You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Juergen Weber <we...@gmail.com> on 2009/07/24 16:24:31 UTC
NPE in ContextManager.getCurrentContext
Hi,
I wanted to test the call chain like this:
Java Client -> as tomcat -> UnSecured3Bean -> as apache -> Secured3Bean
i.e. the first bean should call the second one with another user that the
first bean is running under:
SimpleCallbackHandler handler = new SimpleCallbackHandler(
user, password.toCharArray());
LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
System.out.println("lc.getSubject: " + subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
s1 = secured3Bean.secureMethod(input);
}
finally
{
ContextManager.popCallers(oldCallers);
}
But this results in NPE in
java.lang.NullPointerException
at
org.apache.geronimo.security.ContextManager.getCurrentContext(ContextManager.java:201)
at
org.apache.geronimo.openejb.GeronimoSecurityService.isCallerAuthorized(GeronimoSecurityService.java:102)
,which is the second line of
assert context != null : "No registered context";
return context.getContext();
so it should never be null.
Is that a bug or is s.th. wrong with my code? I append the sample project.
Thanks,
Juergen
http://www.nabble.com/file/p24645453/SecuredEJBGeronimo.zip
SecuredEJBGeronimo.zip
unsecureMethod called
callerPrincipal: tomcat
is caller in role Member_admin: false
lc.getSubject: Subject:
Principal: users
Principal: tomcatgroup
Principal: apache
java.lang.NullPointerException
at
org.apache.geronimo.security.ContextManager.getCurrentContext(ContextManager.java:201)
at
org.apache.geronimo.openejb.GeronimoSecurityService.isCallerAuthorized(GeronimoSecurityService.java:102)
at
org.apache.openejb.core.stateless.StatelessContainer.invoke(StatelessContainer.java:151)
at
org.apache.openejb.core.ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:217)
at
org.apache.openejb.core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
at
org.apache.openejb.core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:281)
at $Proxy73.secureMethod(Unknown Source)
at ejb3.UnSecured3Bean.unsecureMethod(UnSecured3Bean.java:57)
--
View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24645453.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: NPE in ContextManager.getCurrentContext
Posted by Juergen Weber <we...@gmail.com>.
Hi,
I guess with "run-as semantics" you mean the run-as elements in web.xml and
ejb-jar.xml ?
I was writing rather from view of Subject.doas() semantics which I tried to
emulate, and from this view I found it odd that the new Subject didn't
become immediately active.
I checked with Weblogic Server 10.3, with
weblogic.security.Security.runAs(subject, new PrivilegedAction()) the new
Subject is immediately active in the Action. I guess this would be the same
with Big Websphere's WSSubject.doAs(), but I cannot check.
So I'd like if https://issues.apache.org/jira/browse/GERONIMO-4765
would be implemented with the same semantics as WLS or WAS.
Thanks,
Juergen
djencks wrote:
>
>
> On Jul 28, 2009, at 4:02 AM, Juergen Weber wrote:
>
>>
>> Hi,
>>
>> I found that if the code between pushNextCaller and popCallers still
>> runs
>> with the previous Subject, i.e.
>>
>> // point A
>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>> // point B
>> System.out.println("getCurrentCaller(): " +
>> ContextManager.getCurrentCaller());
>> System.out.println("Subject.getSubject: " +
>> Subject.getSubject(ContextManager.getCurrentContext()));
>> ContextManager.popCallers(oldCallers);
>>
>> the println() outputs at B give the same Subject as at A, the pushed
>> subject
>> is not active until the next called ejb. Being used to the doas()
>> semantics
>> this is kind of surprising...
>>
>> Would it be possible to change the behaviour to get the new Subject
>> immediately active?
>
> This stuff is definitely weird and confusing, but is there to support
> run-as semantics. Run-as is not explained very well in any spec I've
> seen but after long study I think its supposed to work like this:
>
> Start with identity A
>
> call component C1 which is configured with run-as identity B
>
> when you call C1 or ask isUserInRole() in C1 or getUserPrincipal/
> getCallerPrincipal in C1, the answer is derived from A
>
> If, in C1, you call a further component C2, the permissions for the
> operation you want to do, isUserInRole, getUser/CallerPrincipal in C2
> are all determined from the run-as identity B.
>
> So, ContextManager.push sets up the run-as identity the next component
> to be called will use.
>
> So unless you can convince me my understanding of run-as identities is
> wrong we aren't going to change how the push/pop stuff works. It
> really isn't intended for use by applications.
>
> On the other hand, if you want to immediately execute under another
> identity you can set both the subjects the context manager tracks
> using setCallers. Be sure to restore the previous state when you are
> done.
>
> thanks
> david jencks
>
>>
>> Thanks,
>> Juergen
>>
>>
>> Juergen Weber wrote:
>>>
>>>
>>> djencks wrote:
>>>>
>>>>
>>>> Geronimo uses the AccessControlContext for the Subject to evaluate
>>>> security decisions. So, you need to get Geronimo to compute and
>>>> store
>>>> this ACC for you.
>>>> [..]
>>>>
>>>
>>> Well, the methodname pushNextCaller suggests that it would do that.
>>> Anyway, with the code below it works now.
>>>
>>> This code should be in Geronimo itself, I created GERONIMO-4765.
>>>
>>> Thanks,
>>> Jürgen
>>>
>>>
>>>
>>> SimpleCallbackHandler handler = new SimpleCallbackHandler(
>>> user, password.toCharArray());
>>>
>>> LoginContext lc = new LoginContext("geronimo-admin", handler);
>>> lc.login();
>>>
>>> Subject subject = lc.getSubject();
>>> System.out.println("lc.getSubject: " + subject);
>>>
>>>
>>> ContextManager.registerSubject(subject);
>>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>>> try
>>> {
>>> s1 = secured3Bean.secureMethod(input);
>>> }
>>> finally
>>> {
>>> ContextManager.popCallers(oldCallers);
>>> }
>>>
>>>
>>
>> --
>> View this message in context:
>> http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24697077.html
>> Sent from the Apache Geronimo - Users mailing list archive at
>> Nabble.com.
>>
>
>
--
View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24755733.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: NPE in ContextManager.getCurrentContext
Posted by David Jencks <da...@yahoo.com>.
On Jul 28, 2009, at 4:02 AM, Juergen Weber wrote:
>
> Hi,
>
> I found that if the code between pushNextCaller and popCallers still
> runs
> with the previous Subject, i.e.
>
> // point A
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> // point B
> System.out.println("getCurrentCaller(): " +
> ContextManager.getCurrentCaller());
> System.out.println("Subject.getSubject: " +
> Subject.getSubject(ContextManager.getCurrentContext()));
> ContextManager.popCallers(oldCallers);
>
> the println() outputs at B give the same Subject as at A, the pushed
> subject
> is not active until the next called ejb. Being used to the doas()
> semantics
> this is kind of surprising...
>
> Would it be possible to change the behaviour to get the new Subject
> immediately active?
This stuff is definitely weird and confusing, but is there to support
run-as semantics. Run-as is not explained very well in any spec I've
seen but after long study I think its supposed to work like this:
Start with identity A
call component C1 which is configured with run-as identity B
when you call C1 or ask isUserInRole() in C1 or getUserPrincipal/
getCallerPrincipal in C1, the answer is derived from A
If, in C1, you call a further component C2, the permissions for the
operation you want to do, isUserInRole, getUser/CallerPrincipal in C2
are all determined from the run-as identity B.
So, ContextManager.push sets up the run-as identity the next component
to be called will use.
So unless you can convince me my understanding of run-as identities is
wrong we aren't going to change how the push/pop stuff works. It
really isn't intended for use by applications.
On the other hand, if you want to immediately execute under another
identity you can set both the subjects the context manager tracks
using setCallers. Be sure to restore the previous state when you are
done.
thanks
david jencks
>
> Thanks,
> Juergen
>
>
> Juergen Weber wrote:
>>
>>
>> djencks wrote:
>>>
>>>
>>> Geronimo uses the AccessControlContext for the Subject to evaluate
>>> security decisions. So, you need to get Geronimo to compute and
>>> store
>>> this ACC for you.
