-
1. Re: Method Level Permissions?
juhalindfors Jan 28, 2003 3:16 AM (in response to aweissman)You don't declare the roles on the client, instead you provide a user name and password (via SecurityAssociation or JAAS ClientLoginModule login) which are sent to the server and then mapped to a configured role.
Modifying ejb-jar.xml is not enough to setup security. You will also need to declare the security domain for your bean in the jboss.xml descriptor (see DTD). In addition you need to configure this domain in the server/default/login-config.xml file with a JAAS login module (database, file, LDAP, etc. based security) and then populate the target with your user names, passwords and role mapping (by for example inserting the required information into database table).
HTH -
2. Re: Method Level Permissions?
aweissman Jan 28, 2003 10:08 AM (in response to aweissman)Thanks Juha!
I inserted the security domain reference in my DD, and I already had my login-config.xml going (its what I'm trying to test!) and I got the following exception from jboss when it attempted to deploy the EJB:
10:11:53,240 INFO [EjbModule] Deploying TestSession
10:11:53,272 ERROR [EjbModule] error adding container to app.
org.jboss.deployment.DeploymentException: Could not find the security-domain specified for this container, name=SunOneDirectory; - nested throwable: (javax.naming.NameNotFoundException: SunOneDirectory not bound)
at org.jboss.ejb.EjbModule.initializeContainer(EjbModule.java:748)
at org.jboss.ejb.EjbModule.createStatelessSessionContainer(EjbModule.java:583)
at org.jboss.ejb.EjbModule.createContainer(EjbModule.java:538)
at org.jboss.ejb.EjbModule.createService(EjbModule.java:363)
at org.jboss.system.ServiceMBeanSupport.create(ServiceMBeanSupport.java:136)...
(let me know if you need to see more)
Can you see any issues with my login-config.xml?
thanks,
Alan
login-config.xml:
<?xml version="1.0"?>
<!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<application-policy name="SunOneDirectory">
<login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:1389</module-option>
<module-option name="java.naming.security.authentiaction">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,o=solspark</module-option>
<module-option name="uidAttributeID">uid</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=Groups,o=solspark</module-option>
</login-module>
</application-policy> -
3. Re: Method Level Permissions?
juhalindfors Jan 28, 2003 11:06 AM (in response to aweissman)Do you declare "java:jaas/SunOneDirectory" as your security domain in jboss.xml?
-
4. Re: Method Level Permissions?
aweissman Jan 28, 2003 11:24 AM (in response to aweissman)ah beautiful! I didn't have the java:jaas/ prefix on it in jboss.xml. Ran it and started getting security exceptions, which is exactly what I wanted. Is there any sample code out there for using the ClientLoginModule?
Thanks again!
Alan -
5. Re: Method Level Permissions?
juhalindfors Jan 28, 2003 12:22 PM (in response to aweissman)Security is explained in detail in the 3.0 Administration and Development book, available from http://www.jboss.org/docs.
-
6. Re: Method Level Permissions?
aweissman Jan 29, 2003 5:09 PM (in response to aweissman)Thanks Juha :)
I RTFM and i've created my simple testclient based on the example. now i'm having trouble with auth.conf not being found on execution. can't i just put this in with my client class files for use during runtime? -
7. Re: Method Level Permissions?
aweissman Jan 29, 2003 5:38 PM (in response to aweissman)nm thanks :)