-
1. Re: j2ee.clientName in jndi.properties
starksm64 Mar 16, 2004 8:45 AM (in response to aquila125)You appears to be trying to use the java: context in the client without correctly setting up the j2ee app client, including the application-client.xml descriptor. Try showing some details of the jndi usage causing the problem. The java: context is not usable by clients unless there as been an app client jar deployed to the server.
-
2. Re: j2ee.clientName in jndi.properties
aquila125 Mar 17, 2004 4:44 AM (in response to aquila125)Hmm.. I don't think I understand..
I'll descibe the steps i took...
I've written some EJB's and deployed them, connecting to them went perfectly (CMP entitybeans).. I wrote a small client-application that create some beanse..
Now I would like to add security, so I read the documentation (both commercial and free, as some other tutorials on the net) and added these lines to the corresponding xml files:
Jboss.xml<security-domain>java:/jaas/pas</security-domain>
login-config.xml<application-policy name="pas"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/appsettings</module-option> <module-option name="principalsQuery"> Select password AS Password from users where username = ?</module-option> <module-option name="rolesQuery">Select rolename as Role from Roles inner join User_Role ON User_Role.roleid=Roles.row_id inner join users ON users.row_id=User_Role.userid where username = ?</module-option> </login-module> </authentication> </application-policy>
and
to ejb-jar.xml (in the assembly descriptor)in the assembly descriptor: <security-role> <role-name>ProductManager</role-name> </security-role> <method-permission> <role-name>ProductManager</role-name> <method> <ejb-name>ProductEJB</ejb-name> <method-name>*</method-name> </method> In the entity tag of ProductEJB: <security-role-ref> <role-name>ProductManager</role-name> <role-link>ProductManager</role-link> </security-role-ref>
Running the client now generates an error (as expected):
javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null
So I add the LoginContext to the client and an auth.conf to the command line parameters
auth.conf:pas { org.jboss.security.auth.spi.DatabaseServerLoginModule required; }; other { //DEFAULT CLIENT-LOGIN MODULE org.jboss.security.ClientLoginModule required; };
But now I get anjavax.security.auth.login.LoginException: javax.naming.NamingException: Failed to find j2ee.clientName in jndi env at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPasswor d(DatabaseServerLoginModule.java:110) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(Usernam ePasswordLoginModule.java:150)
error while running the client..
Could you point to some basic documentation on how to get this fixed?
Thanks for your time, it's very much appreciated -
3. Re: j2ee.clientName in jndi.properties
aquila125 Mar 18, 2004 4:11 AM (in response to aquila125)I added an application-xlient.xml and jboss-client.xml to the META-INF map of the client jar file:
<application-client> <display-name>Pricelist Administration System</display-name> <ejb-ref> <ejb-ref-name>ejb/Product</ejb-ref-name> <ejb-ref-type>Entity</ejb-ref-type> <home>myPackage.ProductHome</home> <remote>myPackage.Product</remote> </ejb-ref> </application-client>
and<jboss-client> <jndi-name>pas-client</jndi-name> <ejb-ref> <ejb-ref-name>ejb/ProductEJB</ejb-ref-name> <jndi-name>Product</jndi-name> </ejb-ref> </jboss-client>
(changed the clientname to pas-client because it was the same name as the security domain)
But the error keeps popping up... I must be doing something wrong but I don't see what it is...
Do I have to specify the client-name somewhere on the server side also? -
4. Re: j2ee.clientName in jndi.properties
starksm64 Mar 19, 2004 4:50 AM (in response to aquila125)You have multiple config problems:
- The configuration for the org.jboss.security.auth.spi.DatabaseServerLoginModule is incomplete. See the JAAS howto for some examples.- The DatabaseServerLoginModule is not going to be usable by an external client unless you create your own DataSource binding in JNDI as the 3.2.x series does not support remote access to DataSource factories.- The client auth.conf you use must have the org.jboss.security.ClientLoginModule in addition to any other login modules. If your using the pas configuration it should look like:pas { org.jboss.security.auth.spi.DatabaseServerLoginModule required ... many module option settings to be added ; //DEFAULT CLIENT-LOGIN MODULE org.jboss.security.ClientLoginModule required; };
- You don't show the jndi.properties file or env passed to the creation of the javax.naming.InitialContext. This has to include the j2ee.clientName=pas-client setting.