JBoss AS7 JAAS exception: .getName() of bean: xxx is not allowed
ybxiang.china Aug 2, 2012 8:48 PMDear all,
I set and test JAAS according to https://community.jboss.org/wiki/JBoss7AndEjbRemoteCallWithSecurity, but it does NOT work.(You can refer to TestEar.ear_code.zip and TestEar.ear for details.)
My steps:
1. standalone.xml
<?xml version='1.0' encoding='UTF-8'?> <server xmlns="urn:jboss:domain:1.2"> ... <management> <security-realms> <security-realm name="ManagementRealm"> <authentication> <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/> </authentication> </security-realm> <security-realm name="ApplicationRealm"> <authentication> <jaas name="bean-sec-domain"/> </authentication> </security-realm> </security-realms> ... </management> <profile> ... <subsystem xmlns="urn:jboss:domain:security:1.1"> <security-domains> <security-domain name="bean-sec-domain" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="defaultUsersProperties" value="file:/${jboss.server.config.dir}/x-users.properties"/> <module-option name="defaultRolesProperties" value="file:/${jboss.server.config.dir}/x-roles.properties"/> <module-option name="usersProperties" value="file:/${jboss.server.config.dir}/x-users.properties"/> <module-option name="rolesProperties" value="file:/${jboss.server.config.dir}/x-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> <security-domain name="other" cache-type="default"> <authentication> <login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="RealmUsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="realm" value="ApplicationRealm"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> </authentication> </security-domain> ... </security-domains> </subsystem> ... </profile> ... </server>
2. x-users.properties
testX=test1234
3. x-roles.properties
testX=bean
4. my ear
[-]nms-server-ear.ear
nms-server-war.war
[-]META-INF
MANIFEST.MF
application.xml
jboss-app.xml
[-]lib
[-]nms-server-ejb.jar
import.sql
[-]META-INF
MANIFEST.MF
beans.xml
jboss-ejb3.xml
persistence.xml
[-]com
[-]ybxiang
[-]nms
[-]server
[-]ejb
[-]session
ISecuredRemoteSession.class
SecuredRemoteSession.class
4.1 application.xml
<?xml version="1.0" encoding="UTF-8"?> <application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="6" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd"> <display-name>nms-server-ear</display-name> <initialize-in-order>true</initialize-in-order> <module> <ejb>nms-server-ejb.jar</ejb> </module> <module> <web> <web-uri>nms-server-war.war</web-uri> <context-root>/nms</context-root> </web> </module> </application>
4.2 jboss-app.xml
<?xml version="1.0" encoding="UTF-8"?> <p:jboss-app xmlns:p="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee ../../xsd/jboss-app_7_0.xsd "> <security-domain>other</security-domain> </p:jboss-app>
4.3 jboss-ejb3.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="urn:security" version="3.1" impl-version="2.0"> <assembly-descriptor xmlns="http://java.sun.com/xml/ns/javaee"> <security:security xmlns:security="urn:security"> <security:security-domain>bean-sec-domain</security:security-domain> <ejb-name>SecuredRemoteSession</ejb-name> </security:security> </assembly-descriptor> </jboss:ejb-jar>
4.4 EJB Interface
public interface ISecuredRemoteSession { int add(int a, int b); int subtract(int a, int b); public String getName (); public String getNameFree (); }
4.5 My bean
import javax.annotation.Resource; import javax.annotation.security.DeclareRoles; import javax.annotation.security.RolesAllowed; import javax.ejb.EJBContext; import javax.ejb.Remote; import javax.ejb.Stateless; @Stateless @Remote(ISecuredRemoteSession.class) @DeclareRoles("bean") public class SecuredRemoteSession implements ISecuredRemoteSession{ @Override public int add(int a, int b) { return a + b; } @Override public int subtract(int a, int b) { return a - b; } @Resource private EJBContext context; @Override @RolesAllowed("bean") public String getName() { return getNameFree(); } @Override public String getNameFree () { String aName = ""; if (context.getCallerPrincipal() != null) { aName = context.getCallerPrincipal().getName(); } String log = "name " + aName + " " + context.isCallerInRole("bean"); System.out.println("getNameFree************************************************"); System.out.println(log); System.out.println("getNameFree************************************************"); return "name " + aName + " " + context.isCallerInRole("bean"); } }
5. start JBoss AS
withe command :
standalone.bat -b=192.168.1.100
6.throw nms-server-ear.ear into deployments directory
I get bellow log
