aspose file tools*
The moose likes JBoss/WildFly and the fly likes Having major problems setting up a user on JNDI Security using JBoss 5 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "Having major problems setting up a user on JNDI Security using JBoss 5" Watch "Having major problems setting up a user on JNDI Security using JBoss 5" New topic
Author

Having major problems setting up a user on JNDI Security using JBoss 5

Luke Murphy
Ranch Hand

Joined: May 12, 2010
Posts: 300
Hi,
I am trying to write some simple programs to explore the power of security in EJB 3.0. I am using JBoss 5.
According to this cool and short article: http://community.jboss.org/wiki/JndiLoginInitialContextFactory

I should be able to set up a User / Password on JNDI as described in the article and invoke an EJB method that has security constraints.

Here is my EJB:



Here is the application-policy I added to login-config.xml



Here is user-titan.properties



Here is roles-titan.properties



And here is my stand alone client which runs outside the EJB container.



When I run the client I keep getting:






And I am tearing my hair out about this all day.



Any ideas?



Thanks in Advance.
Sunil Dixit
Ranch Hand

Joined: Sep 22, 2005
Posts: 46
Hey Luke,

I can give hints on EJB security, I have done this on WSAD but not on JBOSS, so probably you have do extra work/investigation.
Before I jump to the steps what I have done in WSAD, you need to understand whats wrong in code snippet.
You have configured JAAS module in JBOSS server which will be called automatcially whenever you call LoginContext.login(...)
Whenever you use EJB security there are two possiblities/paths:

1. User is already authenticated and authorised before you invoke any EJB method/s.
2. User is not authenticated and authorised before you invoke any EJB method/s.

Case 1: Principals and Credentials (returned by login API) are set in ThreadLocal before you make a call. Once server recevived these data then it trust on caller and check/extract the role information and if role matches with specified role then it allows method invocation otherwise it throws exception.

Case 2 : Whenever you pass user details using Context.SECURITY_PRINCIPAL, Context.SECURITY_CREDENTIALS then server tries to do authentication based on passed details and they are correct then its tries to match roles.

Again that dependces what EJB flow we are talking (i.e. we want that user passes their details and server first do authentication and then role check OR user details are already authenticated and we would like to use Principals and Credentials )

Now in WSAD what we do is , we defines roles and then map roles to methods (using ejb-jar.xml or annotations). before you deploy the build you use WSAD feature to collect all roles defines in EJB-jar.xml and then map these roles to specific OU (org unit). After this you start deployment and container ask you lookup all roles from LDAP or some files and map these roles to your EJB. once this mapping is done,container know what role and OU maps to which role and OU.


Hope that this helps.

Thanks,
Sunil Dixit



Jaikiran Pai
Marshal

Joined: Jul 20, 2005
Posts: 10202
    
166

JNDILoginIntialContextFactory is no longer supported in AS-5. See this recent discussion

[My Blog] [JavaRanch Journal]
Luke Murphy
Ranch Hand

Joined: May 12, 2010
Posts: 300
Thanks for both answers.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Having major problems setting up a user on JNDI Security using JBoss 5