• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Jeanne Boyarsky
  • Tim Cooke
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Henry Wong
Saloon Keepers:
  • Tim Moores
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Frits Walraven
Bartenders:
  • Piet Souris
  • Himai Minh

Problems with JAAS in JBoss

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Can anyone help me? I'm beginner with JBoss and JAAS. I need to implement some kind of autentication system to my EJB service. I have got EJB service to work, but autentication with JAAS (or JBossSX) has been produced lot of work and still anything doesn't work.
I need username password autentication. I have no idea how I should to continue with this.
Here are some clips from my configuration
login-config.xml
----------------------------------------------
<application-policy name="myServerLoginModule">
<authentication>
<login-module code="ejbtestjboss.MyServerLoginModule" flag="required" />
</authentication>
</application-policy>
------------------------------------------------
I have EJB named "Enterprise1" and I next clip is from my jboss.xml confuguration file
--------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_3_2.dtd">
<jboss>
<security-domain>java:/jaas/myServerLoginModule</security-domain>
<unauthenticated-principal>Unknown</unauthenticated-principal>
<enterprise-beans>
<session>
<ejb-name>Enterprise1</ejb-name>
<jndi-name>myServerLoginModule/Enterprise1</jndi-name>
</session>
</enterprise-beans>
</jboss>
------------------------------------------------------------
ejb-jar.xml looks like this:
I'm quite sure that here are some bugs, but I have collect this configurations from different sample apps.
--------------------------------------------------------------
?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<display-name>EJBModule1</display-name>
<enterprise-beans>
<session>
<display-name>Enterprise1</display-name>
<ejb-name>Enterprise1</ejb-name>
<home>ejbtestjboss.Enterprise1Home</home>
<remote>ejbtestjboss.Enterprise1</remote>
<ejb-class>ejbtestjboss.Enterprise1Bean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>

<security-role-ref>
<role-name>User</role-name>
<role-link>User</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Admin</role-name>
<role-link>Admin</role-link>
</security-role-ref>
<security-role-ref>
<role-name>Internal</role-name>
<role-link>Internal</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>Internal</role-name>
</run-as>
</security-identity>

</session>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>Admin</role-name>
</security-role>
<security-role>
<role-name>User</role-name>
</security-role>
<security-role>
<role-name>Internal</role-name>
</security-role>

<method-permission>
<role-name>Internal</role-name>
<role-name>Admin</role-name>
<role-name>User</role-name>
<method>
<ejb-name>Enterprise1</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
<method>
<ejb-name>Enterprise1</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
------------------------------------------------------
auth.conf looks like this
-----------------------------------------------------
srp{
org.jboss.security.ClientLoginModule required
password-stacking="useFirstPass"
;
};
----------------------------------------------------
In my client application I create LoginContext like this:
String name = "test";
String pass = "pass";
char[] password = pass.toCharArray();
AppCallbackHandler handler = new AppCallbackHandler(name, password);
LoginContext lc = new LoginContext("srp", handler);
lc.login();
After this I create connection to the Enterprise1 EJB:
Hashtable environment = new Hashtable();
environment.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
environment.put(Context.URL_PKG_PREFIXES,
"org.jboss.naming rg.jnp.interfaces");
environment.put(Context.PROVIDER_URL, "jnp://192.168.1.5:1099");
Context context = new InitialContext(environment);
Object ref = context.lookup("myServerLoginModule/Enterprise1");
Enterprise1Home= enterprise1Home = (Enterprise1Home) PortableRemoteObject.narrow(ref, Enterprise1Home.class);
When I'm executing next line, the JBoss server throws Exception which is AutenticationException.
Enterprise1 enterprise1 = enterprise1Home.create();
I run my client application with next parameters:
-Djava.security.auth.login.config=auth.conf
What should I do next? It's obviously that server responds to the login because I have written my own login module, and login() method return always true. But I am not able to transfer username and password to the server.
My server login module looks like this:
package ejbtestjboss;
public class MyServerLoginModule extends
UsernamePasswordLoginModule{
public MyServerLoginModule();
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options);
public boolean login(){return true};

Hopefully someone could help me.
Miika
}
 
Miika Parvio
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm still fighting with this issue. Can anyone help me?
I get an error message, when I call EJB home interface create method:
Insufficient method permissions, principal=test, method=create, interface=HOME, requiredRoles=[Admin], principalRoles=null
I am able to get all login information in server side, and in my opinion I set correct roles in method getRoleSets(), but nothing helps. What is those principalRoles attribute? In ejb-jar.xml I have defined that there is a Role Admin, who has privileges to call EJB methods.
in getRoleSets() I set principal test to the Admin group and return it, but something still goes wrong
protected Group[] getRoleSets() throws LoginException{
String username = getUsername();
HashMap setsMap = new HashMap();
//Group testGroup = createGroup("Admin", (Set)setsMap);
Group group = (Group) setsMap.get("Admin");
if( group == null ){
group = new SimpleGroup("Admin"); //SimpleGroup("Admin");
setsMap.put("Admin", group);
}
Principal myPrincipal = new SimplePrincipal(username);
group.addMember(myPrincipal);

int size = setsMap.size();
Group[] roleSets = new Group[setsMap.size()];
setsMap.values().toArray(roleSets);
return roleSets;
}
Has this method written wrong?
 
Ranch Hand
Posts: 33
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Try changing your method to:
 
And when my army is complete, I will rule the world! But, for now, I'm going to be happy with this tiny ad:
Free, earth friendly heat - from the CodeRanch trailboss
https://www.kickstarter.com/projects/paulwheaton/free-heat
reply
    Bookmark Topic Watch Topic
  • New Topic