my dog learned polymorphism*
The moose likes JBoss/WildFly and the fly likes how to enable JAAS security as well as role-based acess Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Products » JBoss/WildFly
Bookmark "how to enable JAAS security as well as role-based acess " Watch "how to enable JAAS security as well as role-based acess " New topic
Author

how to enable JAAS security as well as role-based acess

Laurence Yip
Greenhorn

Joined: Sep 21, 2012
Posts: 14
hi all,

i am stilling playing j2ee1.5 tutorial about securing session bean accessed by standalone application client but i get failed to make the code example working, let's see the codes and descriptors first:




/**** runtime deployment descriptor for GlassFish ****/


I'd like to translate the above sun-specific descriptor to jboss version....jboss.xml

/*******jboss.xml********/


/******%jboss_home%/server/default/conf/login-config.xml****/



/****%jboss_home%/server/default/deploy/mysql_realm-ds.xml****/


then...i tried to run the standalone client ....however, no login dialog box invoked to prompt me to enter anything ....but just the following error messages echoed out...!???



I think my concept about JAAS security deployment on jboss is vague, anyone can help!?......thanks in advance.....LAW
Laurence Yip
Greenhorn

Joined: Sep 21, 2012
Posts: 14
dear all,

after browsing the old threads for a few days, some amendments i have taken:

i've done a client login from the client code:.............


i eventually know that 'no dialog box' will be prompted but a config file does to be required for fowarding the 'username' to ejb-container...........as 'principal' for further authentication as well as authorization....




HOWEVER...STILL NOT OK....!???

PRBOLEM I): javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)........

PRBOLEM II):2012-12-03 17:57:04,249 INFO [STDOUT] (WorkerThread#0[127.0.0.1:3177]) anonymous.......


Logically, the class " org.jboss.security.ClientLoginModule required" passed to callbackhandler should be propagating the 'username' to the ejb container after logging in, however, when i call session_ctx.getCallerPrincipal() in ejb code, 'anonymous' was dumped out instead.... of the 'username' i entered in client application....!?

Question:
i) since 'anonymous' was dumped out in the server side, does it mean authentication as well as authorization has been taken place in server side!?
ii) since the class "org.jboss.security.ClientLoginModule required" fowarded the username(principal) to server side(ejb container) from client-login, do i also need to send the password(credential) to ejb container as well, but how..(actually i did passed the password to the callbackHandler)...!?

For my guessing......my 'username' did passed to the ejb container...but it may not be authenticated succesfully...since ejb-container found nothing about the 'password'(credential) hardcoded in the client application...and CallBackHandler found no way to help the password propagation to ejb-container...!?..am i correct......!?...hope somebody can help me like a candle before the christmas coming.....A BILLION thanks in advance...

LAW

LAW
Laurence Yip
Greenhorn

Joined: Sep 21, 2012
Posts: 14
hi all,

i've been trying my best to modify the ejb client code but i still failed to access the ejb bean code and....
on client side console, acc always complains "....EJBAcessException:Caller unauthorized" and....
on server console, "anonymous" was always dumped out after executing ctx.getCallerPrincipal() in bean code !?........
Actually, i'd like to know:
For 'anonymous'
i) does it mean the authentiation/authorization has failed in ejb-container or!?....
ii) my principal/credential set in client application got failed to be propagated to ejb-container...!?

/*****ejb client application class **********/


/*********sample_jaas.conf *****/



/********session bean class *********/



/*****jboss.xml*******/




/*********login-config.xml ********/



/******datasource file********/



/*****SQL schema and commands******/






i've been spending a couple of weeks for making the codes work....but got failed but the worst is nobody would like to offer a help or discussion although i understand it is just voluntary......LAW
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: how to enable JAAS security as well as role-based acess
 
Similar Threads
GenericJDBCException: Cannot open connection
Requesting help in connecting a DataSource(DSSDEV)
JMS ununderstable info logs.
Jboss 5 database connection issues.
EJB3 entity bean