-
1. Re: JBoss + Tomcat Authentication
adrian.brock Jul 5, 2003 7:49 AM (in response to ereze)If you configure the security domain in jboss-web.xml
it will authenticate/authorise at the web access.
If you configure the security domain in jboss.xml
it will authenticate/authorise at the ejb.
Regards,
Adrian -
2. Re: JBoss + Tomcat Authentication
petertje Jul 5, 2003 7:52 AM (in response to ereze)When a client accesses a web protected page, the servlet container checks whether the user is already logged in and, if not, redirects to the login page. After succesfull login the user is redirected to the page he originally requested.
When a user is logged in, any call to a protected page will have the correct security credentials associated and subsequent calls to EJBs can be made freely.
Hth
Peter. -
3. Re: JBoss + Tomcat Authentication
ereze Jul 5, 2003 8:36 AM (in response to ereze)Thanks a lot Peter.
Just to make sure I got it right.
Once the user has logged in using the browser, any servlet in that protected area who needs to invoke EJB calls will not have to perform a second login, is that right? Meaning the credentials are already set.
What security-domain should I use in the
jboss-web.xml? The same one as the one in the Jboss.xml?
Now I tried just to get any reaction from the Tomcat ran as part of JBoss but nothing really happens. I don't get the BASIC authentication window when I try to access the site - it just let me in. Is there something wrong with my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<servlet-name>action</servlet-name>
<servlet-class>org.apache.struts.action.ActionServlet</servlet-class>
<init-param>
<param-name>config</param-name>
<param-value>/WEB-INF/struts-config.xml</param-value>
</init-param>
<init-param>
<param-name>debug</param-name>
<param-value>2</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
<servlet-mapping>
<servlet-name>action</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<taglib-uri>/tags/struts-bean</taglib-uri>
<taglib-location>/WEB-INF/struts-bean.tld</taglib-location>
<taglib-uri>/tags/struts-bean-el</taglib-uri>
<taglib-location>/WEB-INF/struts-bean-el.tld</taglib-location>
<taglib-uri>/tags/struts-html</taglib-uri>
<taglib-location>/WEB-INF/struts-html.tld</taglib-location>
<taglib-uri>/tags/struts-html-el</taglib-uri>
<taglib-location>/WEB-INF/struts-html-el.tld</taglib-location>
<taglib-uri>/tags/struts-logic</taglib-uri>
<taglib-location>/WEB-INF/struts-logic.tld</taglib-location>
<taglib-uri>/tags/struts-logic-el</taglib-uri>
<taglib-location>/WEB-INF/struts-logic-el.tld</taglib-location>
<taglib-uri>/tags/struts-nested</taglib-uri>
<taglib-location>/WEB-INF/struts-nested.tld</taglib-location>
<taglib-uri>/tags/struts-template</taglib-uri>
<taglib-location>/WEB-INF/struts-template.tld</taglib-location>
<taglib-uri>/tags/struts-tiles</taglib-uri>
<taglib-location>/WEB-INF/struts-tiles.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/core</taglib-uri>
<taglib-location>/WEB-INF/c.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/core_rt</taglib-uri>
<taglib-location>/WEB-INF/c-rt.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/fmt</taglib-uri>
<taglib-location>/WEB-INF/fmt.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/fmt_rt</taglib-uri>
<taglib-location>/WEB-INF/fmt-rt.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/sql</taglib-uri>
<taglib-location>/WEB-INF/sql.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/sql_rt</taglib-uri>
<taglib-location>/WEB-INF/sql-rt.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/xml</taglib-uri>
<taglib-location>/WEB-INF/x.tld</taglib-location>
<taglib-uri>http://java.sun.com/jstl/xml_rt</taglib-uri>
<taglib-location>/WEB-INF/x-rt.tld</taglib-location>
<security-constraint>
<display-name>Secured Area</display-name>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
Secured Content
<role-name>User</role-name>
<role-name>Operator</role-name>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Secured Area</realm-name>
</login-config>
<security-role>
Site Admnistrator
<role-name>Admin</role-name>
</security-role>
<security-role>
A member of the site system stuff
<role-name>Operator</role-name>
</security-role>
<security-role>
Simple user of this site
<role-name>User</role-name>
</security-role>
</web-app>
Thanks again,
Erez -
4. Re: JBoss + Tomcat Authentication
ereze Jul 5, 2003 11:22 AM (in response to ereze)Ok it finally seems to work...
Thanks,
Erez -
5. Re: JBoss + Tomcat Authentication
ereze Jul 5, 2003 4:48 PM (in response to ereze)I have made some progress but still now I really don't get it.
The user enters the site, and gets the login BASIC window (it's just for testing purposes) and after entering the username and password it logs in correctly and I get the page.
Then when the user tries to perform something I still I get an error when the servlet or
Struts Action tries to invoke a method on the Agent stateless session EJB. I get the following:
"No method permissions assigned to method=findByUsername, interface=LOCALHOME"
I want to mention that my servlet does not log again using a LoginContext and all that. It just retrieves a reference to the Home Interface and invoke the method. Without security it all works fine.
I would really appreciate any help on this, I am a bit stuck here..
---- a snippet from my Struts Action ---
try {
AgentLocalHome home = getAgentHome ();
agent = home.create ();
bFree = agent.isUsernameFree (username);
}
finally {
// release, no more needed
if (agent != null)
agent.remove();
}
return bFree;
(I have included the Jboss error log)
Here are my configuration files:
web.xml
-----------
<security-constraint>
<display-name>Secured Area</display-name>
<web-resource-collection>
<web-resource-name>Collection1</web-resource-name>
<url-pattern>/</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
Secured Content
<role-name>User</role-name>
<role-name>Operator</role-name>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Secured Area</realm-name>
</login-config>
<security-role>
Site Admnistrator
<role-name>Admin</role-name>
</security-role>
<security-role>
A member of the site system stuff
<role-name>Operator</role-name>
</security-role>
<security-role>
Simple user of this site
<role-name>User</role-name>
</security-role>
</web-app>
--------------------
jboss-web.xml
--------------------
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<security-domain>java:/jaas/other</security-domain>
</jboss-web>
-------------
jboss.xml
-------------
<security-domain>java:/jaas/other</security-domain>
<enterprise-beans>
<ejb-name>SequenceGenerator</ejb-name>
<local-jndi-name>SequenceGeneratorLocal</local-jndi-name>
<ejb-name>Agent</ejb-name>
<jndi-name>Agent</jndi-name>
<local-jndi-name>AgentLocal</local-jndi-name>
<ejb-name>Sequence</ejb-name>
<local-jndi-name>Sequence</local-jndi-name>
<ejb-name>Profile</ejb-name>
<local-jndi-name>Profile</local-jndi-name>
<ejb-name>User</ejb-name>
<local-jndi-name>User</local-jndi-name>
<ejb-name>Search</ejb-name>
<local-jndi-name>Search</local-jndi-name>
</enterprise-beans>
----------------
ejb-jar.xml
----------------
<assembly-descriptor>
<security-role>
<role-name>User</role-name>
</security-role>
<security-role>
<role-name>Admin</role-name>
</security-role>
<method-permission>
<role-name>User</role-name>
<role-name>Admin</role-name>
<ejb-name>Agent</ejb-name>
<method-name>*</method-name>
</method-permission>
...
</assembly-descriptor>
...
------------------------
JBoss error log
------------------------
21:42:12,205 ERROR [Engine] ----- Root Cause -----
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
No method permissions assigned to method=findByUsername, interface=LOCALHOME
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:191)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133)
at org.jboss.ejb.EntityContainer.invokeHome(EntityContainer.java:487)
at org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invokeHome(BaseLocalContainerInvoker.java:230)
at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:110)
at $Proxy67.findByUsername(Unknown Source)
at services.AgentBean.isUsernameFree(AgentBean.java:227)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionContainer.java:660)
at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:186)
at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstanceInterceptor.java:77)
at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:107)
at org.jboss.ejb.plugins.TxInterceptorCMT.runWithTransactions(TxInterceptorCMT.java:237)
at org.jboss.ejb.plugins.TxInterceptorCMT.invoke(TxInterceptorCMT.java:98)
at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:130)
at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:208)
at org.jboss.ejb.StatelessSessionContainer.invoke(StatelessSessionContainer.java:313)
at org.jboss.ejb.plugins.local.BaseLocalContainerInvoker.invoke(BaseLocalContainerInvoker.java:301)
at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:83)
at $Proxy72.isUsernameFree(Unknown Source)
at web.SignupAction.isUsernameFree(SignupAction.java:180)
at web.SignupAction.processBasicInfo(SignupAction.java:110)
at web.SignupAction.execute(SignupAction.java:229)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:465)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1422)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:523)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:551)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:509)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:536)
java.lang.SecurityException: No method permissions assigned to method=findByUsername, interface=LOCALHOME
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:190)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
...
...
Thanks a lot,
-- Erez -
6. Re: JBoss + Tomcat Authentication
haraldgliebe Jul 5, 2003 5:52 PM (in response to ereze)If you have set a security-domain for your EJB and have no permissions assigned to a method of this bean, the container doesn't allow this method to be accessed. Define an 'unchecked' method permisson for these methods in the ejb-jar.xml:
<assembly-descriptor>
<method-permission>
<ejb-name>UncheckedEJB</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
Regards,
Harald -
7. Re: JBoss + Tomcat Authentication
ereze Jul 6, 2003 3:47 PM (in response to ereze)It works now. thanks.
-- Erez