-
1. Re: adaptor/service access a secure ejb
starksm64 Aug 28, 2004 12:40 AM (in response to wolff)Any component in the ejb server trying to access a secured ejb has to use the same procedure for establishing the security context of the call just as an external client does. Read the JAAS Howto in the forum and look at the unsecured servlet example which calls a secured ejb.
-
2. Re: adaptor/service access a secure ejb
wolff Aug 31, 2004 10:23 AM (in response to wolff)Hallo Scott Stark,
thanks for your reply, if have read the faq, but this solves not my problem. I think i have problem in under standing.
I have tested some sample code in the following steps.
( I used eclipse with jboss-3.2.4 my package is )
1. I haved establish a security domain in file jboss-login.xml
<application-policy name = "ServiceSecurity">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
2. I have deployed the EchoBean from the Book
(my echo method has no arg and print out the echo if the method would be called)
if have deployed user.propperties and roles.properties with the
username=password and username=userrole
and in the meta-inf directory i have edit the files jboss.xml and ejb-jar.xml with the entry
<security-domain>java:/jaas/ServiceSecurity</security-domain>
3. I have edit the auth.conf in the client directory
ServiceSecurity {
org.jboss.security.ClientLoginModule required;
};
4. I have written an example client to call the secured method echo.
this client works i have test it with correct and incorrect password etc.package ServiceSecurity; import java.rmi.RemoteException; import javax.ejb.CreateException; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import org.jboss.security.auth.callback.UsernamePasswordHandler; public class TestClientAccess { public static void main(String[] args) throws RemoteException, CreateException, LoginException, NamingException { System.out.println("testclient started"); System.setProperty("java.security.auth.login.config", "d:/jboss-3.2.4/client/auth.conf"); UsernamePasswordHandler handler = new UsernamePasswordHandler("username",new String("password").toCharArray()); LoginContext lc = new LoginContext("ServiceSecurity", handler); try { lc.login();System.out.println("login successfull");} catch(LoginException le){ System.out.println("login failed"); le.printStackTrace(); } // call ejb method InitialContext ctx = new InitialContext(); Object ref = ctx.lookup("Echo"); EchoHome home = (EchoHome) ref; Echo echo = home.create(); System.out.println("echo created"); echo.echo(); System.out.println("testclient end"); } }
This client works ....
5. Now I have written my own Service Adaptor and deploy them in Jboss.
The Service Adaptor listen on a socket for incomming transmission. The contents of the transmission is a username and the password for the login
context of the EchoBean.import javax.naming.InitialContext; import javax.security.auth.login.LoginContext; import javax.security.auth.login.LoginException; import org.jboss.security.auth.callback.UsernamePasswordHandler; import org.jboss.system.ServiceMBeanSupport; import java.net.*; import java.io.InputStreamReader; import java.io.PrintWriter; import java.io.BufferedReader; import ServiceSecurity.Echo; import ServiceSecurity.EchoHome; public class ServiceAdaptor extends ServiceMBeanSupport implements ServiceAdaptorMBean, Runnable { private boolean stopped = false; private int Status = 0; private int port = 9050; private ServerSocket ss = null; private BufferedReader socket_in = null; private PrintWriter socket_out = null; public ServiceAdaptor() { } public void run() { try { System.out.println("open socket at port " + port); ss = new ServerSocket(port); while (!stopped) { Socket client = ss.accept(); System.out.println("client accepted"); this.socket_in = new BufferedReader(new InputStreamReader(client .getInputStream())); String username = socket_in.readLine(); System.out.println(username); String password = socket_in.readLine(); System.out.println(password); UsernamePasswordHandler handler = new UsernamePasswordHandler(username,password.toCharArray()); System.setProperty("java.security.auth.login.config", "d:/jboss-3.2.4/client/auth.conf"); LoginContext lc = new LoginContext("ServiceSecurity", handler); try { lc.login(); System.out.println("login successfull"); } catch(LoginException le) { System.out.println("login failed"); le.printStackTrace(); } // call ejb method InitialContext ctx = new InitialContext(); Object ref = ctx.lookup("Echo"); EchoHome home = (EchoHome) ref; Echo echo = home.create(); System.out.println("echo created"); echo.echo(); this.socket_out = new PrintWriter(client.getOutputStream()); socket_out.println("ok"); socket_out.flush(); socket_in.close(); socket_out.close(); client.close(); System.out.println("client end"); } ss.close(); } catch (Exception e) { e.printStackTrace(); stopped = true; } } protected void startService() throws Exception { System.out.println("Service started"); Thread thread = new Thread(this); thread.start(); stopped = false; } public void stopService() { System.out.println("Service stopped"); stopped = true; } public void setPort(int port) { this.port = port; } public int getPort() { return port; } }
I have also probed this, with a hardcoded username and password.
It is the same code as in the client program (part 3).
But now I get the error password incorrect or required from the security
interceptor, and login failed from my adaptor.
What is going wrong ...
I have also tested the declarative solution and deployed the roles.prperties and user.properties in the service directory, but the
comes the error. authentification error principal=null.
When I disable the security in the echobean all is working fine.
Can you say me what i doing wrong with the serviceadaptor ...
I could also send you my Project is small and the deployment goes quick.
Oh god i'm a noob ... i hate it, then things are not to solve.
Goodbye
Stephan