-
15. Another control group
spoonman464 Jan 7, 2005 6:02 PM (in response to davehaas)Throughout all of this research and discussion, I have decided to try to create another control in this experiment. I have been running a web app and an ejb-jar both on the same JBoss server thus all of the contact between the web app as the client and the ejb container was within the same JVM. Since the Lotus Notes client is a remote client running in a different JVM and it isn't working, I should try to ensure that I have web app client working as a remote client in a different JVM first. Maybe while getting that one setup I may come across my solution.
I also understand the role of the application-policy a whole bunch better now, too. If my theories are correct, I should be able to get the inter-JVM web app / ejb thing working easily enough. If it does work, then I can focus more on the Notes issue because it might just be something wrong in the Notes JVM.
Spoon -
16. Re: securing a remote client for a simple session bean
tcherel Jan 7, 2005 6:08 PM (in response to davehaas)
It seems that your Notes JVM is defintiely missing some classes/jar files in order to fully execute a JAAS login.
At least this is the way I understand your stack trace.
Configuring the login module between the web and ejb container is not necessrily the easiest thing to do.
I would recommend instead to write a standalone EJB client application performing the login with JBoss. Run this application under a freshly downloaded JVM (like the 1.4.2 of Sun) and see if it works.
If it does, then your Lotus Notes JVM is the problem.
Thomas -
17. It was DEFINITELY the Notes JVM
spoonman464 Jan 7, 2005 8:22 PM (in response to davehaas)as I finally got it all working. Thanks so much for your continued interest in this problem.
One problem was the JVM version that Notes uses: 1.3.1 By installing the 1.3.1 J2SEEJDK thing, I had the right version of j2ee.jar. Then I had to add a JavaUserClasses entry in the notes.ini file (that's the Notes secret for adding external files to the JVM). Once I had those things in place, the login worked.
In truth, only the JNDI approach worked as I have something wrong with the password when I use the LoginContext and a CallbackHandler. It's probably related to that password.toCharArray() thing but I'll eventually figure that one out.
So, in short, by reviewing this entire thread, you can see a collection of all of the code samples I used to make this thing work. But, now that it works, I can get back to work.
Thanks again for your continued support of my pursuit of an answer.
Spoon -
18. Re: securing a remote client for a simple session bean
spoonman464 Jan 29, 2005 12:44 PM (in response to davehaas)Complete Success!
I have gotten BOTH the JNDI login and the LoginContext way working.
Does anyone know of a way to Logout when using the JNDI way? Since the LoginContext is abstracted when going this route, I don't see a way to execute a logout() method.
Any ideas?
Spoon -
19. Re: securing a remote client for a simple session bean
starksm64 Jan 29, 2005 2:34 PM (in response to davehaas)There is no access to the underlying LoginContext created by the jndi approach and so there is no way to execute logout on it. The only logical point to introduce this behavior would be the close method on the InitialContextFactory, but this behavior does not exist today. Create a feature requet for this in jira:
http://jira.jboss.com/jira/browse/JBAS -
20. Re: securing a remote client for a simple session bean
aviananta Jan 31, 2005 11:41 PM (in response to davehaas)Hi davehaas,
As I can see from the stackTrace, your principalRoles=null. Try to add CallerPrincipal to roles.properties file, see if it works. Your roles.properties file may like this:
# org.jboss.security.auth.spi.UsersRolesLoginModule username to roles mapping
david=tester
david.CallerPrincipal=caller_david
Thanks,
Agam