-
1. Re: web-tier to intialcontext remote ejb3 call
dhartford Feb 24, 2006 10:22 AM (in response to dhartford)I'm stretching here, but could this be related to http://jira.jboss.com/jira/browse/JBAS-2311 ?
-
2. Re: web-tier to intialcontext remote ejb3 call
dhartford Feb 24, 2006 11:38 AM (in response to dhartford)I found references to using the clientLoginModule in 'multi-threaded' mode, so added those configurations to the webapp jboss server:
<login-module code="org.jboss.security.ClientLoginModule" flag="required"> <module-option name="multi-threaded">true</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module>
I also enabled security debugging, and here is the error:11:26:00,012 ERROR [STDERR] java.lang.NullPointerException 11:26:00,012 ERROR [STDERR] at org.jboss.security.jndi.JndiLoginInitialContextFactory.getInitialContext(JndiLoginInitialContextFacto ry.java:75) 11:26:00,012 ERROR [STDERR] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) 11:26:00,012 ERROR [STDERR] at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) 11:26:00,012 ERROR [STDERR] at javax.naming.InitialContext.init(InitialContext.java:223) 11:26:00,012 ERROR [STDERR] at javax.naming.InitialContext.<init>(InitialContext.java:197) 11:26:00,012 ERROR [STDERR] at com.ghsinc.web.roleeditor.SessionBean01.getAuthorizationManager(Unknown Source) 11:26:00,012 ERROR [STDERR] at com.ghsinc.web.roleeditor.GeneralBackingBean.<init>(Unknown Source) 11:26:00,012 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 11:26:00,012 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) 11:26:00,012 ERROR [STDERR] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) 11:26:00,012 ERROR [STDERR] at java.lang.reflect.Constructor.newInstance(Constructor.java:494) 11:26:00,012 ERROR [STDERR] at java.lang.Class.newInstance0(Class.java:350) 11:26:00,012 ERROR [STDERR] at java.lang.Class.newInstance(Class.java:303) 11:26:00,012 ERROR [STDERR] at java.beans.Beans.instantiate(Beans.java:204) 11:26:00,012 ERROR [STDERR] at java.beans.Beans.instantiate(Beans.java:48) 11:26:00,012 ERROR [STDERR] at com.sun.faces.config.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:203) 11:26:00,012 ERROR [STDERR] at com.sun.faces.application.ApplicationAssociate.createAndMaybeStoreManagedBeans(ApplicationAssociate.j ava:256) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.VariableResolverImpl.resolveVariable(VariableResolverImpl.java:78) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.impl.NamedValue.evaluate(NamedValue.java:125) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.impl.ComplexValue.evaluate(ComplexValue.java:146) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.impl.ExpressionEvaluatorImpl.evaluate(ExpressionEvaluatorImpl.java:243) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:173) 11:26:00,012 ERROR [STDERR] at com.sun.faces.el.ValueBindingImpl.getValue(ValueBindingImpl.java:154) 11:26:00,012 ERROR [STDERR] at com.sun.faces.application.ApplicationImpl.createComponent(ApplicationImpl.java:386) 11:26:00,012 ERROR [STDERR] at javax.faces.webapp.UIComponentTag.createComponent(UIComponentTag.java:1009) 11:26:00,012 ERROR [STDERR] at javax.faces.webapp.UIComponentTag.createChild(UIComponentTag.java:1036) 11:26:00,012 ERROR [STDERR] at javax.faces.webapp.UIComponentTag.findComponent(UIComponentTag.java:749) 11:26:00,012 ERROR [STDERR] at javax.faces.webapp.UIComponentTag.doStartTag(UIComponentTag.java:429) 11:26:00,012 ERROR [STDERR] at com.sun.faces.taglib.html_basic.InputTextTag.doStartTag(InputTextTag.java:506) 11:26:00,012 ERROR [STDERR] at org.apache.jsp.main_jsp._jspx_meth_h_inputText_0(org.apache.jsp.main_jsp:251) 11:26:00,012 ERROR [STDERR] at org.apache.jsp.main_jsp._jspx_meth_h_form_0(org.apache.jsp.main_jsp:193) 11:26:00,012 ERROR [STDERR] at org.apache.jsp.main_jsp._jspx_meth_f_view_0(org.apache.jsp.main_jsp:145) 11:26:00,012 ERROR [STDERR] at org.apache.jsp.main_jsp._jspService(org.apache.jsp.main_jsp:108) 11:26:00,012 ERROR [STDERR] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) 11:26:00,012 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 11:26:00,012 ERROR [STDERR] at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322) 11:26:00,012 ERROR [STDERR] at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) 11:26:00,012 ERROR [STDERR] at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) 11:26:00,012 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) 11:26:00,027 ERROR [STDERR] at