EJB Security and Web Server Authentication

Hello J2EE gurus.

My warm wishes to u all.

I am stuck with this problem from a long time. Please Help......

I have a Session bean which calls 6 entity beans for getting the data out and displaying. The whole applications has 2 roles defined. I have selected the basic authentication model for the login jsp file.

I am running on Win 2000 and sun Java refrence implentation (j2sdkee1.3).
The problem is when I login as the first role, the system is stuck to it. It does not change the its behavior for the other role. The system gets tied to the first login role. How do i make the application behave appropriatley to the login role.

I have attched my session bean code here...
----------------------------------------------------
/*
 *
 * Client Controller ejb
 *
 */

import java.util.*;
import javax.ejb.*;
import javax.naming.*;
import javax.rmi.PortableRemoteObject;
import java.rmi.RemoteException;

import org.w3c.dom.*;
import com.sun.xml.tree.*;
import com.sun.xml.parser.Resolver;
import com.sun.xml.parser.Parser;
import org.xml.sax.helpers.ParserFactory;
import org.xml.sax.DocumentHandler;
import org.xml.sax.SAXException;
import org.xml.sax.InputSource;
import java.io.*;
import javax.servlet.http.*;



public class ClientControllerEJB implements SessionBean {

   private SessionContext sc;
   public String doSomething(String ctx, String act, String clientid)throws RemoteException {

      String outstr = new String();
      try {
             if(act.equals("list")) {
         XmlDocumentBuilder builder=new XmlDocumentBuilder();
             com.sun.xml.tree.XmlDocument doc = builder.createDocument();
             Element root = doc.createElement("clients");
             doc.appendChild(root);
                  
         Context initial = new InitialContext();
         Object objref = initial.lookup("java:comp/env/ejb/client");
             
             ClientHome home =
               (ClientHome)PortableRemoteObject.narrow(objref, ClientHome.class);
         
                  Collection c = home.findAll();
                Iterator i=c.iterator();
                  //outstr += "<table border=1> <tr> <td> <b> clientid</b> </td> <td> <b>name </b></td> </tr>"      ;
           while (i.hasNext()) {
              Client client = (Client)i.next();
                     String mclientid = (String)client.getPrimaryKey();
                    // outstr += "<tr><td>" + mclientid + "</td> <td> <a href='router.jsp?ctx=client&act=view&clientid=" + mclientid+ "'>" + client.getName() + "</a></td></tr>";
                     Element element=doc.createElement("client");
              SeabedUtil.createElementNode(doc,"clientid",mclientid,element);          
              SeabedUtil.createElementNode(doc,"name",client.getName(),element);
              root.appendChild(element);
              //System.out.println(client.getName() + client.getAddress() + client.getPhone() + client.getFax() + client.getWebsite() + client.getProfile());
              //outstr += clientid + "      " +  client.getName() + " \n" ;
             
           }
           //outstr = SeabedUtil.convertXml2String(doc);
           
           //outstr += "</table>";

           //SeabedUtil.createFile("d:\\genClient.xml" ,outstr);
           outstr = PageBuilder.getMinipage(doc,"",ctx,act);
           Hashtable ht = new Hashtable();
           ht.put("clientlist", outstr);
           PageAssembler pa = new PageAssembler();
           outstr = pa.getPage(ht,"","client");
           //outstr = PageBuilder.transform(out);
           System.out.println(sc.getCallerPrincipal().getName());
           return outstr;
           
            }
            
            if(act.equals("view")) {
           
           Context initial = new InitialContext();
           Object objref = initial.lookup("java:comp/env/ejb/client");
             
               ClientHome clienthome =
               (ClientHome)PortableRemoteObject.narrow(objref, ClientHome.class);
             
           Client client = clienthome.findByPrimaryKey(clientid);
           outstr += "<table border=1>";
           outstr += "<tr> <td>Name </td><td>" + client.getName()+"</td></tr><tr><td>Address </td><td>" + client.getAddress() +" </td> </tr> <tr><td> Phone </td><td>" + client.getPhone() +"</td> </tr> <tr><td> Fax </td> <td>" + client.getFax() +"</td></tr> <tr> <td> Website </td> <td>"+ client.getWebsite() +"</td></tr><tr><td> Profile </td><td> "+ client.getProfile() + "</td></tr></table>";
           
           objref = initial.lookup("java:comp/env/ejb/notes4client");
           Notes4ClientHome n4chome =
               (Notes4ClientHome)PortableRemoteObject.narrow(objref,
                                            Notes4ClientHome.class);
                                           
           Collection c = n4chome.findByClientid(clientid);
           if (c.size() > 0) {
                       outstr +=  "<br><b> Notes </b><table>";
                       Iterator i=c.iterator();
           
                       while (i.hasNext()) {
                             Notes4Client notes4client = (Notes4Client)i.next();
                             Object noteobjref = initial.lookup("java:comp/env/ejb/notes");