>>> [..]
>>>
>>
>> Well, the methodname pushNextCaller suggests that it would do that.
>> Anyway, with the code below it works now.
>>
>> This code should be in Geronimo itself, I created GERONIMO-4765.
>>
>> Thanks,
>> Jürgen
>>
>>
>>
>> SimpleCallbackHandler handler = new SimpleCallbackHandler(
>> user, password.toCharArray());
>>
>> LoginContext lc = new LoginContext("geronimo-admin", handler);
>> lc.login();
>>
>> Subject subject = lc.getSubject();
>> System.out.println("lc.getSubject: " + subject);
>>
>>
>> ContextManager.registerSubject(subject);
>> Callers oldCallers = ContextManager.pushNextCaller(subject);
>> try
>> {
>> s1 = secured3Bean.secureMethod(input);
>> }
>> finally
>> {
>> ContextManager.popCallers(oldCallers);
>> }
>>
>>
>
> --
> View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24697077.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: NPE in ContextManager.getCurrentContext
Posted by Juergen Weber <we...@gmail.com>.
Hi,
I found that if the code between pushNextCaller and popCallers still runs
with the previous Subject, i.e.
// point A
Callers oldCallers = ContextManager.pushNextCaller(subject);
// point B
System.out.println("getCurrentCaller(): " +
ContextManager.getCurrentCaller());
System.out.println("Subject.getSubject: " +
Subject.getSubject(ContextManager.getCurrentContext()));
ContextManager.popCallers(oldCallers);
the println() outputs at B give the same Subject as at A, the pushed subject
is not active until the next called ejb. Being used to the doas() semantics
this is kind of surprising...
Would it be possible to change the behaviour to get the new Subject
immediately active?
Thanks,
Juergen
Juergen Weber wrote:
>
>
> djencks wrote:
>>
>>
>> Geronimo uses the AccessControlContext for the Subject to evaluate
>> security decisions. So, you need to get Geronimo to compute and store
>> this ACC for you.
>> [..]
>>
>
> Well, the methodname pushNextCaller suggests that it would do that.
> Anyway, with the code below it works now.
>
> This code should be in Geronimo itself, I created GERONIMO-4765.
>
> Thanks,
> Jürgen
>
>
>
> SimpleCallbackHandler handler = new SimpleCallbackHandler(
> user, password.toCharArray());
>
> LoginContext lc = new LoginContext("geronimo-admin", handler);
> lc.login();
>
> Subject subject = lc.getSubject();
> System.out.println("lc.getSubject: " + subject);
>
>
> ContextManager.registerSubject(subject);
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> try
> {
> s1 = secured3Bean.secureMethod(input);
> }
> finally
> {
> ContextManager.popCallers(oldCallers);
> }
>
>
--
View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24697077.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: NPE in ContextManager.getCurrentContext
Posted by Juergen Weber <we...@gmail.com>.
djencks wrote:
>
>
> Geronimo uses the AccessControlContext for the Subject to evaluate
> security decisions. So, you need to get Geronimo to compute and store
> this ACC for you.
> [..]
>
Well, the methodname pushNextCaller suggests that it would do that. Anyway,
with the code below it works now.
This code should be in Geronimo itself, I created GERONIMO-4765.
Thanks,
Jürgen
SimpleCallbackHandler handler = new SimpleCallbackHandler(
user, password.toCharArray());
LoginContext lc = new LoginContext("geronimo-admin", handler);
lc.login();
Subject subject = lc.getSubject();
System.out.println("lc.getSubject: " + subject);
ContextManager.registerSubject(subject);
Callers oldCallers = ContextManager.pushNextCaller(subject);
try
{
s1 = secured3Bean.secureMethod(input);
}
finally
{
ContextManager.popCallers(oldCallers);
}
--
View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24665808.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: NPE in ContextManager.getCurrentContext
Posted by David Jencks <da...@yahoo.com>.
On Jul 24, 2009, at 7:24 AM, Juergen Weber wrote:
>
> Hi,
>
> I wanted to test the call chain like this:
>
> Java Client -> as tomcat -> UnSecured3Bean -> as apache ->
> Secured3Bean
>
> i.e. the first bean should call the second one with another user
> that the
> first bean is running under:
>
> SimpleCallbackHandler handler = new SimpleCallbackHandler(
> user, password.toCharArray());
>
> LoginContext lc = new LoginContext("geronimo-admin", handler);
> lc.login();
>
> Subject subject = lc.getSubject();
> System.out.println("lc.getSubject: " + subject);
>
> Callers oldCallers = ContextManager.pushNextCaller(subject);
> try
> {
> s1 = secured3Bean.secureMethod(input);
> }
> finally
> {
> ContextManager.popCallers(oldCallers);
> }
>
> But this results in NPE in
> java.lang.NullPointerException
> at
> org
> .apache
> .geronimo
> .security.ContextManager.getCurrentContext(ContextManager.java:201)
> at
> org
> .apache
> .geronimo
> .openejb
> .GeronimoSecurityService
> .isCallerAuthorized(GeronimoSecurityService.java:102)
>
> ,which is the second line of
> assert context != null : "No registered context";
>
> return context.getContext();
>
> so it should never be null.
> Is that a bug or is s.th. wrong with my code? I append the sample
> project.
Geronimo uses the AccessControlContext for the Subject to evaluate
security decisions. So, you need to get Geronimo to compute and store
this ACC for you.
You can do this by calling ContextManager login(String realm,
CallbackHandler callbackHandler, Configuration configuration) or
login(String realm, CallbackHandler callbackHandler) instead of
creating your own LoginContext, or by calling
ContextManager.registerSubject(Subject subject) after logging in.
After you've registered the Subject, setting the callers will result
in the lookup for the ACC succeeding instead of giving you an NPE.
At the moment I don't recall why we pass Subjects around rather than
identity objects that have both the Subject and the ACC in them.
thanks
david jencks
>
> Thanks,
> Juergen
>
> http://www.nabble.com/file/p24645453/SecuredEJBGeronimo.zip
> SecuredEJBGeronimo.zip
>
> unsecureMethod called
> callerPrincipal: tomcat
> is caller in role Member_admin: false
> lc.getSubject: Subject:
> Principal: users
> Principal: tomcatgroup
> Principal: apache
>
> java.lang.NullPointerException
> at
> org
> .apache
> .geronimo
> .security.ContextManager.getCurrentContext(ContextManager.java:201)
> at
> org
> .apache
> .geronimo
> .openejb
> .GeronimoSecurityService
> .isCallerAuthorized(GeronimoSecurityService.java:102)
> at
> org
> .apache
> .openejb
> .core.stateless.StatelessContainer.invoke(StatelessContainer.java:151)
> at
> org
> .apache
> .openejb
> .core
> .ivm.EjbObjectProxyHandler.businessMethod(EjbObjectProxyHandler.java:
> 217)
> at
> org
> .apache
> .openejb
> .core.ivm.EjbObjectProxyHandler._invoke(EjbObjectProxyHandler.java:77)
> at
> org
> .apache
> .openejb
> .core.ivm.BaseEjbProxyHandler.invoke(BaseEjbProxyHandler.java:281)
> at $Proxy73.secureMethod(Unknown Source)
> at ejb3.UnSecured3Bean.unsecureMethod(UnSecured3Bean.java:57)
>
>
> --
> View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24645453.html
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>
Re: NPE in ContextManager.getCurrentContext
Posted by Juergen Weber <we...@gmail.com>.
Sorry, forgot:
Geronimo Jetty
2.2-SNAPSHOT
Build 2009.07.23-03:08:48.294-0400
--
View this message in context: http://www.nabble.com/NPE-in-ContextManager.getCurrentContext-tp24645453s134p24645501.html
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.