Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8560

EJBAccessException when MDB contains RunAs annotation

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Blocker
    • Resolution: Rejected
    • Affects Version/s: 10.1.0.Final
    • Fix Version/s: None
    • Component/s: EJB, Security
    • Labels:
      None
    • Steps to Reproduce:
      Hide

      Use attached reproducer - it's a helloworld-mdb quickstart with added @RunAs annotation to HelloWorldQueueMDB class.

      • deploy it
      • open app in the browser - http://localhost:8080/wildfly-helloworld-mdb/HelloWorldMDBServletClient
      • check the server log. If the issue is still present, you'll see following error:
        09:36:42,910 ERROR [org.apache.activemq.artemis.ra] (Thread-24 (ActiveMQ-client-global-threads-580560225)) AMQ154004: Failed to deliver message: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public void org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB.onMessage(javax.jms.Message) of bean: HelloWorldQueueMDB is not allowed
        	at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponentDescription$5$1.processInvocation(MessageDrivenComponentDescription.java:239)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256)
        	at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609)
        	at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
        	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240)
        	at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
        	at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
        	at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185)
        	at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74)
        	at org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB$$$view10.onMessage(Unknown Source)
        	at sun.reflect.GeneratedMethodAccessor33.invoke(Unknown Source)
        	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        	at java.lang.reflect.Method.invoke(Method.java:498)
        	at org.jboss.as.ejb3.inflow.MessageEndpointInvocationHandler.doInvoke(MessageEndpointInvocationHandler.java:139)
        	at org.jboss.as.ejb3.inflow.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:73)
        	at org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB$$$endpoint8.onMessage(Unknown Source)
        	at org.apache.activemq.artemis.ra.inflow.ActiveMQMessageHandler.onMessage(ActiveMQMessageHandler.java:303)
        	at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.callOnMessage(ClientConsumerImpl.java:1001)
        	at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.access$400(ClientConsumerImpl.java:49)
        	at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl$Runner.run(ClientConsumerImpl.java:1124)
        	at org.apache.activemq.artemis.utils.OrderedExecutorFactory$OrderedExecutor$ExecutorTask.run(OrderedExecutorFactory.java:101)
        	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        	at java.lang.Thread.run(Thread.java:745)
        
      Show
      Use attached reproducer - it's a helloworld-mdb quickstart with added @RunAs annotation to HelloWorldQueueMDB class. deploy it open app in the browser - http://localhost:8080/wildfly-helloworld-mdb/HelloWorldMDBServletClient check the server log. If the issue is still present, you'll see following error: 09:36:42,910 ERROR [org.apache.activemq.artemis.ra] (Thread-24 (ActiveMQ-client-global-threads-580560225)) AMQ154004: Failed to deliver message: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public void org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB.onMessage(javax.jms.Message) of bean: HelloWorldQueueMDB is not allowed at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:134) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:57) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.as.ejb3.component.messagedriven.MessageDrivenComponentDescription$5$1.processInvocation(MessageDrivenComponentDescription.java:239) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:256) at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:609) at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:240) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53) at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185) at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:74) at org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB$$$view10.onMessage(Unknown Source) at sun.reflect.GeneratedMethodAccessor33.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.as.ejb3.inflow.MessageEndpointInvocationHandler.doInvoke(MessageEndpointInvocationHandler.java:139) at org.jboss.as.ejb3.inflow.AbstractInvocationHandler.invoke(AbstractInvocationHandler.java:73) at org.jboss.as.quickstarts.mdb.HelloWorldQueueMDB$$$endpoint8.onMessage(Unknown Source) at org.apache.activemq.artemis.ra.inflow.ActiveMQMessageHandler.onMessage(ActiveMQMessageHandler.java:303) at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.callOnMessage(ClientConsumerImpl.java:1001) at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl.access$400(ClientConsumerImpl.java:49) at org.apache.activemq.artemis.core.client.impl.ClientConsumerImpl$Runner.run(ClientConsumerImpl.java:1124) at org.apache.activemq.artemis.utils.OrderedExecutorFactory$OrderedExecutor$ExecutorTask.run(OrderedExecutorFactory.java:101) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)

      Description

      If an MDB contains @RunAs annotation, then receiving messages fails with

      09:26:48,243 ERROR [org.apache.activemq.artemis.ra] (Thread-4 (ActiveMQ-client-global-threads-580560225)) AMQ154004: Failed to deliver message: javax.ejb.EJBAccessException: WFLYEJB0364: Invocation on method: public void org.jboss.as.quickstarts.ejb.remote.mdb.HelloWithRunAsMDB.onMessage(javax.jms.Message) of bean: HelloWithRunAsMDB is not allowed
      

      The @RunAs must not restrict access to a bean (incoming calls), it just says which role will be used for outgoing calls.

        Gliffy Diagrams

          Attachments

            Issue Links

              Activity

                People

                • Assignee:
                  swd847 Stuart Douglas
                  Reporter:
                  jcacek Josef Cacek
                • Votes:
                  0 Vote for this issue
                  Watchers:
                  3 Start watching this issue

                  Dates

                  • Created:
                    Updated:
                    Resolved: