6 Replies Latest reply on May 20, 2003 9:15 AM by adrian.brock

Principal = null calling secured EJB from java client

mspinetti May 17, 2003 1:01 PM

I'm trying to do a very simple sample of calling a secured EJB from a Java client, but when I try to get the home of the EJB Jboss gives "SecurityInterceptor -> Authentication exception, principal = null.

Can somebody help me about that?? What's wrong??

I've tried with a Java client that uses JAAS to authenticate a user and I get the same error.

I'm using Jboss-Tomcat 3.2.0 over Win2000 professional with JDK1.4.1_02.

Thanks for help. Sorry for my english, I hope you understand.

Login-config.xml entry.
-------------------------------

<application-policy name = "ejb">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>

ejb-jar.xml
------------------

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>

<display-name>Comp1</display-name>
<ejb-name>Comp1</ejb-name>
jboss1.Comp1Home
jboss1.Comp1
<ejb-class>jboss1.Comp1Bean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>

<display-name>First</display-name>
<ejb-name>First</ejb-name>
jboss1.FirstHome
jboss1.First
<ejb-class>jboss1.FirstBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>

</enterprise-beans>
<assembly-descriptor>
<security-role>

<role-name>teller</role-name>
</security-role>
<method-permission>
<role-name>teller</role-name>

<ejb-name>Comp1</ejb-name>
<method-name>*</method-name>

</method-permission>
<container-transaction>

<ejb-name>Comp1</ejb-name>
<method-name>*</method-name>

<ejb-name>First</ejb-name>
<method-name>*</method-name>

<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>

jboss.xml
-------------.

<security-domain>java:/jaas/ejb</security-domain>
<enterprise-beans>

<ejb-name>Comp1</ejb-name>
<jndi-name>ejb/Comp1</jndi-name>

<ejb-name>First</ejb-name>
<jndi-name>First</jndi-name>

</enterprise-beans>

1. Re: Principal = null calling secured EJB from java client

petertje May 19, 2003 3:02 AM (in response to mspinetti)

From a Java stand-alone client, right? Does it perform a JAAS login using the jboss ClientLoginModule?

Peter
Actions
2. Re: Principal = null calling secured EJB from java client

mspinetti May 19, 2003 5:13 AM (in response to mspinetti)

No, in the stand-alone app I made I used UsersRolesLoginModule.

Do I have to use ClientLoginModule? why?

Do you have some sample of a java stand-alone client calling a secure EJB??

It's necessary to use Subject.doAs to make the call??

I think I don't understand very well this stuff.

Thanks.
Actions
3. Re: Principal = null calling secured EJB from java client

mspinetti May 19, 2003 2:34 PM (in response to mspinetti)

I already solve it! using ClientLoginModule from JAAS

Thanks Peter,
Actions
4. Re: Principal = null calling secured EJB from java client

adrian.brock May 19, 2003 5:50 PM (in response to mspinetti)

The ClientLoginModule is used to remember
the user/password in a location for later
use by the ejb proxies.
They transport this information to the server
where the authentication occurs.

Look at client/auth.conf for an example JAAS config.

Regards,
Adrian
Actions
5. Re: Principal = null calling secured EJB from java client

msmckibben May 20, 2003 3:00 AM (in response to mspinetti)

Do you have to perform the client auth even if you have an unchecked method permission for your EJB specified in the deployment descriptor?

I have an ejb jar that has mixed beans-- i.e. some require a security role while others don't. Calling into an EJB method marked as unchecked throws this same exception. But, I can't just whack out the <security-domain> from jboss.xml as all the beans then become unsecured. It seems to be an all or nothing affair JBoss.
Actions
6. Re: Principal = null calling secured EJB from java client

adrian.brock May 20, 2003 9:15 AM (in response to mspinetti)

If the ejb is going to authenticate the user/password
it must know that information
which means you have to pass it to the server.

Regards,
Adrian
Actions

Go to original post