Security Problem when call EJB in servlet:[Security:090398]Invalid Subject
996481Mar 12 2013 — edited Mar 14 2013Hi guys,
I have several years experience with Java and EJB developing,but still I cann't explain this problem although I already knew the fix...
Please,can anyone help me to explain why? Thanks very much!
Ok,the problem is when I call a remote EJB in one method ,that is everything about EJB is in one method,then everything is ok.But when I just return the
*remote service object from an helper class's static method, and call the service in servlet ,then I get java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076],which sundan076 is username login into the web application.*
The right way, call method directCall(param) ; The wrong way, call method staticToolCall(final Map param) .
-----
public class EJBServletClient extends HttpServlet
{
protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
this.doPost(request, response);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException,
IOException
{
try
{
Map<String, String> param = new HashMap<String, String>();
param.put("CTS_CUSTOMER_ID", request.getParameter("CTS_CUSTOMER_ID"));
param.put("CTS_TASK_ID", request.getParameter("CTS_TASK_ID"));
param.put("SERIALNO", request.getParameter("SERIALNO"));
param.put("CUSTOMER_SERVICE_UM", request.getParameter("CUSTOMER_SERVICE_UM"));
Map result = this.directCall(param);
System.out.println(result);
} catch (Exception e)
{
e.printStackTrace();
throw new ServletException(e);
}
}
private Map directCall(Map param) throws Exception
{
Context context = null;
try
{
Properties p = new Properties();
p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
p.put(Context.SECURITY_PRINCIPAL, "username");
p.put(Context.SECURITY_CREDENTIALS, "password");
context = new InitialContext(p);
BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
BizApplyService bizApplyService = home.create();
return bizApplyService.modifyApplyCustomerInfo(param);
} finally
{
if (context != null)
{
context.close();
}
}
}
private Map staticToolCall(final Map param) throws Exception
{
BizApplyService bizApplyService = EJBTool.getBizApplyService();
return bizApplyService.modifyApplyCustomerInfo(param);
}
}
public class EJBTool
{
public static BizApplyService getBizApplyService() throws Exception
{
Context context = null;
try
{
Properties p = new Properties();
p.put(Context.PROVIDER_URL, "t3://10.25.32.13:31256");
p.put(Context.INITIAL_CONTEXT_FACTORY, "weblogic.jndi.WLInitialContextFactory");
p.put(Context.SECURITY_PRINCIPAL, "username");
p.put(Context.SECURITY_CREDENTIALS, "password");
context = new InitialContext(p);
BizApplyServiceHome home = (BizApplyServiceHome) PortableRemoteObject.narrow(
context.lookup("ejb/rcs-css/BizApplyService"), BizApplyServiceHome.class);
return home.create();
} finally
{
if (context != null)
{
context.close();
}
}
}
}
-----
java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
at weblogic.rjvm.ResponseImpl.unmarshalReturn(ResponseImpl.java:234)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:348)
at weblogic.rmi.cluster.ClusterableRemoteRef.invoke(ClusterableRemoteRef.java:259)
at com.pingan.rcs.css.biz.service.remote.ejb.bizApplyService_u7jjbk_EOImpl_1032_WLStub.modifyApplyCustomerInfo(Unknown Source)
at com.pingan.pafax.web.EJBServletClient.staticToolCall(EJBServletClient.java:80)
at com.pingan.pafax.web.EJBServletClient.doPost(EJBServletClient.java:43)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:820)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:227)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:292)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:175)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3594)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2202)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:2108)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1432)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Caused by: java.lang.SecurityException: [Security:090398]Invalid Subject: principals=[sundan076]
at weblogic.security.service.SecurityServiceManager.seal(SecurityServiceManager.java:835)
at weblogic.security.service.SecurityServiceManager.getSealedSubjectFromWire(SecurityServiceManager.java:524)
at weblogic.rjvm.MsgAbbrevInputStream.getSubject(MsgAbbrevInputStream.java:315)
at weblogic.rmi.internal.BasicServerRef.acceptRequest(BasicServerRef.java:875)
at weblogic.rmi.internal.BasicServerRef.dispatch(BasicServerRef.java:310)
at weblogic.rmi.cluster.ClusterableServerRef.dispatch(ClusterableServerRef.java:242)
at weblogic.rjvm.RJVMImpl.dispatchRequest(RJVMImpl.java:1138)
at weblogic.rjvm.RJVMImpl.dispatch(RJVMImpl.java:1020)
at weblogic.rjvm.ConnectionManagerServer.handleRJVM(ConnectionManagerServer.java:240)
at weblogic.rjvm.ConnectionManager.dispatch(ConnectionManager.java:882)
at weblogic.rjvm.MsgAbbrevJVMConnection.dispatch(MsgAbbrevJVMConnection.java:453)
at weblogic.rjvm.t3.MuxableSocketT3.dispatch(MuxableSocketT3.java:322)
at weblogic.socket.BaseAbstractMuxableSocket.dispatch(BaseAbstractMuxableSocket.java:298)
at weblogic.socket.SocketMuxer.readReadySocketOnce(SocketMuxer.java:915)
at weblogic.socket.SocketMuxer.readReadySocket(SocketMuxer.java:854)
at weblogic.socket.EPollSocketMuxer.dataReceived(EPollSocketMuxer.java:215)
at weblogic.socket.EPollSocketMuxer.processSockets(EPollSocketMuxer.java:177)
at weblogic.socket.SocketReaderRequest.run(SocketReaderRequest.java:29)
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Edited by: 993478 on 2013-3-12 下午8:40