jQuery in Action, 2nd edition*
The moose likes EJB and other Java EE Technologies and the fly likes How do logon or set principle/roles/groups when using Embedded API  Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Java » EJB and other Java EE Technologies
Bookmark "How do logon or set principle/roles/groups when using Embedded API  " Watch "How do logon or set principle/roles/groups when using Embedded API  " New topic
Author

How do logon or set principle/roles/groups when using Embedded API

Mark Krueger
Greenhorn

Joined: Jan 30, 2010
Posts: 2
Hi,

I want to unit test (actually more of an integration test) my EJB's (3.x). I'm trying to use the Embedded API with Java EE 6 and glassfish v3 to call my EJB. I think it's close to working, it seems to create the bean and such, but my EJB has security constraints via @RolesAllowed annotations, and the first method call is failing because there appears to be no principle, roles, or groups active by default. How do I set this up to login as a particular user or at least specify some allowed roles for the caller?

Do I need to use JAAS or something like that? And if so, how? I do not see any examples anywhere for calling a EJB as a stand alone client that seem to be applicable with the Embedded API like this.

Maybe I could wrap the call with another EJB using @RunAs, but I really do not want to resort to that (if that would work, didn't try it yet).

Maybe there is a "-D" type parameter I need to specify when running the test class?

In case it matters, I using a JDBC realm, however I suspect this issue is independent of that (at least ideally the type of realm should be invisible to the client).

Thanks,
Mark
Uppala Ramana
Greenhorn

Joined: Jan 14, 2010
Posts: 14
Mark,

You can use LoginContext to authenticate user and call the Remote EJB.

Below link will be helpful to you:

http://74.125.47.132/search?q=cache:SNGouf8zpAIJ:jaikiran.wordpress.com/2006/07/04/accessing-a-secure-ejb-through-a-standalone-java-client/+LoginContext+ejb&cd=1&hl=en&ct=clnk&gl=us

Thanks,
Ramana.


Ramana Uppala
SCJA,SCJP
Mark Krueger
Greenhorn

Joined: Jan 30, 2010
Posts: 2
Hi,

Thanks for the reply.

I tried the following, neither of which seemed to solve my problem:

* LoginContext with my own callback handler and with a auth.conf file that had "com.sun.enterprise.security.auth.login.ClientPasswordLoginModule required debug=true;" as the options for the realm.

* ProgrammaticLogin

The first one logged in, but at the EJB level it ignored the subject and had it's own, even when I grabbed and called the bean wrapped by "Subject.doAsPrivileged". The second case would not login, it generated this exception:

Feb 9, 2010 2:02:19 AM com.sun.appserv.security.ProgrammaticLogin login
SEVERE: Programmatic login failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: javax.security.auth.login.LoginException: java.lang.NullPointerException
at com.sun.enterprise.security.auth.login.common.ServerLoginCallbackHandler.handle(ServerLoginCallbackHandler.java:93)
at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951)
at com.sun.enterprise.security.auth.login.ClientPasswordLoginModule.login(ClientPasswordLoginModule.java:175)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.login.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:341)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:199)
at com.sun.enterprise.security.auth.login.LoginContextDriver.login(LoginContextDriver.java:152)
at com.sun.appserv.security.ProgrammaticLogin$1.run(ProgrammaticLogin.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at com.sun.appserv.security.ProgrammaticLogin.login(ProgrammaticLogin.java:155)



Can anyone get this simple example to work using ProgrammaticLogin, LoginContext, or something else, really anything (it works great without the RolesAllowed annotation):

GoodByeWorldBean:
--------------------------------
package com.nocompany.sample;

import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.Stateless;

@Stateless
@DeclareRoles( "admin" )
public class GoodByeWorldBean implements GoodByeWorldBeanLocal
{
@RolesAllowed( { "admin" } )
public void sayGoodbye()
{
System.out.println( "Goodbye." );
}
}
--------------------------------

GoodByeWorldBeanLocal:
--------------------------------
package com.nocompany.sample;

import javax.ejb.Local;

@Local
public interface GoodByeWorldBeanLocal
{
public void sayGoodbye();
}
--------------------------------

GoodByeWorldBeanTest:
--------------------------------
package com.nocompany.sample;

import java.util.HashMap;
import java.util.Map;
import javax.ejb.embeddable.EJBContainer;
import javax.naming.Context;
import javax.naming.NamingException;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import static org.junit.Assert.*;

public class GoodByeWorldBeanTest
{
static EJBContainer ejbContainer = null;

public GoodByeWorldBeanTest()
{
}

@BeforeClass
public static void setUpClass() throws Exception
{
Map<String, Object> p = new HashMap<String, Object>();
p.put( EJBContainer.APP_NAME, "goodbyeWorld" );
ejbContainer = EJBContainer.createEJBContainer( p );
}

@AfterClass
public static void tearDownClass() throws Exception
{
}

@Before
public void setUp() {
}

@After
public void tearDown() {
}

@Test
public void testSayGoodbye()
{
try
{
Context ic = ejbContainer.getContext();
GoodByeWorldBeanLocal goodByeWorld = ( GoodByeWorldBeanLocal ) ic.lookup( "java:global/goodbyeWorld/GoodByeWorldBean" );
goodByeWorld.sayGoodbye();
}
catch ( NamingException ex )
{
ex.printStackTrace();
}
}

}
--------------------------------

sun-ejb-jar.xml
--------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Application Server 9.0 EJB 3.0//EN" "http://www.sun.com/software/appserver/dtds/sun-ejb-jar_3_0-0.dtd">
<sun-ejb-jar>
<security-role-mapping>
<role-name>admin</role-name>
<group-name>admin</group-name>
</security-role-mapping>
<enterprise-beans>
</enterprise-beans>
</sun-ejb-jar>
--------------------------------

Any help is greatly appreciated.

Thanks,
Mark
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: How do logon or set principle/roles/groups when using Embedded API