Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to enable JAAS security as well as role-based acess

 
Laurence Yip
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

i am stilling playing j2ee1.5 tutorial about securing session bean accessed by standalone application client but i get failed to make the code example working, let's see the codes and descriptors first:




/**** runtime deployment descriptor for GlassFish ****/


I'd like to translate the above sun-specific descriptor to jboss version....jboss.xml

/*******jboss.xml********/


/******%jboss_home%/server/default/conf/login-config.xml****/



/****%jboss_home%/server/default/deploy/mysql_realm-ds.xml****/


then...i tried to run the standalone client ....however, no login dialog box invoked to prompt me to enter anything ....but just the following error messages echoed out...!???



I think my concept about JAAS security deployment on jboss is vague, anyone can help!?......thanks in advance.....LAW
 
Laurence Yip
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
dear all,

after browsing the old threads for a few days, some amendments i have taken:

i've done a client login from the client code:.............


i eventually know that 'no dialog box' will be prompted but a config file does to be required for fowarding the 'username' to ejb-container...........as 'principal' for further authentication as well as authorization....




HOWEVER...STILL NOT OK....!???

PRBOLEM I): javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)........

PRBOLEM II):2012-12-03 17:57:04,249 INFO [STDOUT] (WorkerThread#0[127.0.0.1:3177]) anonymous.......


Logically, the class " org.jboss.security.ClientLoginModule required" passed to callbackhandler should be propagating the 'username' to the ejb container after logging in, however, when i call session_ctx.getCallerPrincipal() in ejb code, 'anonymous' was dumped out instead.... of the 'username' i entered in client application....!?

Question:
i) since 'anonymous' was dumped out in the server side, does it mean authentication as well as authorization has been taken place in server side!?
ii) since the class "org.jboss.security.ClientLoginModule required" fowarded the username(principal) to server side(ejb container) from client-login, do i also need to send the password(credential) to ejb container as well, but how..(actually i did passed the password to the callbackHandler)...!?

For my guessing......my 'username' did passed to the ejb container...but it may not be authenticated succesfully...since ejb-container found nothing about the 'password'(credential) hardcoded in the client application...and CallBackHandler found no way to help the password propagation to ejb-container...!?..am i correct......!?...hope somebody can help me like a candle before the christmas coming.....A BILLION thanks in advance...

LAW

LAW
 
Laurence Yip
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi all,

i've been trying my best to modify the ejb client code but i still failed to access the ejb bean code and....
on client side console, acc always complains "....EJBAcessException:Caller unauthorized" and....
on server console, "anonymous" was always dumped out after executing ctx.getCallerPrincipal() in bean code !?........
Actually, i'd like to know:
For 'anonymous'
i) does it mean the authentiation/authorization has failed in ejb-container or!?....
ii) my principal/credential set in client application got failed to be propagated to ejb-container...!?

/*****ejb client application class **********/


/*********sample_jaas.conf *****/



/********session bean class *********/



/*****jboss.xml*******/




/*********login-config.xml ********/



/******datasource file********/



/*****SQL schema and commands******/






i've been spending a couple of weeks for making the codes work....but got failed but the worst is nobody would like to offer a help or discussion although i understand it is just voluntary......LAW
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic