-
1. Re: JAAS and ServiceMBean
marcusmiss Sep 24, 2004 3:35 AM (in response to marquier)Hi,
run into same problem here. Did you solve this problem ?
Regards,
Marcus -
2. Re: JAAS and ServiceMBean
wolff Sep 27, 2004 5:39 AM (in response to marquier)Hallo,
I have also the same problem, my ServiceMbean which uses
the ClientLogin methode, can not access a secure EJB.
I get the error password invalid or required, but i have the same code
as in my sample client and he works.
If I copy user.properties and roles.properties in my Service.jar main directory I get the error principal=null.
It seems that the client authentification method is illegal for the Service MBean. I have Testet also some env settings for the login context, but
no solution.
The ServiceMBean and the EJBContainer runs both in the MBeanServer as an MBean. And theortical the ServiceMbean can use the ClientloginModule to access the Container, i have read some papers to get a solution. ( I have not found a solution ).
I think on Jboss start the ServiceMbean is deployed, the same mechanism which enables the EJBSecurity, sets also the service security.
And so the ClientLogin Method is unaffected, while the Login Context is set by deployment.
I have tried to program an own MbeanService for a simple socket Protocoladaptor. I send the user,password, and jndiname of the EJB to the MbeanService. I use this parameter to access the EJB via Jaas and Jndi. Is my Adaptor an OutsideJbossClient this works, when I tried to integrate this into Jboss as ServiceMBean it works not.
This is a simple Application, and I have read some Books ..... but i have
no way found to call security methods in a ServiceMbean successful.
I'm interested on some solutions on Ideas.
cu
stephan -
3. Re: JAAS and ServiceMBean
wolff Sep 28, 2004 6:39 AM (in response to marquier)I have used the following code and
tested the login sequenz with an externel ejbclient, the jaas settings
are correct
What i have doing wrong, is this constract legal to the JBoss
architektur ?
package MBeanServiceAndJaas;
import org.jboss.system.ServiceMBean;
public interface ServiceAdaptorMBean extends ServiceMBean{
public void setPort(int port);
public int getPort();
}
package MBeanServiceAndJaas;
import javax.naming.InitialContext;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import org.jboss.security.auth.callback.UsernamePasswordHandler;
import org.jboss.system.ServiceMBeanSupport;
import java.net.*;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.io.BufferedReader;
public class ServiceAdaptor extends ServiceMBeanSupport implements ServiceAdaptorMBean, Runnable {
private boolean stopped = false;
private int Status = 0;
private int port = 9050;
private ServerSocket ss = null;
private BufferedReader socket_in = null;
private PrintWriter socket_out = null;
public ServiceAdaptor() {
}
public void run() {
try {
System.out.println("open socket at port " + port);
ss = new ServerSocket(port);
while (!stopped) {
Socket client = ss.accept();
System.out.println("client accepted");
this.socket_in = new BufferedReader(new InputStreamReader(client
.getInputStream()));
String username = socket_in.readLine();
System.out.println(username);
String password = socket_in.readLine();
System.out.println(password);
System.setProperty("java.security.auth.login.config",
"d:/jboss-3.2.4/client/auth.conf");
UsernamePasswordHandler handler = new UsernamePasswordHandler(username,
password.toCharArray());
// static password
//UsernamePasswordHandler handler = new UsernamePasswordHandler("username",
// "password".toCharArray());
LoginContext lc = new LoginContext("ServiceSecurity", handler);
try
{
lc.login();
System.out.println("login successfull");
}
catch(LoginException le)
{
System.out.println("login failed");
le.printStackTrace();
}
// call ejb method
InitialContext ctx = new InitialContext();
Object ref = ctx.lookup("Echo");
EchoHome home = (EchoHome) ref;
Echo echo = home.create();
System.out.println("echo created");
echo.echo();
this.socket_out = new PrintWriter(client.getOutputStream());
socket_out.println("ok");
socket_out.flush();
socket_in.close();
socket_out.close();
client.close();
System.out.println("client end");
}
ss.close();
} catch (Exception e) {
e.printStackTrace();
stopped = true;
}
}
protected void startService() throws Exception
{
System.out.println("Service started");
Thread thread = new Thread(this);
thread.start();
stopped = false;
}
public void stopService() {
