9 Replies Latest reply on Nov 24, 2010 8:09 AM by wolfgangknauf

    Konfiguratio of security domains in JBoss AS 6 with EJB 3.1

    suikast42

      Hi @ all,

       

      My Environment at first:

       

      Aplication Sevrer :      jboss-6.0.0.20100911-M5 (default configuration without any changes)

      IDE:                          Eclipse 3.6

      Jboss Tools               V 3.2

      Java Version:             JDK 1.6 U 20

      OS:                          Windows Vista 32 Bit

       

      My Problem:

       

      I Create a test Application. It Contains only one Stateless Bean with local and remote interfaces:

       

      package beans.stateless;

      import interfaces.stateless.FirstStatelessBeanLocal;
      import interfaces.stateless.FirstStatelessBeanRemote;

      import javax.annotation.*;
      import javax.annotation.security.*;
      import javax.ejb.*;

      import org.apache.commons.logging.*;
      import org.jboss.aop.*;
      import org.jboss.beans.metadata.api.annotations.*;
      import org.jboss.security.annotation.*;

      /**
      * Session Bean implementation class FirstStatelessBean
      */

      @Stateless
      @SecurityDomain("JBossWS")
      @RolesAllowed("{friend}")
      public class FirstStatelessBean implements FirstStatelessBeanRemote, FirstStatelessBeanLocal {

          /**
           * Default constructor.
           */

          private int    pCounterLocal    = 0;
          private int    pCounterRemote    = 0;

          @Resource
          private SessionContext myCtx ;
         
          public FirstStatelessBean() {
          }

          @PreDestroy
          public void destroy() {
              LogFactory.getLog( getClass() ).warn( "Destroy" );
              pCounterLocal=0;
              pCounterRemote=0;
          }
         
          @PostConstruct
          public void create(){
              LogFactory.getLog( getClass() ).warn( "Create" );
          }

         
          @Override
          public String sayHelloLocal( String pMesssage ) {
              String lMessage = "Hello Local to " + pMesssage + " " + ( ++pCounterLocal ) + " Times";
              LogFactory.getLog( getClass() ).info( lMessage );
              return lMessage;
          }

          @Override
          public String sayHelloRemote( String pMesssage ) {
              String lMessage = "Hello Remote to " + pMesssage + " " + ( ++pCounterRemote ) + " Times";
              LogFactory.getLog( getClass() ).info( lMessage );
      //      LogFactory.getLog( getClass() ).info( myCtx.getCallerPrincipal() );
              return lMessage;
          }

          @Override
          @PrePassivate
          public void passviate() {
              LogFactory.getLog( getClass() ).warn( "Passivate" );       
          }


      }

       

      On The Client side I get the JNDI Refrence on the following way:

       

      Properties p = new Properties();
                      p.put( Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory" );
                      p.put( Context.PROVIDER_URL, "jnp://" + pServerAddr + ":" + pServerPort );
      InitialContext jndiContext = new InitialContext( p );

       

      So  my excpected behavior (when I call sayHelloRemote) is an Exception. But  this request still works with worong user information.

       

      So what I'm doing wrong ?

       

      I try the example from

      http://community.jboss.org/wiki/Chapter15-SecurityandSchoolEJBAccess

      as well. But the result i the same. I can call every method withaout an exception. And when I call getCallerPrincipal from SessionContext I get an Exception. This occurs while the bean don't in a security domain am I rigth ?

       

        • 1. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
          jaikiran

          The @SecurityDomain import is incorrect. It should be @org.jboss.ejb3.annotation.SecurityDomain.

          • 2. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
            suikast42

            Thanks jaikiran,

            that was the solution. That's a little bit wiggy that there are so many annotations that called @SecurityDomain.

