Geronimo.
>>
>> I would be grateful if someone could try to deploy these applications
>> as well and tell me whether this is rather my problem or a Geronimo
>> Problem.
>>
>> Thanks in advance.
>>
>> Stefan
>
>
>

Reply | Threaded
Open this post in threaded view
|

Re: Web Service tests

David Jencks
I think you must have an old version of openejb.  Did you check openejb  
out and compile it as well?

thanks
david jencks

On Jun 11, 2005, at 11:21 PM, Stefan Schmidt wrote:

> Hi Jeremy,
>
> thanks for your fixes to the problem. The JAX-RPC Service Endpoint  
> example works now nicely (apart from a  warning).
>
> However, when I try to deploy the JAX-RPC EJB Endpoint example I still  
> get the following error:
>
> [...]
> 16:10:57,915 ERROR [GBeanInstanceState] Error while starting; GBean is  
> now in th
> e FAILED state: objectName="openejb:type=WSContainer,name=HelloBean"
> java.lang.NoSuchMethodError:  
> org.apache.geronimo.webservices.SoapHandler.addWebService(Ljava/lang/
> String;Lorg/apache/geronimo/webservices/WebServiceContainer;)V
>        at  
> org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
> [...]
>
> Could you indicate if this error was caused by a Geronimo bug or  
> rather a bad descriptor (or mapping)?
>
> If you like I can provide the hello-ejb.jar example file from the  
> jBoss 4 documentation for you to see the error yourself.
>
> Have you got any simple JAX-RPC EJB endpoint example working on  
> Geronimo that you could share here?
>
> Thanks,
>
> Stefan
>
> Jeremy Boynes wrote:
>
>> Quick question - are you using the current HEAD build? There were a  
>> couple of bugs in our JAF implementation which would lead to similar  
>> failures to the first one which I checked fixes in for earlier this  
>> week.
>>
>> --
>> Jeremy
>>
>> Stefan Schmidt wrote:
>>
>>> Hi,
>>>
>>> I am currently trying to get some JAX-RPC Web services running on  
>>> Geronimo. Since there are not too many examples out there I chose to  
>>> try the jBoss examples which are described here:  
>>> http://docs.jboss.org/jbossas/jboss4guide/r2/html/ch12.html.
>>>
>>> After inserting a proper url in the HelloService.wsdl (<soap:address  
>>> location="http://localhost:8080/hello-servlet/Hello?WSDL"/>) I was  
>>> able to deploy the war file with the JSE Web Service.
>>>
>>> The problem here is if I invoke  
>>> http://localhost:8080/hello-servlet/Hello?method=hello&s=test I get  
>>> the following SOAP-Fault:
>>> [....]
>>> <faultcode>soapenv:Server.userException</faultcode>
>>> -
>>>    <faultstring>
>>> org.xml.sax.SAXParseException: Premature end of file.
>>> </faultstring>
>>> [...]
>>>
>>> ..when I use the supplied Client I get the following error:
>>> [..]
>>>     [java]  faultString: Tried to invoke method public abstract  
>>> java.lang.String  
>>> org.jboss.chap12.hello.Hello.hello(java.lang.String) throws  
>>> java.rmi.RemoteException with arguments java.lang.String.  The  
>>> arguments do not match the signature.; nested exception is:
>>>     [java]     java.lang.IllegalArgumentException: object is not an  
>>> instance of declaring class
>>> [...]
>>>
>>> In a second attempt I tried to deploy the hello-ejb.jar example  
>>> which serves as an EJB endpoint. Unfortunately I get a exception  
>>> during deployment:
>>> [...]
>>> 558 WARN  [BasicLifecycleMonitor] Exception occured while notifying  
>>> listener
>>> java.lang.NoSuchMethodError:  
>>> org.apache.geronimo.webservices.SoapHandler.addWebService
>>> (Ljava/lang/String;Lorg/apache/geronimo/webservices/
>>> WebServiceContainer;)V
>>>        at  
>>> org.openejb.server.axis.WSContainer.<init>(WSContainer.java:87)
>>> [...]
>>>
>>> Both of these Applications work perfectly in jBoss and I can't see  
>>> why they shouldn't work in Geronimo.
>>>
>>> I would be grateful if someone could try to deploy these  
>>> applications as well and tell me whether this is rather my problem  
>>> or a Geronimo Problem.
>>>
>>> Thanks in advance.
>>>
>>> Stefan
>>
>>
>>
>

Reply | Threaded
Open this post in threaded view
|

geronimo build fails

Stefan Schmidt-25
Hi,

I am getting the following error when trying to build Geronimo from
source (maven m:rebuild-all):

