JPA Glassfish Database Update Issue

Question

I have an application deployed on Glassfish v3.0.1 which reads events from a table in my database. Once ready it marks them as processed. I am getting a strange error I can't explain when trying to call the method which does the update.

@Override
@TransactionAttribute(TransactionAttributeType.REQUIRES_NEW)
public void markEventAsProcessed(Long eventId) {
    try {
       AtlasEventQueueUpdateAsProcessedQuery setEventAsProcessed = new  AtlasEventQueueUpdateAsProcessedQuery(entityManager, eventId);
       int updateCount = setEventAsProcessed.execute();
       logger.debug("Mark Event [" + eventId + "] processed");
       return updateCount;
    } catch (QueryException ex) {
        logger.error("Event [" + eventId + "has not been marked as processed", ex);
    }
}

When this is called in my application I am getting the following exception (Full trace at the bottom of the post):

Caused by: javax.ejb.AccessLocalException: Client not authorized for this invocation.

Does anyone know what might cause this error I have loked on the Web but didn't find anything useful.

2010-08-27 09:44:37,380 ERROR [Ejb-Timer-Thread-1  :EventProvider       ] Unhandled exception in event processing - javax.ejb.EJBAccessException
javax.ejb.EJBAccessException
        at com.sun.ejb.containers.BaseContainer.mapLocal3xException(BaseContainer.java:2262)
        at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:2053)
        at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:1955)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:198)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:84)
        at $Proxy190.markEventAsProcessed(Unknown Source)
        at com.company.atlas.eventprocessor.provider.EventProvider.processNewEvents(EventProvider.java:170)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.glassfish.ejb.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1056)
        at org.glassfish.ejb.security.application.EJBSecurityManager.invoke(EJBSecurityManager.java:1128)
        at com.sun.ejb.containers.BaseContainer.invokeBeanMethod(BaseContainer.java:5292)
        at com.sun.ejb.EjbInvocation.invokeBeanMethod(EjbInvocation.java:615)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:797)
        at com.sun.ejb.EjbInvocation.proceed(EjbInvocation.java:567)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.doAround(SystemInterceptorProxy.java:157)
        at com.sun.ejb.containers.interceptors.SystemInterceptorProxy.aroundTimeout(SystemInterceptorProxy.java:144)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at com.sun.ejb.containers.interceptors.AroundInvokeInterceptor.intercept(InterceptorManager.java:858)
        at com.sun.ejb.containers.interceptors.AroundInvokeChainImpl.invokeNext(InterceptorManager.java:797)
        at com.sun.ejb.containers.interceptors.InterceptorManager.intercept(InterceptorManager.java:367)
        at com.sun.ejb.containers.BaseContainer.__intercept(BaseContainer.java:5264)
        at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:5252)
        at com.sun.ejb.containers.BaseContainer.callEJBTimeout(BaseContainer.java:3965)
        at com.sun.ejb.containers.EJBTimerService.deliverTimeout(EJBTimerService.java:1667)
        at com.sun.ejb.containers.EJBTimerService.access$100(EJBTimerService.java:98)
        at com.sun.ejb.containers.EJBTimerService$TaskExpiredWork.run(EJBTimerService.java:2485)
        at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
        at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
        at java.util.concurrent.FutureTask.run(FutureTask.java:138)
        at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
        at java.lang.Thread.run(Thread.java:619)
Caused by: javax.ejb.AccessLocalException: Client not authorized for this invocation.
        at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:1850)
        at com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:188)
        ... 34 more

Answer 1

I've deleted the directory domains/domainx/generated/policy/<appname>/ and completly redeployed (not just restarted) the app.. its working now as expected.

The GlassFish documentation has an entry for this error:

javax.ejb.AccessLocalException: Client Not Authorized Error

Description

Role-mapping information is available in Sun-specific XML (for example, sun-ejb-jar.xml), and authentication is okay, but the following error message is displayed:

[...INFO|sun-appserver-pe8.0|javax.enterprise.system.container.ejb|...|
javax.ejb.AccessLocalException: Client not authorized for this invocation.
at com.sun.ejb.containers.BaseContainer.preInvoke(BaseContainer.java:...
at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(...)

Solution

Check whether the EJB module (.jar) or web module (.war) is packaged in an application (.ear) and does not have role-mapping information in application level, Sun-specific, sun-application.xml. For any application (.ear), security role-mapping information must be specified in sun-application.xml. It is acceptable to have both module-level XML and application-level XML.

I don't know if it makes sense in your context.

If it doesn't, maybe have a look at the following thread Persisting Entity: javax.ejb.AccessLocalException: Client not authorized for this invocation. One of the poster suggested to set the logging level of the SECURITY Logger to FINE [so that] the Glassfish Policy subsystem will log a detailed message describing the nature of the failed permission check. This might help. And I can't tell you if you're facing the same problem but the OP solved his issue by cleaning the generated policy files:

Answer 2

This exception can also occur, if you try to copy and paste EJB session beans with new methods, as patch files for fixing bugs or incorporating new features. Restarting the server or disabling & enabling the enterprise app will not help, as the EJB Session beans or entities have to be repackaged and redeployed, so that the App server registers the new methods and checks and grants/excludes the access privileges to the new/altered methods in EJB session beans.