com.sun.faces.context.ExternalContextImpl.dispatch(ExternalContextImpl.java:322) 11:26:00,027 ERROR [STDERR] at com.sun.faces.application.ViewHandlerImpl.renderView(ViewHandlerImpl.java:130) 11:26:00,027 ERROR [STDERR] at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:87) 11:26:00,027 ERROR [STDERR] at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200) 11:26:00,027 ERROR [STDERR] at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:117) 11:26:00,027 ERROR [STDERR] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:198) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:672) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:463) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:398) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:301) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.runtime.PageContextImpl.doForward(PageContextImpl.java:693) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.runtime.PageContextImpl.forward(PageContextImpl.java:660) 11:26:00,027 ERROR [STDERR] at org.apache.jsp.index_jsp._jspService(org.apache.jsp.index_jsp:48) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:97) 11:26:00,027 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:322) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:314) 11:26:00,027 ERROR [STDERR] at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:264) 11:26:00,027 ERROR [STDERR] at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:00,027 ERROR [STDERR] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 11:26:00,027 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) 11:26:00,027 ERROR [STDERR] at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:54) 11:26:00,043 ERROR [STDERR] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:174) 11:26:00,043 ERROR [STDERR] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:514) 11:26:00,043 ERROR [STDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) 11:26:00,043 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) 11:26:00,043 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) 11:26:00,043 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) 11:26:00,043 ERROR [STDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) 11:26:00,043 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868) 11:26:00,043 ERROR [STDERR] at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProto col.java:663) 11:26:00,043 ERROR [STDERR] at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) 11:26:00,043 ERROR [STDERR] at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) 11:26:00,043 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595) 11:26:26,350 ERROR [STDERR] java.lang.NullPointerException 11:26:26,350 ERROR [STDERR] at org.jboss.security.jndi.JndiLoginInitialContextFactory.getInitialContext(JndiLoginInitialContextFacto ry.java:75) 11:26:26,350 ERROR [STDERR] at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667) 11:26:26,350 ERROR [STDERR] at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247) 11:26:26,350 ERROR [STDERR] at javax.naming.InitialContext.init(InitialContext.java:223) 11:26:26,350 ERROR [STDERR] at javax.naming.InitialContext.<init>(InitialContext.java:197) 11:26:26,350 ERROR [STDERR] at com.ghsinc.web.roleeditor.SessionBean01.getAuthorizationManager(Unknown Source) 11:26:26,350 ERROR [STDERR] at com.ghsinc.web.roleeditor.GeneralBackingBean.<init>(Unknown Source) 11:26:26,350 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) 11:26:26,350 ERROR [STDERR] at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) 11:26:26,350 ERROR [STDERR] at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) 11:26:26,350 ERROR [STDERR] at java.lang.reflect.Constructor.newInstance(Constructor.java:494) 11:26:26,350 ERROR [STDERR] at java.lang.Class.newInstance0(Class.java:350) 11:26:26,350 ERROR [STDERR] at java.lang.Class.newInstance(Class.java:303) 11:26:26,350 ERROR [STDERR] at java.beans.Beans.instantiate(Beans.java:204) 11:26:26,350 ERROR [STDERR] at java.beans.Beans.instantiate(Beans.java:48) 11:26:26,350 ERROR [STDERR] at com.sun.faces.config.ManagedBeanFactory.newInstance(ManagedBeanFactory.java:203) 11:26:26,350 ERROR [STDERR] at com.sun.faces.application.ApplicationAssociate.createAndMaybeStoreManagedBeans(ApplicationAssociate.j ava:256) 11:26:26,350 ERROR [STDERR] at com.sun.faces.el.VariableResolverImpl.resolveVariable(VariableResolverImpl.java:78) 11:26:26,350 ERROR [STDERR] at com.sun.faces.el.impl.NamedValue.evaluate(NamedValue.java:125) 11:26:26,350 ERROR [STDERR] at