Why does security propagation not work between EJB 2 beans on JBoss 5.x?

Solution Verified - Updated -

Issue

  • Why does security propagation not work between EJB 2 beans on JBoss 5.x?
  • Our application looks like the following:
servlet (run as) --> Example EJB 2 (secured)  --> SecondExample EJB 2 (secured)

The servlet can call the Example bean, but the Example bean is not able to call the SecondExample bean. The following exception is logged:

2012-04-10 16:20:06,149 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (http-127.0.0.1-8080-1) Error in Security Interceptor
java.lang.SecurityException: Authentication exception, principal=null
    at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:322)
    at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
    at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
    at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:169)
    at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:91)
    at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
    at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
    at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
    at org.jboss.ejb.Container.invoke(Container.java:1109)
    at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
    at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
    at $Proxy133.create(Unknown Source)
  • Not able to use RUNAS feature in JBoss EAP 5.1, We have configured the jboss-web.xml, but a null is passed as the user for authentication.
<jboss-web>
  <security-domain>java:/jaas/example-domain</security-domain>
  <security-role>
    <role-name>JBossAdmin</role-name>
    <principal-name>Admin</principal-name>
  </security-role>

  <servlet>
    <servlet-name>exampleServlet</servlet-name>
    <run-as-principal>Admin</run-as-principal>
  </servlet>
</jboss-web>
  • When trying to connect from an EJB Client on TIBCO to an EJB deployed on JBoss server, the following exception is encountered:-
ERROR [SecurityInterceptor] Error in Security Interceptor
java.lang.SecurityException: Authentication exception, principal=null
        at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)
        at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
        at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
        at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:142)
        at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
        at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
        at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
        at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
        at org.jboss.ejb.Container.invoke(Container.java:1109)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
        at org.jboss.invocation.unified.server.UnifiedInvoker.invoke(UnifiedInvoker.java:232)
        at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:930)
        at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:791)
        at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744)
        at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)
        at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)

Environment

  • JBoss Enterprise Application Platform (EAP)
    • 5.1.0
    • 5.1.2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content