             

            So I can do the authentification with the following  snippet. For stateless and statefull beans works this wonderfull. But for a singleton beans I get an Exception:

            Exception in thread "main" java.lang.IllegalStateException: Local Call: Security Context is null

             

             

             

             

            private <T> T getInterface( String pServerAddr, String pServerPort, String pAppName, Class<T> pClazz, String pServiceName, InterfaceType pType ) {
                    String lookup = null;

                    try {
                        if (pJndiContext == null) {

                            Properties p = new Properties();
                            p.put( Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory" );
                            p.put( Context.PROVIDER_URL, "jnp://" + pServerAddr + ":" + pServerPort );
                            p.put( Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces" );
                            p.put( "java.security.auth.login.config", "auth.conf" );

                            for (Iterator<Object> key = p.keySet().iterator(); key.hasNext();) {
                                Object tmpKey = key.next();
                                System.getProperties().put( tmpKey, p.get( tmpKey ) );
                            }

                            SecurityAssociationHandler lSHandler = new SecurityAssociationHandler();
                            SimplePrincipal pUser = new SimplePrincipal( "admin" );
                            lSHandler.setSecurityInfo( pUser, "admin".toCharArray() );
                            LoginContext login = new LoginContext( "ClientCtx", (CallbackHandler) lSHandler );
                            login.login();

                            pJndiContext = new InitialContext();
                        }
                        lookup = pAppName + "/" + pServiceName + "/" + pType.getEncName();
                        return (T) pJndiContext.lookup( lookup );
                    } catch (NamingException e) {
                        e.printStackTrace();
                        System.out.println( "[DEBUG]" + lookup + " for " + pClazz.getSimpleName() );
                        printAllJndiNames();
                        return null;
                    }
                    catch (LoginException e) {
                        e.printStackTrace();
                        return null;
                    }
                }
            • 3. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
              jaikiran

              Please post the entire exception stacktrace for this new error.

              • 4. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                suikast42
                Exception in thread "Thread-1" java.lang.IllegalStateException: Local Call: Security Context is null
                    at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:109)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.singleton.aop.impl.AOPBasedInterceptorRegistry.intercept(AOPBasedInterceptorRegistry.java:109)
                    at org.jboss.ejb3.singleton.impl.container.SingletonContainer.invoke(SingletonContainer.java:218)
                    at org.jboss.ejb3.singleton.aop.impl.AOPBasedSingletonContainer.dynamicInvoke(AOPBasedSingletonContainer.java:406)
                    at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)
                    at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)
                    at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
                    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:898)
                    at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:791)
                    at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744)
                    at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)
                    at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)
                    at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:216)
                    at org.jboss.remoting.Client.invoke(Client.java:1961)
                    at org.jboss.remoting.Client.invoke(Client.java:804)
                    at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.async.impl.interceptor.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:121)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
                    at $Proxy5.invoke(Unknown Source)
                    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
                    at $Proxy4.sayHelloRemote(Unknown Source)
                    at launch.Main$1.run(Main.java:47)
                    at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:72)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.async.impl.interceptor.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:121)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:77)
                    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
                    at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
                    at $Proxy5.invoke(Unknown Source)
                    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185)
                    at $Proxy4.sayHelloRemote(Unknown Source)
                    at launch.Main$1.run(Main.java:47)
                • 5. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                  jaikiran

                  That look strange. Can you post the code in those remote/local interfaces? I want to see if those are annotated correctly. Also, what is the exact JNDI name and business interface that you are looking up and invoking on?

                  • 6. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                    suikast42

                    The Testclient --> http://rapidshare.com/files/429584864/TestClientApp.7z

                    The server application --> http://rapidshare.com/files/429584863/JavaEETests.7z

                     

                    Both of them are Eclipse projects.

                     

                    Thanks for your effort

                    • 7. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                      wolfgangknauf

                      Hi,

                       

                      Rapidshare currently forbids free file downloads, so I cannot take a look at your sample.

                       

                      But: as far as I know, you should use this value for "URL_PKG_PREFIXES" in application clients (not "org.jboss.naming:org.jnp.interfaces"):

                       

                      props.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming.client");

                       

                      Best regards

                       

                      Wolfgang

                      • 8. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                        suikast42

                        Hi Wlofgang,

                         

                        the setting doesn't works for me.

                        I Hope hotfile works .


                        http://hotfile.com/dl/81834856/e7462db/TestClientApp.7z.html
                        http://hotfile.com/dl/81834677/adcecb1/JavaEETests.7z.html

                        The curious thin on that thing is, that the same login works Stateless and Statefull beans but not for Singleton

                        • 9. Re: Konfiguratio of security domains in JBoss AS 6 with EJB 3.1
                          wolfgangknauf

                          Sorry, I "lost" this thread...

                           

                          Well, it seems I did not see all the time that you have this problem only with Singletons. I don't know whether JBoss 6 supports this combination already. Someone with more detail knowledge should comment on this ;-).

                           

                          Best regards

                           

                          Wolfgang