com.sun.faces.el.impl.ComplexValue.setValue(ComplexValue.java:160) 11:26:26,350 ERROR [STDERR] at com.sun.faces.el.ValueBindingImpl.setValue(ValueBindingImpl.java:234) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.RestoreViewPhase.doPerComponentActions(RestoreViewPhase.java:196) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.RestoreViewPhase.doPerComponentActions(RestoreViewPhase.java:189) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.RestoreViewPhase.doPerComponentActions(RestoreViewPhase.java:189) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.RestoreViewPhase.execute(RestoreViewPhase.java:175) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200) 11:26:26,350 ERROR [STDERR] at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90) 11:26:26,350 ERROR [STDERR] at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:26,350 ERROR [STDERR] at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178) 11:26:26,350 ERROR [STDERR] at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:54) 11:26:26,350 ERROR [STDERR] at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:174) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:514) 11:26:26,350 ERROR [STDERR] at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) 11:26:26,350 ERROR [STDERR] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) 11:26:26,350 ERROR [STDERR] at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868) 11:26:26,350 ERROR [STDERR] at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProto col.java:663) 11:26:26,350 ERROR [STDERR] at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) 11:26:26,350 ERROR [STDERR] at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) 11:26:26,350 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595)
Even with the ClientLoginModule changes, the SecurityAssociation still returns nulls and the JndiInitialContext still does not work for making the remote ejb3 call when I have Principal/Credential properties commented out. -
3. Re: web-tier to intialcontext remote ejb3 call
starksm64 Feb 24, 2006 3:51 PM (in response to dhartford)There is no principal in the InitialContextFactory environment properties under the Context.SECURITY_PRINCIPAL for this NPE to occur.
-
4. Re: web-tier to intialcontext remote ejb3 call
dhartford Feb 27, 2006 8:44 AM (in response to dhartford)"scott.stark@jboss.org" wrote:
There is no principal in the InitialContextFactory environment properties under the Context.SECURITY_PRINCIPAL for this NPE to occur.
Well, yes, that's kind of my point for this thread. I want to use already logged-in credentials from the web-tier. As such, I don't want to manually pass credentials so I commented out the credentials:Properties env = new Properties(); //env.setProperty(Context.SECURITY_PRINCIPAL, "username"); // env.setProperty(Context.SECURITY_CREDENTIALS, "password"); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); InitialContext ctx = new InitialContext(env); MyClass mc = (MyClass)ctx.lookup("MyClassBean/remote");
If I tried to work around this be explicitly setting the environment properties usingSecurityAssociation.getPrincial/getCredential
both of those are null even though my webapp requires login and correctly behaves based on those logins. From the web/JSF standpoint, getExternalContext.getRemoteUser() works fine but the integration point (SecurityAssocation) does not. I'm using the ClientLoginModule, where I thought the intent was that by using the JndiLoginInitialContextFactory it would be passed-through.
I've seen discussions about using a Tomcat Valve for a fix, requiring a Callbackhandler for a fix, something about the JAAS only working on the current thread and not the session and related workarounds, etc. Any recommendations for a 'clean' fix that shouldn't break on me later?
jboss-4.0.4RC1 on both ejb3 and webapp servers. -
5. Re: web-tier to intialcontext remote ejb3 call
starksm64 Feb 27, 2006 1:44 PM (in response to dhartford)If this is the tomcat embedded in jboss there should be no need to use the ClientLoginModule to pickup the web container login as there already is a SecurityAssociationValve in the configuration for this. It its not working its a bug in the ejb3 layer. If your not using the RC5 release, do so or check the outstanding jira issues.
http://jira.jboss.com/jira/browse/EJBTHREE -
6. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 6, 2006 1:44 PM (in response to dhartford)When the SecurityAssocation on the webtier is NULL, this is an EJB problem?
