Topic
2 replies Latest Post - ‏2013-11-21T14:04:53Z by UniqueScreenName
Alex_Rasmussen
Alex_Rasmussen
2 Posts
ACCEPTED ANSWER

Pinned topic Unable to inject No-Interface EJB with security defined

‏2013-11-06T15:47:17Z |

I am trying to deploy an enterprise application EAR consisting of:

- an EJB 3.1 module containing stateless session beans
- a web module containing servlets

to WebSphere Community 3.0.0.4 Server.

The beans are exposed through the @LocalBean annotation and injected into the servlets using the @EJB annotation.

Without any application security settings defined, everything works flawlessly. But, as soon as I define even the simplest security setup, injection fails with the message:


java.lang.IllegalArgumentException: Invalid method interface: LocalBean
javax.security.jacc.EJBMethodPermission$MethodSpec.checkMethodInterface(EJBMethodPermission.java:303)
javax.security.jacc.EJBMethodPermission$MethodSpec.<init>(EJBMethodPermission.java:209)
javax.security.jacc.EJBMethodPermission.<init>(EJBMethodPermission.java:90)
org.apache.geronimo.openejb.GeronimoSecurityService.isCallerAuthorized(GeronimoSecurityService.java:100)
org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:159)
org.apache.openejb.core.ivm.EjbObjectProxyHandler.synchronizedBusinessMethod(EjbObjectProxyHandler.java:255)
org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:235)
org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:92)
org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:284)
com.sun.proxy.$Proxy117.getSysTime(Unknown Source)
dk.danicon.servlet.Systime.doGet(Systime.java:43)
javax.servlet.http.HttpServlet.service(HttpServlet.java:575)
javax.servlet.http.HttpServlet.service(HttpServlet.java:668)


The security configuration works perfectly and prompts for credentials on servlets defined with an annotation like the one below, if they don't try to inject an EJB:


@ServletSecurity(@HttpConstraint(rolesAllowed={"admin"}))


I can make the injection work by removing the @LocalBean and implementing a @Local interface instead. But, from what I have been able to read on the subject, this *should* work with no-interface views as well - and I would like to avoid the added overhead from the interface.

I am attaching a sample application below and hope someone can tell me what I'm missing here?

 

Attachments