-
1. Re: Help please : securing simple Ejb problem
cdkcdk Aug 29, 2002 5:35 AM (in response to cdkcdk)Oops I forgot the attachment !
-
2. Re: Help please : securing simple Ejb problem
cdkcdk Aug 29, 2002 8:51 AM (in response to cdkcdk)Nobody seems to like my question. If it is too stupid for you, sorry, I'm new to JBossSX and JAAS, so just tell me where I can find docs, but please don't let me stuck here...
ANY help or hints or example are welcome,
Ooobi -
3. Re: Help please : securing simple Ejb problem
tool Aug 29, 2002 10:05 AM (in response to cdkcdk)Hey, no question is stupid. It just takes a while to get an answer sometimes. If you're like me you never get an answer to the questions you post. Its just the way it is. Anyways, I took a look at demo.jar and can't find anything majorly wrong with it. How about posting the .ear (and answering the question below) and maybe I can deploy it and try to help a bit?
What version of JBoss are you running? If it is 3.0.0 or 3.0.1, you have to use the login-config.xml file in place of the auth.conf file.
Oh and if you are using JBoss 2.4.x and are still looking for examples.....try the article by Scott Stark at http://www.javaworld.com/javaworld/jw-08-2001/jw-0831-jaas.html
Some of the example code is wrong (at least it wouldn't work for me) so I have included the final working version of that example, including the ant build file and the jars, wars and ears.
Hope some of this helps and it isn't all mindless ramblings...
tool -
4. Re: Help please : securing simple Ejb problem
cdkcdk Aug 29, 2002 10:31 AM (in response to cdkcdk)Yeah I already tried Mr Stark's examples and it works fine.
I'm working with JBoss 3.0.0. I didn't try to use login-config.xml yet. I'm gonna try it.
One question : is building an ear file required or optional? I mean, isn't it possible to run my client without that ? Without security it works fine.
Thanks for your help,
Obiwan -
5. Re: Help please : securing simple Ejb problem
tool Aug 29, 2002 10:40 AM (in response to cdkcdk)What I know about the .ear situation is this:
If you are deploying anything web-based you need to use a .war file, and you are required to place the .war in an .ear file and use an application.xml descriptor file.
However, if you aren't using anything like that, then using an .ear file is optional.
If you need an example of the login-config setup, I posted a .zip file in the "FORM login doesn't work properly, help!!" thread in this forum.
Hope the login-config.xml thing works for you.
tool -
6. Re: Help please : securing simple Ejb problem
cdkcdk Aug 29, 2002 11:06 AM (in response to cdkcdk)All right. I'll have a look at your post and I'll tell you...
Thanks a lot,
May the force be with you,
Obiwan -
7. Re: Help please : securing simple Ejb problem
cdkcdk Aug 30, 2002 4:03 AM (in response to cdkcdk)Well, I tried to replace my auth.conf file by a simplified copy of your example, but it still doesn't work. I still get the same error : principal=null.
-
8. Re: Help please : securing simple Ejb problem
hurzeler Aug 30, 2002 8:22 PM (in response to cdkcdk)Hi there,
I had the exact same error 'principal=null' coming up for days now and I was always looking on the jboss side for a fix. How wrong I was!
One has to make sure that the client code already had a principal set before you call anything on the serverside.
For example if you are calling your ejb method form a servlet, the servlet needs to be decleared in a <security-constraint> element in web.xml otherwise it will be executed with principal=null and hence your ejb will be called with principal=null. This all sound obvious, but if you forget it, it just won't work.
web.xml
<servlet-name>SecureServlet</servlet-name>
<display-name>Secure Servlet</display-name>
<servlet-class>com.timeTag.web.SecureServlet</servlet-class>
<servlet-mapping>
<servlet-name>SecureServlet</servlet-name>
<url-pattern>/servlet/SecureServlet</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure Content</web-resource-name>
Security Constraint
<url-pattern>/servlet/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>Administrator</role-name>
</auth-constraint>
With other clients it is the same. You need to authenticate first and propagate your principal.
I hope this helps.
Bernie -
9. Re: Help please : securing simple Ejb problem
damomurf Sep 8, 2002 9:09 PM (in response to cdkcdk)Hurzeler,
In your last comment you say:
"With other clients it is the same. You need to authenticate first and propagate your principal."
How exactly is it that you propagate the principal to JBoss, once you've authorised it in Tomcat? (I'm referring to the situation where Tomcat and JBoss are running in separate VMs)
Thanks,
Damian. -
10. Re: Help please : securing simple Ejb problem
jmejia424 Sep 9, 2002 5:58 PM (in response to cdkcdk)Yes! How would you authenticated for one or two method calls and propogate that authentication. I have a STRUTS Plugin that when initialized calls a Session Bean and then the Session Bean calls and Entity Bean. Both the Session and Entity are secure. However, the Plugin works as a service and shouldn't have to be authenticated as anyone.
Any ideas? Would love an example if you have it.