BUILD FAILED
File...... .maven\cache\maven-multiproject-plugin-1.3.1\plugin.jelly
Element... maven:reactor21:41:15,982 WARN  [HOWLLog] Received unexpected
log record: org.objectweb.howl.log.xa.XALogRecord@19cc1b
21:41:15,982 INFO  [HOWLLog] In doubt transactions recovered from log
Line...... 217
Column.... 9
Unable to obtain goal [default] --
geronimo\modules\assembly\maven.xml:379:63: <deploy:waitForStarted> null
21:41:16,402 INFO  [GeronimoLoginConfiguration] Added ApplTotal time: 50
minutes
 14 seconds
ication Configuration Entry geronimo-properties-realm
21:41:16,402 INFO  [GeronimoLoginConfiguration] Added Application
Configuration
Entry JMX
21:41:16,402 INFO  [GeronimoLoginConfiguration] Installed Geronimo login
configu
ration
21:41:16,743 INFO  [Credential] Checking Resource aliases
21:41:17,354 INFO  [SslListener] SslListener.needClientAuth=false
21:41:17,354 INFO  [SocketListener] Started SocketListener on 0.0.0.0:8443

:Stefan
Reply | Threaded
Open this post in threaded view
|

Re: geronimo build fails

David Jencks
Can you try
1. make sure no geronimo servers are running in the background
2. build just the assembly module?  (cd modules/assembly;maven -o)


Usually for me wait-for-started problems are either from a server
running in the background or too many other things going on at once.

thanks
david jencks


On Jun 12, 2005, at 4:58 AM, Stefan Schmidt wrote:

> Hi,
>
> I am getting the following error when trying to build Geronimo from
> source (maven m:rebuild-all):
>
> BUILD FAILED
> File...... .maven\cache\maven-multiproject-plugin-1.3.1\plugin.jelly
> Element... maven:reactor21:41:15,982 WARN  [HOWLLog] Received
> unexpected log record: org.objectweb.howl.log.xa.XALogRecord@19cc1b
> 21:41:15,982 INFO  [HOWLLog] In doubt transactions recovered from log
> Line...... 217
> Column.... 9
> Unable to obtain goal [default] --
> geronimo\modules\assembly\maven.xml:379:63: <deploy:waitForStarted>
> null
> 21:41:16,402 INFO  [GeronimoLoginConfiguration] Added ApplTotal time:
> 50 minutes
> 14 seconds
> ication Configuration Entry geronimo-properties-realm
> 21:41:16,402 INFO  [GeronimoLoginConfiguration] Added Application
> Configuration
> Entry JMX
> 21:41:16,402 INFO  [GeronimoLoginConfiguration] Installed Geronimo
> login configu
> ration
> 21:41:16,743 INFO  [Credential] Checking Resource aliases
> 21:41:17,354 INFO  [SslListener] SslListener.needClientAuth=false
> 21:41:17,354 INFO  [SocketListener] Started SocketListener on
> 0.0.0.0:8443
>
> :Stefan
>

Reply | Threaded
Open this post in threaded view
|

JAX-RPC Web Service with Complex Types

Stefan Schmidt-25
In reply to this post by David Jencks
Hi,

I have further questions regarding web services..

I have managed to get a simple method running (of type: public String
getMessage()) in on a JSE. But I am getting an Axis Fault for the
following type: public MySimpleBean[] getBeans()

AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
 faultSubcode:
 faultString: java.io.IOException: No serializer found for class
com.ibm.dw.reallybigpet.Category in registry
org.apache.axis.encoding.TypeMappingDelegate@1fd270d

The WSDL element for this (simple :-)) complexType is:

<xsd:schema targetNamespace="urn:http://ejb.reallybigpet.dw.ibm.com" xmlns:ns2="urn:http://arrays/com/ibm/dw/reallybigpet" xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/" xmlns:soap11-enc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:tns="urn:http://ejb.reallybigpet.dw.ibm.com" xmlns:wsdl="http://schemas.xmlsoap.org/wsdl/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
                        <xsd:import namespace="urn:http://arrays/com/ibm/dw/reallybigpet"/>
                        <xsd:complexType name="Category">
                                <xsd:sequence>
                                        <xsd:element name="id" nillable="true" type="xsd:string"/>
                                        <xsd:element name="name" nillable="true" type="xsd:string"/>
                                </xsd:sequence>
                         </xsd:complexType>
                </xsd:schema>

I read in some JAX-RPC tutorial that the inclusion of the <java-xml-type-mapping> element is not necessary in the JAX-RPC mapping file if you are using standard XML schema built-in types with standard mapping to Java. I believe that happens with my Category bean.

Since I get the 'no serializer found' exception I was wondering where I
should specify the Category.class for the serializer to find it?

Regards,

Stefan Schmidt