... 23:39:52,953 INFO [org.jboss.weld.deployer] (MSC service thread 1-8) JBAS016008: Starting weld service for deployment nms-server-ear.ear 23:39:53,750 INFO [javax.enterprise.resource.webcontainer.jsf.config] (MSC service thread 1-5) Initializing Mojarra 2.1.7-jbossorg-1 (20120227-1401) for context '/nms' 23:39:54,562 INFO [org.hibernate.validator.util.Version] (MSC service thread 1-5) Hibernate Validator 4.2.0.Final 23:39:54,781 INFO [org.jboss.web] (MSC service thread 1-5) JBAS018210: Registering web context: /nms 23:39:54,859 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "nms-server-ear.ear"
7. My client
7.1 I put jboss-client.jar and ejb interface in my class path
7.2 EJB Client
I use PropertiesBasedEJBClientConfiguration to build my InitialContext, So I do NOT use jboss-ejb-client.properties file.
import java.util.Hashtable; import java.util.Properties; import javax.naming.Context; import javax.naming.InitialContext; import org.jboss.ejb.client.ContextSelector; import org.jboss.ejb.client.EJBClientConfiguration; import org.jboss.ejb.client.EJBClientContext; import org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration; import org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector; import org.jboss.naming.remote.client.InitialContextFactory; import com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession; public class RemoteEJBClient_ear3_JAAS { public static void main(String[] args) throws Exception { invokeStatelessBean(); } private static void invokeStatelessBean() throws Exception { // Let's lookup the remote stateless calculator final ISecuredRemoteSession statelessRemoteCalculator = lookupRemoteStatelessCalculator(); System.out.println("Obtained a remote stateless calculator for invocation"); // invoke on the remote calculator int a = 204; int b = 340; System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server"); int sum = statelessRemoteCalculator.add(a, b); System.out.println("Remote calculator returned sum = " + sum); if (sum != a + b) { throw new RuntimeException("Remote stateless calculator returned an incorrect sum " + sum + " ,expected sum was " + (a + b)); } // try one more invocation, this time for subtraction int num1 = 3434; int num2 = 2332; System.out.println("Subtracting " + num2 + " from " + num1 + " via the remote stateless calculator deployed on the server"); int difference = statelessRemoteCalculator.subtract(num1, num2); System.out.println("Remote calculator returned difference = " + difference); if (difference != num1 - num2) { throw new RuntimeException("Remote stateless calculator returned an incorrect difference " + difference + " ,expected difference was " + (num1 - num2)); } // System.out.println("x" + statelessRemoteCalculator.getNameFree()); System.out.println("x" + statelessRemoteCalculator.getName()); } private static ISecuredRemoteSession lookupRemoteStatelessCalculator() throws Exception { return lookupRemoteStatelessCalculator_WithoutPropertieFile_method2_ear();//ear } private static ISecuredRemoteSession lookupRemoteStatelessCalculator_WithoutPropertieFile_method2_ear() throws Exception { String jndiName = "ejb:nms-server-ear/nms-server-ejb//SecuredRemoteSession!" + ISecuredRemoteSession.class.getName();//ear:good Properties p = new Properties(); { p.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false"); p.put("remote.connections", "default"); p.put("remote.connection.default.host", "192.168.1.100"); p.put("remote.connection.default.port", "4447"); p.put(InitialContext.SECURITY_PRINCIPAL, "testX"); p.put(InitialContext.SECURITY_CREDENTIALS, "test1234"); p.put("jboss.naming.client.ejb.context", "true"); p.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false"); } EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(p); ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc); EJBClientContext.setSelector(selector); Properties props = new Properties(); props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"); InitialContext context = new InitialContext(props); return (ISecuredRemoteSession)context.lookup(jndiName); } }
7.3 run my client
(a) the client log:
