6 Replies Latest reply on Mar 3, 2006 12:43 PM by jangeysen

    JAAS and ServiceMBean

    marquier

      In a secured context managed by JAAS, must a JBoss ServiceMBean have to login to access Beans ?

      Even if the service is logged by a LoginContext, I've an error: Principal==null when this service call the method create on the Bean Home after the authentication (succeded). What's the problem ?

      Thanks in advance for your help !

      PS: my application works well by Web after a login form validation !

        • 1. Re: JAAS and ServiceMBean

          Hi,
          run into same problem here. Did you solve this problem ?

          Regards,
          Marcus

          • 2. Re: JAAS and ServiceMBean
            wolff

            Hallo,

            I have also the same problem, my ServiceMbean which uses
            the ClientLogin methode, can not access a secure EJB.
            I get the error password invalid or required, but i have the same code
            as in my sample client and he works.
            If I copy user.properties and roles.properties in my Service.jar main directory I get the error principal=null.
            It seems that the client authentification method is illegal for the Service MBean. I have Testet also some env settings for the login context, but
            no solution.
            The ServiceMBean and the EJBContainer runs both in the MBeanServer as an MBean. And theortical the ServiceMbean can use the ClientloginModule to access the Container, i have read some papers to get a solution. ( I have not found a solution ).
            I think on Jboss start the ServiceMbean is deployed, the same mechanism which enables the EJBSecurity, sets also the service security.
            And so the ClientLogin Method is unaffected, while the Login Context is set by deployment.

            I have tried to program an own MbeanService for a simple socket Protocoladaptor. I send the user,password, and jndiname of the EJB to the MbeanService. I use this parameter to access the EJB via Jaas and Jndi. Is my Adaptor an OutsideJbossClient this works, when I tried to integrate this into Jboss as ServiceMBean it works not.

            This is a simple Application, and I have read some Books ..... but i have
            no way found to call security methods in a ServiceMbean successful.

            I'm interested on some solutions on Ideas.

            cu
            stephan



            • 3. Re: JAAS and ServiceMBean
              wolff

              I have used the following code and
              tested the login sequenz with an externel ejbclient, the jaas settings
              are correct

              What i have doing wrong, is this constract legal to the JBoss
              architektur ?

              package MBeanServiceAndJaas;

              import org.jboss.system.ServiceMBean;

              public interface ServiceAdaptorMBean extends ServiceMBean{
              public void setPort(int port);
              public int getPort();
              }

              package MBeanServiceAndJaas;

              import javax.naming.InitialContext;
              import javax.security.auth.login.LoginContext;
              import javax.security.auth.login.LoginException;

              import org.jboss.security.auth.callback.UsernamePasswordHandler;
              import org.jboss.system.ServiceMBeanSupport;

              import java.net.*;

              import java.io.InputStreamReader;
              import java.io.PrintWriter;
              import java.io.BufferedReader;

              public class ServiceAdaptor extends ServiceMBeanSupport implements ServiceAdaptorMBean, Runnable {

              private boolean stopped = false;
              private int Status = 0;
              private int port = 9050;
              private ServerSocket ss = null;

              private BufferedReader socket_in = null;
              private PrintWriter socket_out = null;

              public ServiceAdaptor() {
              }

              public void run() {
              try {
              System.out.println("open socket at port " + port);
              ss = new ServerSocket(port);
              while (!stopped) {
              Socket client = ss.accept();
              System.out.println("client accepted");

              this.socket_in = new BufferedReader(new InputStreamReader(client
              .getInputStream()));

              String username = socket_in.readLine();
              System.out.println(username);
              String password = socket_in.readLine();
              System.out.println(password);

              System.setProperty("java.security.auth.login.config",
              "d:/jboss-3.2.4/client/auth.conf");

              UsernamePasswordHandler handler = new UsernamePasswordHandler(username,
              password.toCharArray());


              // static password
              //UsernamePasswordHandler handler = new UsernamePasswordHandler("username",
              // "password".toCharArray());


              LoginContext lc = new LoginContext("ServiceSecurity", handler);

              try
              {
              lc.login();
              System.out.println("login successfull");

              }
              catch(LoginException le)
              {
              System.out.println("login failed");
              le.printStackTrace();
              }



              // call ejb method
              InitialContext ctx = new InitialContext();
              Object ref = ctx.lookup("Echo");
              EchoHome home = (EchoHome) ref;
              Echo echo = home.create();
              System.out.println("echo created");
              echo.echo();

              this.socket_out = new PrintWriter(client.getOutputStream());

              socket_out.println("ok");
              socket_out.flush();

              socket_in.close();
              socket_out.close();
              client.close();
              System.out.println("client end");
              }
              ss.close();

