1 Reply Latest reply on Jul 25, 2014 6:21 AM by jplacebo

    Can't lookup local EJB using database authentication (with JBoss AS 7.1.1)

    jplacebo

      Hi all,

       

      I'm migrating a project from JBoss 5.1.0 to JBoss 7.1.1 and I'm stuck in database authentication while calling local EJBs.

      I'm not sure where the problem is, either could be in the lookup method or in the security domain configurations.

       

       

      Here's the client code snippet:

       

      public class ClientServlet extends HttpServlet {

           public void service(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

                paymentEntityService = (PaymentEntityService) lookup("java:global/gwtm-core/PaymentEntityServiceBean!pt.ptinovacao.gwtm.core.business.PaymentEntityService");

       

                System.out.println("Calling forAll()...");

                paymentEntityService.forAll();

       

                System.out.println("Calling forPaymentEntities()...");

                paymentEntityService.forPaymentEntities();

           }

       

           private Object lookup(String jndiName) {

                Properties p = new Properties();

                p.put(Context.SECURITY_PRINCIPAL, "ppx");

                p.put(Context.SECURITY_CREDENTIALS, "ppxerac");

                p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.as.naming.InitialContextFactory");

                Object obj = null;

                try {

                     InitialContext ic = new InitialContext(p);

                     obj = ic.lookup(jndiName);

                } catch(Exception e) {

                     e.printStackTrace();

                }

                return obj;

           }

      }

       

       

      At the server side we have:

       

      @Stateless

      @Local(PaymentEntityService.class)

      @EJB(name = "java:global/PaymentEntityService", beanInterface = PaymentEntityService.class)

      @SecurityDomain("GWTRealm")

      public class PaymentEntityServiceBean implements PaymentEntityService {

           @AroundInvoke

           public Object setGWTUser(InvocationContext invocationContext) throws UnexpectedGwtException {

                LOGGER.debug("Caller Principal = " + context.getCallerPrincipal().getName());

                Object object = null;

                try {

                     gwtUser = new GwtUser(SessionContextUtils.getUsername(context));

                     object = invocationContext.proceed();

                } catch (Throwable e) {

                     throw new UnexpectedGwtException(e.getMessage(), e);

                }

                return object;

           }

       

           @PermitAll

           public String forAll() {

                return "Entered method forAll()!";

           }


           @RolesAllowed({"cp_payment_entity"})

           public String forPaymentEntities() {

                return "Entered method forPaymentEntities()!";

           }

      }

       

       

      What I'm getting on the server, when forAll() method is called, is setGwtUser()'s method log message "Caller Principal = anonymous". Why "anonymous"? I'm pretty sure that the lookup method on the client is wrong since the credentials aren't propagating to the server, but I can't figure out why after trying many different instructions and properties.

       

       

      Here's the security domain configuration in standalone-full.xml:

       

      <subsystem xmlns="urn:jboss:domain:security:1.1">

           <security-domains>

                <security-domain name="GWTRealm">

                     <authentication>

                          <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                               <module-option name="unauthenticatedIdentity" value="guest"/>

                                    <module-option name="dsJndiName" value="java:jboss/datasources/GWTDS"/>

                                    <module-option name="principalsQuery" value="SELECT u.password FROM gwt_user u WHERE LOWER(u.username) = LOWER(?) AND u.status = 'ACTIVE'"/>

                                    <module-option name="rolesQuery" value="SELECT r.name, 'Roles' FROM gwt_user u, gwt_role r, gwt_user_role ur WHERE LOWER(u.username) = LOWER(?) AND u.status = 'ACTIVE' AND u.id = ur.gwt_user_id AND ur.role_name = r.name"/>

                                    <module-option name="hashCharset" value="UTF-8"/>

                          </login-module>

                     </authentication>

                </security-domain>

                (...)

           <security-domains>

      (...)

       

      The principalsQuery returns this (with 'ppx' as argument):

      password = ppxerac

       

      and the rolesQuery returns this:

      name = gwt_user, Roles

      name = cp_payment_entity, Roles

       

      Please help me, is anything wrong with the EJB lookup method? Or am I missing any annotation on the server class?

      Thanks in advance!