• Post Reply Bookmark Topic Watch Topic
  • New Topic

JAAS client problem in mastering EJB

 
kevin chang
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
there r three classes about using jaas here, all there in the book masterting EJB

I wonder what the use of PasswordConfig and PasswordLoginModule classes here, it seems nothing happened with them or maybe something wrong with HelloClient here, how could modify helloclient here? Any suggestion?
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

I wonder what the use of PasswordConfig and PasswordLoginModule classes here, it seems nothing happened with them or maybe something wrong with HelloClient here, how could modify helloclient here? Any suggestion?

No things look ok except that getAppConfigurationFactory() in PasswordConfig appears funny. It does'nt consider the string parameter passed to it and by default always returns the PasswordLoginModule.
Probably that is what is desired? so "Hello Client" passed to the LoginContext constructor does'nt make much sense here.
You have to start the client by specifying the Configuration to be used as PasswordConfig in your java_home/jre/lib/security/java.security file.

LoginContext then will call the configured "Configuration" and use the returned LoginModule ( PasswordLoginModule that is getting returned by default, in this case)
 
kevin chang
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
is that means we just call

from console, will it be ok? I have tried ,but still something wrong,
but what's the use of java_home/jre/lib/security/java.security ? Can u explain it ?
the default run_client.bat file include this

can u expain it in detail about first two parameter especially about java.policy , thanks!
 
kevin chang
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
the problem is

it seems that it always turn to ConfigFile.java file , how to turn to PasswordConfig.java , could u give me the exactly command line?
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

java -Dlogin.configration.provider=examples.HelloClient

This seems to be a typo in the first place. it s'd be examples.PasswordConfig.
Anyways besides that
No i dont think login.configration.provider can be specified this way. It has to be specified in the java.security file. By default sun's Config File will be used and it can be overridden by specifying your own (PasswordConfig) in the java.security file.
I dont know why your client bat file has a reference to
weblogic.security.jaas.Configuration since it anyway does not execute from within weblogic server/ container.
make this entry in the java.security file and see if it works.
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

code:
--------------------------------------------------------------------------------
java -Dweblogic.security.jaas.Configuration=examples.PasswordConfig -Djava.security.policy=../java.policy -Djava.naming.factory.initial=weblogic.jndi.WLInitialContextFactory -Djava.naming.provider.url=t3://localhost:7001 examples.HelloClient
--------------------------------------------------------------------------------

can u expain it in detail about first two parameter especially about java.policy , thanks!

-Dweblogic.security.jaas.Configuration=examples.PasswordConfig
this is probably a way of specifying the custom Configuration file when running within weblogic container. Basically you might have such an entry in your startWeblogic.cmd file for the java command line.
This file will be used by code running within the container.
-Djava.security.policy=../java.policy
There are permissions granted within the default java.policy file located in
java_home/jre/lib/security folder. You can open it and go through it.
By giving the above command line option, you are instructing the runtime to compile a consolidated permissions list by combining both the default java.policy file and the one specified here. This is done basically to grant special permissions in addition to the existing ones.
 
kevin chang
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks , i got your point , but another problem occupied .
i set PasswordLoginModule like this

and I have set EJB's security roles too, but it said
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: testrole, failed to be authenticated.
what's the use of setSecurityCredentials() here, i can't even find it in EJB setting. why can't i login with that name, i got confused, any help will be my pleasure.
 
Karthik Guru
Ranch Hand
Posts: 1209
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by kevin chang:
javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: User: testrole, failed to be authenticated.
[/QB]


So you have created a role "testrole" in your weblogic realm?
then you need to create a user say "kevin" with password say "mypassword"
and assign the user ("kevin") to that role.
Then login as "kevin".

The container will first try to authenticate and once that is done it will pass on the role information ("testrole") to your EJB.
HTH
 
kevin chang
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thanks for your warm hearted. finally ,i made it. but I want making a more impressed relationship among
role names pricipal names in xml and the name and password in realm in weblogic
could u make it in detail, thanks again.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!