              } catch (Exception e) {
              e.printStackTrace();
              stopped = true;
              }
              }

              protected void startService() throws Exception
              {
              System.out.println("Service started");
              Thread thread = new Thread(this);
              thread.start();
              stopped = false;
              }
              public void stopService() {
              System.out.println("Service stopped");
              stopped = true;
              }
              public void setPort(int port) {
              this.port = port;
              }
              public int getPort() {
              return port;
              }

              }

              then i connect to the service via an socket client and transmit the
              username and the password i get the following errors

              from the service :
              12:35:25,806 INFO [STDOUT] client accepted
              12:35:25,822 INFO [STDOUT] username
              12:35:25,822 INFO [STDOUT] password
              12:35:25,822 INFO [STDOUT] login failed
              12:35:25,822 INFO [STDOUT] javax.security.auth.login.FailedLoginException: Pass
              word Incorrect/Password Required
              12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsernamePasswordL
              oginModule.login(UsernamePasswordLoginModule.java:160)
              12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsersRolesLoginMo
              dule.login(UsersRolesLoginModule.java:116)
              12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(
              Native Method)
              12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(N

              and from the security interceptor :

              12:35:25,806 INFO [STDOUT] client accepted
              12:35:25,822 INFO [STDOUT] username
              12:35:25,822 INFO [STDOUT] password
              12:35:25,822 INFO [STDOUT] login failed
              12:35:25,822 INFO [STDOUT] javax.security.auth.login.FailedLoginException: Pass
              word Incorrect/Password Required
              12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsernamePasswordL
              oginModule.login(UsernamePasswordLoginModule.java:160)
              12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsersRolesLoginMo
              dule.login(UsersRolesLoginModule.java:116)
              12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(
              Native Method)
              12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(N

              please contact me if every one have a solution for this problem

              cu
              Stephan


              • 4. Re: JAAS and ServiceMBean
                wolff

                sorry wrong error from the security interceptor

                12:35:25,853 ERROR [SecurityInterceptor] Authentication exception, principal=nul
                l
                12:35:25,853 ERROR [LogInterceptor] EJBException, causedBy:
                java.lang.SecurityException: Authentication exception, principal=null
                at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
                curityInterceptor.java:165)
                at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
                tor.java:83)
                at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
                20)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
                actoryFinderInterceptor.java:93)
                at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS

                • 5. Re: JAAS and ServiceMBean
                  wolff

                  here my security settings from the ejb :

                  user.properties
                  username=password
                  roles.properties
                  username=userrole
                  ###################################
                  ejb-jar.xml
                  <?xml version="1.0"?>

                  <!DOCTYPE ejb-jar PUBLIC
                  "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN"
                  "http://java.sun.com/dtd/ejb-jar_2_0.dtd">

                  <ejb-jar>

                  <enterprise-beans>


                  <ejb-name>EchoBean</ejb-name>
                  MBeanServiceAndJaas.EchoHome
                  MBeanServiceAndJaas.Echo
                  <ejb-class> MBeanServiceAndJaas.EchoBean</ejb-class>
                  <session-type>Stateless</session-type>
                  <transaction-type>Container</transaction-type>


                  </enterprise-beans>

                  <!-- Jaas = On -->

                  <assembly-descriptor>

                  <security-role>
                  <role-name>userrole</role-name>
                  </security-role>

                  <method-permission>
                  <role-name>userrole</role-name>

                  <ejb-name>EchoBean</ejb-name>
                  <method-name>*</method-name>

                  </method-permission>
                  </assembly-descriptor>

                  <!-- Jaas = Off -->

                  <!--assembly-descriptor>

                  <security-role>

                  everyone

                  <role-name>everyone</role-name>
                  </security-role>

                  <method-permission>
                  <role-name>everyone</role-name>

                  <ejb-name>EchoBean</ejb-name>
                  <method-name>*</method-name>

                  </method-permission>

                  <container-transaction>

                  <ejb-name>EchoBean</ejb-name>
                  <method-name>*</method-name>

                  <trans-attribute>Required</trans-attribute>
                  </container-transaction>

                  </assembly-descriptor-->

                  </ejb-jar>
                  ############################################
                  jboss.xml

                  <?xml version="1.0"?>



                  <!-- Jaas = On -->
                  <security-domain>java:/jaas/ServiceSecurity</security-domain>

                  <enterprise-beans>


                  <ejb-name>EchoBean</ejb-name>
                  <jndi-name>Echo</jndi-name>


                  </enterprise-beans>


                  ##############################################
                  login-config.xml
                  <application-policy name = "ServiceSecurity">

                  <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
                  flag = "required" />
                  <!--module-option name = "principal">username</module-option-->

                  </application-policy>
                  ###############################################
                  auth.conf

                  ServiceSecurity {
                  // jBoss LoginModule
                  org.jboss.security.ClientLoginModule required

                  ;
                  //principal="username"
                  // Put your login modules that need jBoss here
                  };

                  • 6. Re: JAAS and ServiceMBean

                    Hi Wolf,

                    did you solved your problem, I've experiencing exactly the same situation

                    br