                             NoteHome notehome =  (NoteHome)PortableRemoteObject.narrow(noteobjref,
                                            NoteHome.class);
                             Note note = notehome.findByPrimaryKey(notes4client.getNoteid());
                             outstr += "<br><tr>"+ notes4client.getNoteid() + note.getSubject() + note.getNotedetails() + note.getAuthor() + note.getCreatedate() + "</tr>";
                  }
                  outstr += "</table>";
           }

           objref = initial.lookup("java:comp/env/ejb/orgh4client");

           Orgh4ClientHome orgh4chome =
               (Orgh4ClientHome)PortableRemoteObject.narrow(objref,
                                            Orgh4ClientHome.class);
                                           
           Collection co = orgh4chome.findByClientid(clientid);
           if (co.size() > 0 && sc.isCallerInRole("ProjectManager")) {
                       outstr +=  "<br><b> Organizational Highlights </b><table>";
                       Iterator i=co.iterator();
           
                       while (i.hasNext()) {
                             Orgh4Client orgh4Client = (Orgh4Client)i.next();
                             Object orghref = initial.lookup("java:comp/env/ejb/orghighlights");
                             

                             OrghighlightsHome orghhome =  (OrghighlightsHome)PortableRemoteObject.narrow(orghref,
                                            OrghighlightsHome.class);
                             Orghighlights orghighlights = orghhome.findByPrimaryKey(orgh4Client.getOrghid());
                             outstr += "<br><tr>"+ orghighlights.getHighlight1() + orghighlights.getHighlight2() + orghighlights.getHighlight3() + "</tr>";
                  }
                  outstr += "</table>";
           }

           return outstr;
           
            }
            
      } catch (NamingException ex) {
           System.out.println(ex.getMessage());
           throw new EJBException("NamingException: " + ex.getMessage());
           
      }
      catch (Exception ex) {
           System.err.println("Caught an unexpected exception!");
           ex.printStackTrace();
           return outstr;
     }
     return null;
   }
       
   public ClientControllerEJB() {}
   public void setSessionContext(SessionContext sc) {
        this.sc = sc;
    }
   public void ejbCreate() {System.out.println("ClientController: ejbCreate()");}
   public void ejbRemove()  {}
   public void ejbActivate() {}
   public void ejbPassivate() {}
   
}

------------------------------------------------------
Please help me.
Thanx
regds.
Keerthi Kumar M
keerthikmAsked:
Who is Participating?
 
MindphaserCommented:
Force accepted

** Mindphaser - Community Support Moderator **
0
 
jerchCommented:
Do you reuse the InitialContext object throughout the application?

Jerson
0
 
keerthikmAuthor Commented:
Dear jerch

I have re used the initial context object in the session bean in order to call 6 entity beans.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
jerchCommented:
Try to instantiate a new InitialContext for each thread. Do not keep the InitialContext as the session bean's attribute.
0
 
jerchCommented:
Can you post the code that connects to your session bean? Because I just read your code and based on the code, you didn't reuse the InitialContext.
0
 
keerthikmAuthor Commented:
dear jerch
sorry i have not re used the initial context
Heres my code,
----------------------------------------------------
<%@page import ="java.util.*" %>
<%@page import ="javax.ejb.*" %>
<%@page import ="javax.naming.*" %>
<%@page import="javax.rmi.PortableRemoteObject"%>
<%@page import="com.sun.enterprise.security.*" %>
<html>

<head>
    <title>Client JSP</title>
</head>

<body background="back.gif">
<font size = 5 color="#CC0000">

<h1><b><center>Client Test</center></b></h1>

<%
   LoginContext lc = new LoginContext();
   if(request.getParameter("ctx").equals("logoff"))
             lc.logout();
   
   lc.login(request.getParameter("username"),request.getParameter("password"));
   Context initial = new InitialContext();
   Object objref = initial.lookup("java:comp/env/ejb/MyClientController");
     
     ClientControllerHome home =
               (ClientControllerHome)PortableRemoteObject.narrow(objref,
                                            ClientControllerHome.class);
   ClientController cc = home.create();
   String s = cc.doSomething(request.getParameter("ctx"), request.getParameter("act"), request.getParameter("clientid"));
   cc.remove();
   out.println(s);    
   //String url = new String("route?ctx=" + request.getParameter("ctx") + "&act=" + request.getParameter("act") +"&clientid=" + request.getParameter("clientid"));
   //response.sendRedirect(url);

%>
<a href="router.jsp?ctx=logoff">Sign out</a>
       
</body>
</html>
----------------------------------------------------------
0
 
sudhakar_koundinyaCommented:
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:


[paq'ed/points refunded]


Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
sudhakar_koundinya
EE Cleanup Volunteer
---------------------
If you feel that your question was not properly addressed, or that none of the comments received were appropriate answers, please post your concern in THIS thread.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.