MBean access to secured EJB
mcalm May 8, 2003 4:28 AMHi,
I try the following:
An MBean calls periodically a SessionBean, which I secured per JAAS.
The MBean is running in the same VM like the SessionBean.
I'm using the DatabaseServerLoginModule to login.
Printing out the created Subject from LoginContext shows all expected roles and principals. But calling an method on a homeInterface of the SessionBean, the following Error occurs:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
java.lang.SecurityException: Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:167)
here some code:
try {
CallbackHandler handler =
new UsernamePasswordCallbackHandler("TestUser", new String("TestPWD").toCharArray());
LoginContext loginContext = new LoginContext("stpdatabase", handler);
loginContext.login();
//DEBUG
javax.security.auth.Subject subject = loginContext.getSubject();
if (log.isDebugEnabled()) {
log.debug("Subject: " + subject);
log.debug("Principals: " + subject.getPrincipals());
java.util.Iterator it = subject.getPrincipals().iterator();
while (it.hasNext()) {
Object o = it.next();
log.debug(o + " " + o.getClass().getName());
if (o instanceof org.jboss.security.NestableGroup) {
log.debug("NestableGroup: " + ((org.jboss.security.NestableGroup) o).getName());
for (java.util.Enumeration e = ((java.security.acl.Group) o).members(); e.hasMoreElements(); ) {
log.debug("Rolle:" + e.nextElement());
}
}
}
}
//ENDE DEBUG
} catch (LoginException lex) {
log.error("Fehler beim Login", lex);
}
if (log.isDebugEnabled()) {
log.debug("LS_ServiceHome holen...");
}
Hashtable props = new Hashtable();
props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
props.put(Context.PROVIDER_URL, "127.0.0.1");
props.put("java.naming.rmi.security.manager", "yes");
props.put(Context.URL_PKG_PREFIXES, "org.jboss.naming");
Context ctx = new InitialContext(props);
Class narrowClass = xxx.yyy.zzz.session.LS_ServiceHome.class;
xxx.yyy.zzz.session.LS_ServiceHome ls_serviceHome =
(xxx.yyy.zzz.session.LS_ServiceHome) PortableRemoteObject.narrow(
ctx.lookup("partner_LS_ServiceBean")
, narrowClass);
//xxx.yyy.zzz.session.LS_ServiceHome ls_serviceHome = (xxx.yyy.zzz.session.LS_ServiceHome) JNDI_Util.getJNDIUtil()
// .getHomeReference("partner_LS_ServiceBean", xxx.yyy.zzz.session.LS_ServiceHome.class);
if (log.isDebugEnabled()) {
log.debug(" ls_serviceHome.create()...");
}
xxx.yyy.zzz.session.LS_Service ls_service = ls_serviceHome.create();
And this is the log:
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] einloggen im PartnerSystem...
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Subject: Subject:
Principal: TestUser
Principal: Roles
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Principals: [IETAC, Roles]
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] IETAC org.jboss.security.SimplePrincipal
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Roles org.jboss.security.NestableGroup
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] NestableGroup: Roles
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_128
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_127
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_126
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_125
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_124
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_2
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_22
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_122
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_121
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_101
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:B_1
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_1
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_61
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] Rolle:R_400
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] LS_ServiceHome holen...
08.05.2003 11:59 [DEBUG] [PartnerSysDbfToOra] ls_serviceHome.create()...
08.05.2003 11:59 [ERROR] [PartnerSysDbfToOra] Fehler in PartnerSysDbfToOra.runJob(); File: TOUR_LG.DBF
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=null
java.lang.SecurityException: Authentication exception, principal=null
What is the reason for this behaviour and how can I solve this problem?
Thanks McAlm