2 Replies Latest reply on Sep 14, 2003 9:20 AM by pgmjsd

    Security principal and credential not recognized by the EJB

    prakash_ajp
    prakash_ajp Jun 2, 2003 8:21 AM

      I have defined the roles and method permissions in my ejb-jar.xml. In the login-config, I have configured my LdapLoginModule and I am pointing to the same security-domain in the jboss.xml.

      Now, from the client side, when I try to invoke the bean method as following,

      Properties env = new Properties();

      env.put( "java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory" );
      env.put("java.naming.provider.url","jnp://localhost:1099/");
      env.put( Context.SECURITY_PRINCIPAL, "test" );
      env.put( Context.SECURITY_CREDENTIALS, "test" );

      InitialContext iniCtx = new InitialContext(env);
      Object ref = iniCtx.lookup("EchoBean2");

      EchoHome home = (EchoHome) ref;
      Echo echo = home.create();
      try{
      out.println("Echo.echo('Hello') = "+echo.echo("Hello"));
      }
      catch(Exception e){
      out.println("Exception:" + e.getMessage() );

      }

      Now, I get the exception saying, "Exception:EJBException:; nested exception is: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Insufficient method permissions, principal=null, method=echo, interface=REMOTE, requiredRoles=[People, Echo, person, test], principalRoles=[] "

      Note that the principal is null. But instead when I create a LoginContext with the client-login, things are fine and smooth. The client is authenticated and authorized sucessfully.

      Can anyone tell me why when I pass the principal and credential through the environment properties, the information is not taken by the ejb container?

      Thanks much for the help.

      • 2053 Views
      • Tags:
        • 1. Re: Security principal and credential not recognized by the
          haraldgliebe
          haraldgliebe Jun 2, 2003 12:06 PM (in response to prakash_ajp)

          Unfortunatly the EJB spec doesn't define a standard way how a login to the EJB-container is done.
          The passing of principal and credential information in creation of the InitialContext is the way you login with BEA WebLogic, and is by no means standard. IIRC it's even deprecated in favor of JAAS in the latest versions of their appserver.
          So stay with the JAAS login, as this is the way to do it in JBoss.

          Regards,
          Harald

            • Actions
          • 2. Re: Security principal and credential not recognized by the
            pgmjsd
            pgmjsd Sep 14, 2003 9:20 AM (in response to prakash_ajp)

            Harald is correct, passing the credentials is not standardized in the J2EE spec.

            I think the way one does this in JBoss is to use org.jboss.security.jndi.LoginInitialContextFactory, and pass it a Principal and a credential in the constructor for the InitialContext.

            The Weblogic InitialContext seems a little more friendly, IMHO.

              • Actions