Aug 02, 2012 11:44:28 PM org.xnio.Xnio <clinit> INFO: XNIO Version 3.0.3.GA Aug 02, 2012 11:44:28 PM org.xnio.nio.NioXnio <clinit> INFO: XNIO NIO Implementation Version 3.0.3.GA Aug 02, 2012 11:44:28 PM org.jboss.remoting3.EndpointImpl <clinit> INFO: JBoss Remoting version 3.2.3.GA Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.VersionReceiver handleMessage INFO: Received server version 1 and marshalling strategies [river] Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate INFO: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@eb3f66, receiver=Remoting connection EJB receiver [connection=Remoting connection <175650e>,channel=jboss.ejb,nodename=cv0018179n0]} on channel Channel ID a749f8f0 (outbound) of Remoting connection 016292a4 to /192.168.1.100:4447 Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.ChannelAssociation$ResponseReceiver handleMessage WARN: Unsupported message received with header 0xffffffff Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.EJBClient <clinit> INFO: JBoss EJB Client version 1.0.5.Final Obtained a remote stateless calculator for invocation Adding 204 and 340 via the remote stateless calculator deployed on the server Remote calculator returned sum = 544 Subtracting 2332 from 3434 via the remote stateless calculator deployed on the server Remote calculator returned difference = 1102 xname $local false Aug 02, 2012 11:44:30 PM org.jboss.ejb.client.remoting.ChannelAssociation resultReady INFO: Discarding result for invocation id 3 since no waiting context found Exception in thread "main" java.lang.reflect.UndeclaredThrowableException at $Proxy0.getName(Unknown Source) at com.ybxiang.nms.simpleclient.RemoteEJBClient_ear3_JAAS.invokeStatelessBean(RemoteEJBClient_ear3_JAAS.java:48) at com.ybxiang.nms.simpleclient.RemoteEJBClient_ear3_JAAS.main(RemoteEJBClient_ear3_JAAS.java:21) Caused by: java.io.StreamCorruptedException: Unexpected byte found when reading an object: 53 at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:750) at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:209) at org.jboss.marshalling.river.RiverUnmarshaller.readFields(RiverUnmarshaller.java:1677) at org.jboss.marshalling.river.RiverObjectInputStream.defaultReadObject(RiverObjectInputStream.java:73) at java.lang.Throwable.readObject(Throwable.java:913) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:601) at org.jboss.marshalling.reflect.SerializableClass.callReadObject(SerializableClass.java:213) at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1574) at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557) at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557) at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557) at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557) at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1235) at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:272) at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:209) at org.jboss.marshalling.AbstractObjectInput.readObject(AbstractObjectInput.java:37) at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:82) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:270) at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:47) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272) at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:132) at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:260) at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:399) at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:140) at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) ... 3 more Caused by: an exception which occurred: in field suppressedExceptions in object of type javax.ejb.EJBAccessException
(b) the server side exception:
23:39:54,859 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "nms-server-ear.ear" 23:44:30,000 INFO [stdout] (EJB default - 3) getNameFree************************************************ 23:44:30,000 INFO [stdout] (EJB default - 3) name $local false 23:44:30,000 INFO [stdout] (EJB default - 3) getNameFree************************************************ 23:44:30,031 ERROR [org.jboss.ejb3.invocation] (EJB default - 4) JBAS014134: EJB Invocation failed on component SecuredRemoteSession for method public abstract java.lang.String com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession.getName(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession.getName() of bean: SecuredRemoteSession is not allowed at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:302) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:196) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_20] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_20] at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_20] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_20] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_20] at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_20] at org.jboss.threads.JBossThread.run(JBossThread.java:122)
I want to know why the fourth method getName() is NOT allowed while the first 3 method is OK!!!
My code is almost the same as the one described in https://community.jboss.org/wiki/JBoss7AndEjbRemoteCallWithSecurity
I attached all codes.
Please help me! Thank you in advance!
-
code.zip 3.9 MB
-
TestEar.ear 2.6 KB
-
TestEar.ear_code.zip 14.5 KB