Microsoft KB Archive/282834

= FIX: Error When You Apply COM+ Role-Based Security to Java COM Interfaces =

Article ID: 282834

Article Last Modified on 10/13/2006

-

APPLIES TO


 * Microsoft Java Virtual Machine, when used with:
 * Microsoft Windows 2000 Standard Edition
 * Microsoft Visual J++ 6.0 Standard Edition

-



This article was previously published under Q282834



SYMPTOMS
When you use COM+ to apply role-based security to a Visual J++ COM component custom interface, subsequent access to that interface results in a &quot;Permission denied&quot; (0x800A0046) error if the interface is called from Windows Scripting Host.



CAUSE
The Microsoft virtual machine (Microsoft VM) automatically implements an IDispatchEx interface, which the Scripting Host uses as the preferred interface when it invokes methods on the object. However, COM+ role-based security is applied to the custom interface that is defined by the user (IMyInterface_Dispatch). Therefore, COM+ expects calls to come in on IMyInterface_Dispatch but instead receives calls on IDispatchEx; the caller is denied permission because of this mismatch.



RESOLUTION
A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem. This fix may receive additional testing. Therefore, if you are not severely affected by this problem, Microsoft recommends that you wait for the next Windows 2000 service pack that contains this hotfix.

To resolve this problem immediately, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:

http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS

NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The typical support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

This fix is included with the fixes that are described in the following Microsoft Knowledge Base article:

WORKAROUND
To work around this problem, use the com.ms.com.NoAutoScripting interface placeholder to disable automatic scripting support, and then declare a dual custom interface. This removes the IDispatchEx implementation, and the Scripting Host uses the custom interface instead.

For additional information about how to use the com.ms.com.NoAutoScripting interface placeholder to disable automatic scripting support, click the article number below to view the article in the Microsoft Knowledge Base:

172202 INFO: Implementing Java Automation Objects using AutoIDispatch

For additional information about how to declare a dual custom interface, click the article number below to view the article in the Microsoft Knowledge Base:

196894 HOWTO: Create Dual Interface COM Objects Using VJ++ 6.0



STATUS
Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.



MORE INFORMATION
For additional information about how to obtain a hotfix for Windows 2000 Datacenter Server, click the article number below to view the article in the Microsoft Knowledge Base:

265173 The Datacenter Program and Windows 2000 Datacenter Server Product

For additional information about how to install multiple hotfixes with only one reboot, click the article number below to view the article in the Microsoft Knowledge Base:

296861 Use QChain.exe to Install Multiple Hotfixes with One Reboot

The following error message is displayed in the Event Viewer:

A method call to an object in a COM+ application was rejected because the caller is not properly authorized to make this call. The COM+ application is configured to use Application and Component level access checks, and enforcement of these checks is currently enabled. The remainder of this message provides information about the component method that the caller attempted to invoke and the identity of the caller.

Destination of the rejected call: Application Id: {9E045087-7566-460A-9B68-C0C1157ED463}

CLSID: {C6899F9C-37E9-4AC7-89F4-3D12EB03179D}

IID: {A6EF9860-C720-11D0-9337-00A0C90DCAA9} -- IDispatchEx

Method #: 

Class: .

Interface: (unknown)

Method: (unknown)

Steps to Reproduce Behavior
 Create a new Visual J++ project.  Add the following code into the Java source file that is created: public String sayHello {   return(&quot;Hello World&quot;); }                    Build the project. Create a new COM+ application and enable role-based component checks.</li> In Microsoft Management Console (MMC), use the Component Services Snap-In to create an new, empty COM+ application. For Activation Type, click Server Application. For Account, click Interactive User.</li> Add the Visual J++ COM dynamic-link library (DLL) as a new component to the COM+ application.</li> Create a new role, and add yourself as a new user.</li> Set security at the Interface-Level for the Java Component. To do this, click to expand the component in the MMC tree view until you see the Interface (<name>_Dispatch). Right-click this interface, and then click Properties. Your role should appear under Roles Explicitly Set For Selected Item(s). To activate it, make sure that it is checked.</li>  When you write a .vbs file to call sayHello, it fails. The Event Log shows that it is trying to invoke on IDispatchEx. Dim a Set a = createObject(&quot;JavaBoom.Test&quot;) msgbox a.sayHello </li></ol>

Additional query words: role vbscript 0x800A0046

Keywords: kbbug kberrmsg kbfix kbjava kbwin2000presp3fix KB282834

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.