Beans In Use Count increases when javax.ejb.EJBAccessException is encountered leading to Transaction Timeout (Doc ID 1121824.1)

Last updated on JUNE 09, 2016

Applies to:

Oracle Weblogic Server - Version 10.3 to 10.3.3
Information in this document applies to any platform.

Symptoms

A EJB end point Webservice is generated using 'jwsc' ant task for which the bean method is protected with a security role. When this Webservice is accessed from an unauthenticated client, it causes a denial of service with below exception.

javax.ejb.EJBAccessException: [EJB:010160]Security Violation: User: '<anonymous>' has insufficient permission to access EJB: type=<ejb>,application=EnterpriseApplication, module=EJBModule.jar, ejb=WebServiceEJB,


and the bean is never released to free pool which causes the below exception after all pool beans are exausted:

at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
nested exception is: java.lang.RuntimeException: An invocation of EJB TransactionEJB(Application: helloWorldEar, EJBComponent: com/bea/TransactionImpl) timed out while waiting to get an instance from the free pool.


sample Weblogic-ejb-jar.xml
===========================
<weblogic-ejb-jar
xmlns="http://www.bea.com/ns/weblogic/90" xmlns:j2ee="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.bea.com/ns/weblogic/90 http://www.bea.com/ns/weblogic/90/weblogic-ejb-jar.xsd">
<weblogic-enterprise-bean>
<ejb-name>TransactionEJB</ejb-name>
<stateless-session-descriptor>
</stateless-session-descriptor>
</weblogic-enterprise-bean>
<security-role-assignment>
<role-name>HelloRole</role-name>
<externally-defined/>
</security-role-assignment>
</weblogic-ejb-jar>

ejb-jar.xml
===========
<ejb-jar
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd"
version="2.1">
<enterprise-beans>
<session>
<ejb-name>TransactionEJB</ejb-name>
<service-endpoint>com.bea.TransactionImplPortType</service-endpoint>
<ejb-class>com.bea.TransactionImpl</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>HelloRole</role-name>
<role-link>HelloRole</role-link>
</security-role-ref>
</session>
</enterprise-beans>
<assembly-descriptor>

<security-role>
<role-name>HelloRole</role-name>
</security-role>

<!-- access policies -->
<method-permission>
<role-name>HelloRole</role-name>
<method>
<ejb-name>TransactionEJB</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>

<container-transaction>
<method>
<ejb-name>TransactionEJB</ejb-name>
<method-intf>ServiceEndpoint</method-intf>
<method-name>sayHello</method-name>
<method-params>
<method-param>java.lang.String</method-param>
</method-params>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>


Call any SLSB business method with anonymous user so that permission to invoke business method is denied since the EJB is secured which  throws javax.ejb.EJBAccessException. Check beans-in-use-count from WebLogic Admin console, which are never decremented.

Changes

None.

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms