403sp1, problem with AuthorizationInterceptor for InvokerAda
andiwauss Jan 5, 2006 12:12 PMHello,
I am trying to secure the Invoker Service in jmx-invoker-service.xml.
The AuthenticationInterceptor works fine, but I like to have authorization as well - the hard coded role "JBossAdmin" is OK for now.
I tried (that´s what I found)
<interceptors> <interceptor code="org.jboss.jmx.connector.invoker.AuthenticationInterceptor" securityDomain="java:/jaas/jmx-console"/> <interceptor code="org.jboss.jmx.connector.invoker.AuthorizationInterceptor" authorizingClass="org.jboss.jmx.connector.invoker.RolesAuthorization"/> securityDomain="java:/jaas/jmx-console" </interceptors>
..but it says
17:54:11,102 WARN [BasicMBeanRegistry] MBeanException: preRegister() failed: [ObjectName='jboss.jmx:name=Invoker,type=adaptor', Class=org.jboss.jmx.connector.invoker.InvokerAdaptorService (org.jboss.jmx.connector.invoker.InvokerAdaptorService@6f7ca220)] Cause: java.beans.IntrospectionException: No PropertyDescriptor for attribute:securityDomain 17:54:11,122 INFO [InvokerAdaptorService] Registration is not done -> stop 17:54:11,142 ERROR [MainDeployer] Could not create deployment: file:/C:/JBoss/server/default/deploy/jmx-invoker-service.xml org.jboss.deployment.DeploymentException: - nested throwable: (java.lang.reflect.InvocationTargetException) at org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:178) at org.jboss.system.ServiceController.install(ServiceController.java:215) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
When I remove the securityDomain attribute, the deployment works - but not the interceptor
twiddle --server=localhost:1199 --user=user --password=pw serverinfo -c
brings
17:32:49,919 ERROR [Twiddle] Exec failed java.lang.ArrayIndexOutOfBoundsException: 0 at org.jboss.jmx.connector.invoker.AuthorizationInterceptor.invoke(AuthorizationInterceptor.java:91) at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:87) at org.jboss.mx.server.Invocation.invoke(Invocation.java:74) at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644) at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:164) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
which happens here
76 */ 77 public Object invoke(Invocation invocation) throws Throwable 78 { 79 String type = invocation.getType(); 80 if (type == Invocation.OP_INVOKE) 81 { 82 String opName = invocation.getName(); 83 if (opName.equals("invoke")) 84 { 85 Object[] args = invocation.getArgs(); 86 org.jboss.invocation.Invocation inv = (org.jboss.invocation.Invocation) args[0]; 87 // Authenticate the caller based on the security association 88 Principal caller = inv.getPrincipal(); 89 //Get the Method Name 90 Object[] obj = inv.getArguments(); 91 ObjectName objname = (ObjectName) obj[0]; 92 String opname = (String) obj[1];
I searched all over Wiki and Forum but did not find a solution.
What am I doing wrong / what´s missing in the invocation / how can I achieve authorization?
Thanks in advance and best regards,
Andreas