I'm running
JBOSS 6. I'm not 100% sure that this is the security model as I took this from an example found on the internet for JBOSS 5.
1st - I don't want any security around my
EJB. If anyone has ideas as to how to do that, insight would be appreciated. Why no security, I'm just running it on my local for now.
2nd - Since I can find nothing that enables me to do this, I now am stuck w/the inability to find property files.
Here is all of my xml files.
I have added the following to each login-config.xml file in JBOSS.
<application-policy name = "my-web">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">
props/my-web-users.properties
</module-option>
<module-option
name="rolesProperties">
props/my-web-roles.properties
</module-option>
</login-module>
</authentication>
</application-policy>
Contents of jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>
java:/jaas/my-web</security-domain>
</jboss-web>
Contents of ejb-jar.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<session>
<description>Calculation Appeals Manager EJB</description>
<display-name>CalculationAppealsManagerBean</display-name>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<home>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerHome</home>
<remote>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManager</remote>
<ejb-class>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<env-entry>
<env-entry-name>ejb.sessionTimeout</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>600</env-entry-value>
</env-entry>
<security-role-ref>
<role-name>EchoUser</role-name>
<role-link>Echo</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>InternalUser</role-name>
</run-as>
</security-identity>
</session>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>all</role-name>
</security-role>
<method-permission>
<role-name>all</role-name>
<method>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
<method>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
contents of web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<icon></icon>
<display-name>Commissions Web Portal</display-name>
<description>Commissions Web Portal</description>
<distributable></distributable>
<
servlet>
<description></description>
<display-name>CalculationAppealsServlet</display-name>
<servlet-name>CalculationAppealsServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CalculationAppealsServlet</servlet-name>
<url-pattern>/CCAServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>UnsecureServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
<run-as>
<description>InternalThe anonymous user role</description>
<role-name>InternalUser</role-name>
</run-as>
</servlet>
<servlet>
<servlet-name>UnsecureServletWithLogin</servlet-name>
<!-- <description>A servlet whose mapping does not exist under the restricted context that </description>-->
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<security-role>
<description>A user allowed to invoke echo methods</description>
<role-name>Echo</role-name>
</security-role>
<security-role>
<description>A user with no permissions</description>
<role-name>nobody</role-name>
</security-role>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xls</extension>
<mime-type>application/vnd.ms-excel</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>splash.jsp</welcome-file>
</welcome-file-list>
</web-app>
contents of jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 6.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd">
<jboss>
<security-domain>java:/jaas/my-web</security-domain>
<enterprise-beans>
<session>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<jndi-name>CalculationAppealsManagerBean</jndi-name>
<security-identity>
<run-as-principal>InternalUser</run-as-principal>
</security-identity>
</session>
</enterprise-beans>
</jboss>
I've copied the my-web-roles.properties and my-web-user.properties to the following:
C:\JBoss\jboss-6.1.0.Final\server\all\conf\props
C:\JBoss\jboss-6.1.0.Final\server\default\conf\props
I do get a warning in the logs but while it's an issue, this i believe is the gating issue. Here is the log error:
14:10:54,828 INFO [ContextConfig] WARNING: Security role name InternalUser used in a <run-as> without being defined in a <security-role>
You might find that some of the naming around security/roles is not consistent. That I'm aware of but first things first, have to find the properties files.
