1 Reply Latest reply on May 8, 2003 4:58 AM by mcalm

    MBean access to secured EJB

    mcalm

      Hi,
      I try the following:
      An MBean calls periodically a SessionBean, which I secured per JAAS.
      The MBean is running in the same VM like the SessionBean.
      I'm using the DatabaseServerLoginModule to login.
      Printing out the created Subject from LoginContext shows all expected roles and principals. But calling an method on a homeInterface of the SessionBean, the following Error occurs:
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Authentication exception, principal=null
      java.lang.SecurityException: Authentication exception, principal=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:167)

      here some code:
      try {
      CallbackHandler handler =
      new UsernamePasswordCallbackHandler("TestUser", new String("TestPWD").toCharArray());
      LoginContext loginContext = new LoginContext("stpdatabase", handler);
      loginContext.login();

      //DEBUG
      javax.security.auth.Subject subject = loginContext.getSubject();
      if (log.isDebugEnabled()) {
      log.debug("Subject: " + subject);
      log.debug("Principals: " + subject.getPrincipals());
      java.util.Iterator it = subject.getPrincipals().iterator();
      while (it.hasNext()) {
      Object o = it.next();
      log.debug(o + " " + o.getClass().getName());
      if (o instanceof org.jboss.security.NestableGroup) {
      log.debug("NestableGroup: " + ((org.jboss.security.NestableGroup) o).getName());
      for (java.util.Enumeration e = ((java.security.acl.Group) o).members(); e.hasMoreElements(); ) {
      log.debug("Rolle:" + e.nextElement());
      }
      }
      }
      }
      //ENDE DEBUG

      } catch (LoginException lex) {
      log.error("Fehler beim Login", lex);
      }

      if (log.isDebugEnabled()) {
      log.debug("LS_ServiceHome holen...");
      }
      Hashtable props = new Hashtable();
      props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
      props.put(Context.PROVIDER_URL, "127.0.0.1");
      props.put("java.naming.rmi.security.manager", "yes");
      props.put(Context.URL_PKG_PREFIXES, "org.jboss.naming");
      Context ctx = new InitialContext(props);

      Class narrowClass = xxx.yyy.zzz.session.LS_ServiceHome.class;
      xxx.yyy.zzz.session.LS_ServiceHome ls_serviceHome =
      (xxx.yyy.zzz.session.LS_ServiceHome) PortableRemoteObject.narrow(
      ctx.lookup("partner_LS_ServiceBean")
      , narrowClass);

      //xxx.yyy.zzz.session.LS_ServiceHome ls_serviceHome = (xxx.yyy.zzz.session.LS_ServiceHome) JNDI_Util.getJNDIUtil()
      // .getHomeReference("partner_LS_ServiceBean", xxx.yyy.zzz.session.LS_ServiceHome.class);

      if (log.isDebugEnabled()) {
      log.debug(" ls_serviceHome.create()...");
      }
      xxx.yyy.zzz.session.LS_Service ls_service = ls_serviceHome.create();

      And this is the log:
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] einloggen im PartnerSystem...
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Subject: Subject:
      Principal: TestUser
      Principal: Roles

      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Principals: [IETAC, Roles]
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] IETAC org.jboss.security.SimplePrincipal
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Roles org.jboss.security.NestableGroup
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] NestableGroup: Roles
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_128
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_127
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_126
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_125
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_124
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_2
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_22
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_122
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_121
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_101
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:B_1
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_1
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_61
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_400
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] LS_ServiceHome holen...
      08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] ls_serviceHome.create()...
      08.05.2003 11:59 [ERROR] [PartnerSysDbfToOra] Fehler in PartnerSysDbfToOra.runJob(); File: TOUR_LG.DBF
      java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
      java.lang.SecurityException: Authentication exception, principal=null
      java.lang.SecurityException: Authentication exception, principal=null

      What is the reason for this behaviour and how can I solve this problem?

      Thanks McAlm