File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes JBoss/WildFly and the fly likes how to enable JAAS security as well as role-based acess Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Head First Android this week in the Android forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "how to enable JAAS security as well as role-based acess " Watch "how to enable JAAS security as well as role-based acess " New topic

how to enable JAAS security as well as role-based acess

Laurence Yip

Joined: Sep 21, 2012
Posts: 14
hi all,

i am stilling playing j2ee1.5 tutorial about securing session bean accessed by standalone application client but i get failed to make the code example working, let's see the codes and descriptors first:

/**** runtime deployment descriptor for GlassFish ****/

I'd like to translate the above sun-specific descriptor to jboss version....jboss.xml




then...i tried to run the standalone client ....however, no login dialog box invoked to prompt me to enter anything ....but just the following error messages echoed out...!???

I think my concept about JAAS security deployment on jboss is vague, anyone can help!?......thanks in advance.....LAW
Laurence Yip

Joined: Sep 21, 2012
Posts: 14
dear all,

after browsing the old threads for a few days, some amendments i have taken:

i've done a client login from the client code:.............

i eventually know that 'no dialog box' will be prompted but a config file does to be required for fowarding the 'username' to 'principal' for further authentication as well as authorization....


PRBOLEM I): javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(

PRBOLEM II):2012-12-03 17:57:04,249 INFO [STDOUT] (WorkerThread#0[]) anonymous.......

Logically, the class " required" passed to callbackhandler should be propagating the 'username' to the ejb container after logging in, however, when i call session_ctx.getCallerPrincipal() in ejb code, 'anonymous' was dumped out instead.... of the 'username' i entered in client application....!?

i) since 'anonymous' was dumped out in the server side, does it mean authentication as well as authorization has been taken place in server side!?
ii) since the class " required" fowarded the username(principal) to server side(ejb container) from client-login, do i also need to send the password(credential) to ejb container as well, but how..(actually i did passed the password to the callbackHandler)...!?

For my 'username' did passed to the ejb container...but it may not be authenticated succesfully...since ejb-container found nothing about the 'password'(credential) hardcoded in the client application...and CallBackHandler found no way to help the password propagation to ejb-container...!? i correct......!?...hope somebody can help me like a candle before the christmas coming.....A BILLION thanks in advance...


Laurence Yip

Joined: Sep 21, 2012
Posts: 14
hi all,

i've been trying my best to modify the ejb client code but i still failed to access the ejb bean code and....
on client side console, acc always complains "....EJBAcessException:Caller unauthorized" and....
on server console, "anonymous" was always dumped out after executing ctx.getCallerPrincipal() in bean code !?........
Actually, i'd like to know:
For 'anonymous'
i) does it mean the authentiation/authorization has failed in ejb-container or!?....
ii) my principal/credential set in client application got failed to be propagated to ejb-container...!?

/*****ejb client application class **********/

/*********sample_jaas.conf *****/

/********session bean class *********/


/*********login-config.xml ********/

/******datasource file********/

/*****SQL schema and commands******/

i've been spending a couple of weeks for making the codes work....but got failed but the worst is nobody would like to offer a help or discussion although i understand it is just voluntary......LAW
It is sorta covered in the JavaRanch Style Guide.
subject: how to enable JAAS security as well as role-based acess
It's not a secret anymore!