security problem
rafcio Mar 13, 2003 10:00 AMhi,
I want only prevent calls from other clients without using any authentification to my beans. client should only comunicate with my facade session beans, which are checking the permissions. I#m working with JBoss 3.0.6 and there are my configurations:
jboss.xml:
<security-domain>java:/jaas/mmcms</security-domain>
<enterprise-beans>
<ejb-name>LanguageBean</ejb-name>
<local-jndi-name>language/LanguageBean</local-jndi-name>
<ejb-name>LanguageFacade</ejb-name>
<!-- <jndi-name>language/LanguageFacade</jndi-name> -->
<local-jndi-name>language/LanguageFacade</local-jndi-name>
</enterprise-beans>
<container-configurations>
<container-configuration>
<container-name>Standard CMP 2.x EntityBean</container-name>
<commit-option>A</commit-option>
</container-configuration>
</container-configurations>
ejb-jar.xml:
<ejb-jar>
<enterprise-beans>
<display-name>Language Entity Bean</display-name>
<ejb-name>LanguageBean</ejb-name>
<local-home>de.polonium.ejb.language.entitybeans.LanguageLocalHome</local-home>
de.polonium.ejb.language.entitybeans.LanguageLocal
<ejb-class>de.polonium.ejb.language.entitybeans.LanguageBean</ejb-class>
<persistence-type>Container</persistence-type>
<prim-key-class>java.lang.Integer</prim-key-class>
False
<cmp-version>2.x</cmp-version>
<abstract-schema-name>language</abstract-schema-name>
<cmp-field><field-name>language_id</field-name></cmp-field>
<cmp-field><field-name>lang_short</field-name></cmp-field>
<cmp-field><field-name>lang_long</field-name></cmp-field>
<primkey-field>language_id</primkey-field>
<security-identity>
<use-caller-identity/>
</security-identity>
....
<display-name>Language Facade Stateless Session Bean</display-name>
<ejb-name>LanguageFacade</ejb-name>
<local-home>de.polonium.ejb.language.sessionbeans.LanguageFacadeLocalHome</local-home>
de.polonium.ejb.language.sessionbeans.LanguageFacadeLocal
<ejb-class>de.polonium.ejb.language.sessionbeans.LanguageFacade</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-identity>
<run-as>
<role-name>mmcms</role-name>
</run-as>
</security-identity>
</enterprise-beans>
<assembly-description>
<security-role>
<role-name>mmcms</role-name>
</security-role>
<method-permission>
<role-name>mmcms</role-name>
<ejb-name>LanguageBean</ejb-name>
<method-name>*</method-name>
</method-permission>
<method-permission>
<role-name>mmcms</role-name>
<ejb-name>LanguageFacade</ejb-name>
<method-name>*</method-name>
</method-permission>
<container-transaction>
<ejb-name>LanguageBean</ejb-name>
<method-name>*</method-name>
<ejb-name>LanguageFacade</ejb-name>
<method-name>*</method-name>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-description>
</ejb-jar>
login-config.xml:
<application-policy name = "mmcms">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
my users.properties and roles.properties are stored in default\conf folder. starting JBoss works fine. But after a call of LanguageFacade I get:
I get:
15:15:58,676 ERROR [LogInterceptor] EJBException, causedBy: java.lang.SecurityException: Authentication exception, principal=null at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173) at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94) at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129) at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300) at org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(BaseLocalContainerInvoker.java:230) at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:110) at $Proxy54.create(Unknown Source)
[...]
Why? Did I forgot something?
Best Regards,
Rafal