System.out.println("Service stopped");
stopped = true;
}
public void setPort(int port) {
this.port = port;
}
public int getPort() {
return port;
}
}
then i connect to the service via an socket client and transmit the
username and the password i get the following errors
from the service :
12:35:25,806 INFO [STDOUT] client accepted
12:35:25,822 INFO [STDOUT] username
12:35:25,822 INFO [STDOUT] password
12:35:25,822 INFO [STDOUT] login failed
12:35:25,822 INFO [STDOUT] javax.security.auth.login.FailedLoginException: Pass
word Incorrect/Password Required
12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsernamePasswordL
oginModule.login(UsernamePasswordLoginModule.java:160)
12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsersRolesLoginMo
dule.login(UsersRolesLoginModule.java:116)
12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(N
and from the security interceptor :
12:35:25,806 INFO [STDOUT] client accepted
12:35:25,822 INFO [STDOUT] username
12:35:25,822 INFO [STDOUT] password
12:35:25,822 INFO [STDOUT] login failed
12:35:25,822 INFO [STDOUT] javax.security.auth.login.FailedLoginException: Pass
word Incorrect/Password Required
12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsernamePasswordL
oginModule.login(UsernamePasswordLoginModule.java:160)
12:35:25,837 INFO [STDOUT] at org.jboss.security.auth.spi.UsersRolesLoginMo
dule.login(UsersRolesLoginModule.java:116)
12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
12:35:25,837 INFO [STDOUT] at sun.reflect.NativeMethodAccessorImpl.invoke(N
please contact me if every one have a solution for this problem
cu
Stephan -
4. Re: JAAS and ServiceMBean
wolff Sep 28, 2004 6:40 AM (in response to marquier)sorry wrong error from the security interceptor
12:35:25,853 ERROR [SecurityInterceptor] Authentication exception, principal=nul
l
12:35:25,853 ERROR [LogInterceptor] EJBException, causedBy:
java.lang.SecurityException: Authentication exception, principal=null
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
curityInterceptor.java:165)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
tor.java:83)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
20)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
actoryFinderInterceptor.java:93)
at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS -
5. Re: JAAS and ServiceMBean
wolff Sep 28, 2004 6:45 AM (in response to marquier)here my security settings from the ejb :
user.properties
username=password
roles.properties
username=userrole
###################################
ejb-jar.xml
<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC
"-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN"
"http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<ejb-name>EchoBean</ejb-name>
MBeanServiceAndJaas.EchoHome
MBeanServiceAndJaas.Echo
<ejb-class> MBeanServiceAndJaas.EchoBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</enterprise-beans>
<!-- Jaas = On -->
<assembly-descriptor>
<security-role>
<role-name>userrole</role-name>
</security-role>
<method-permission>
<role-name>userrole</role-name>
<ejb-name>EchoBean</ejb-name>
<method-name>*</method-name>
</method-permission>
</assembly-descriptor>
<!-- Jaas = Off -->
<!--assembly-descriptor>
<security-role>
everyone
<role-name>everyone</role-name>
</security-role>
<method-permission>
<role-name>everyone</role-name>
<ejb-name>EchoBean</ejb-name>
<method-name>*</method-name>
</method-permission>
<container-transaction>
<ejb-name>EchoBean</ejb-name>
<method-name>*</method-name>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor-->
</ejb-jar>
############################################
jboss.xml
<?xml version="1.0"?>
<!-- Jaas = On -->
<security-domain>java:/jaas/ServiceSecurity</security-domain>
<enterprise-beans>
<ejb-name>EchoBean</ejb-name>
<jndi-name>Echo</jndi-name>
</enterprise-beans>
##############################################
login-config.xml
<application-policy name = "ServiceSecurity">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
<!--module-option name = "principal">username</module-option-->
</application-policy>
###############################################
auth.conf
ServiceSecurity {
// jBoss LoginModule
org.jboss.security.ClientLoginModule required
;
//principal="username"
// Put your login modules that need jBoss here
}; -
6. Re: JAAS and ServiceMBean
jangeysen Mar 3, 2006 12:43 PM (in response to marquier)Hi Wolf,
did you solved your problem, I've experiencing exactly the same situation
br