-
7. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 6, 2006 4:16 PM (in response to dhartford)JSF Session Bean:
public void securityCheck(){ try { //This is null System.out.println("Principal: " + SecurityAssociation.getPrincipal()); //This is null System.out.println("Credential: " + SecurityAssociation.getCredential()); //This is correct for ALL use cases System.out.println("Remote User: " + this.getContext().getExternalContext().getRemoteUser()); Properties env = new Properties(); env.setProperty("java.naming.provider.url","jnp://10.0.0.135:1099"); //when I use my username/password manually, this works fine // even when called in the JSF/Session bean. When commented // out for JAAS use, this doesnt work. //env.setProperty(Context.SECURITY_PRINCIPAL, manualusername); //env.setProperty(Context.SECURITY_CREDENTIALS, manualpassword); env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); InitialContext ctx = new InitialContext(env); SecTest st = (SecTest )ctx.lookup("SecTestBean/remote"); //make a secure EJB3 call //Again, works with correct manual username/password. //Behaves properly with incorrect manual username/password. //fails completely when trying to use JAAS as SecurityAssociation is null System.out.println(aM.hello()); } catch(Exception e) { e.printStackTrace(); } }
And, just for verification:
jboss-web.xml:<jboss-web> <security-domain>java:/jaas/testRealm</security-domain> </jboss-web>
web.xml.... <security-constraint> <web-resource-collection> <web-resource-name>Required Only</web-resource-name> <description>Required Only</description> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Define who can access this url-pattern</description> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Please log in</realm-name> </login-config> <!-- this is a known and proven role in the JAAS modules for our test user --> <security-role> <role-name>developers</role-name> </security-role>
-
8. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 6, 2006 4:17 PM (in response to dhartford)correction to above post (trying to de-sensitize):
System.out.println(aM.hello());
should be
System.out.println(st.hello()); -
9. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 6, 2006 4:20 PM (in response to dhartford)and, yes, I'm using 4.0.4RC1 binary drop which, according to the notes, uses EJB3 RC5.
-
10. Re: web-tier to intialcontext remote ejb3 call
starksm64 Mar 12, 2006 1:14 PM (in response to dhartford)The JndiLoginInitialContextFactory cannot be used if you want transparent propagation of the web container caller.
-
11. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 15, 2006 8:23 AM (in response to dhartford)Forgive my ignorance, but what is the recommended approach for transparent propagation of Security credentials from the web tier to a remote ejb3 call?
-
12. Re: web-tier to intialcontext remote ejb3 call
starksm64 Mar 15, 2006 10:33 PM (in response to dhartford)To use the embedded tomcat configuration which include sthe SecurityAssocitionValve to do this. There is a mention of a lack of credentials in one post. If there is not security context (a web page that is not secured), there will be nothing to propagate.
-
13. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 16, 2006 8:17 AM (in response to dhartford)"scott.stark@jboss.org" wrote:
To use the embedded tomcat configuration which include sthe SecurityAssocitionValve to do this. There is a mention of a lack of credentials in one post. If there is not security context (a web page that is not secured), there will be nothing to propagate.
Did I find a bug then? I am using 4.0.4RC1 binary with the embedded tomcat and I am still having issues. You mentioned NOT using the JndiInitialContext, is this still true?
As for web page secured:"dhartford" wrote:
web.xml.... <security-constraint> <web-resource-collection> <web-resource-name>Required Only</web-resource-name> <description>Required Only</description> <url-pattern>/*</url-pattern> <http-method>POST</http-method> <http-method>GET</http-method> </web-resource-collection> <auth-constraint> <description>Define who can access this url-pattern</description> <role-name>*</role-name> </auth-constraint> <user-data-constraint> <transport-guarantee>NONE</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>Please log in</realm-name> </login-config> <!-- this is a known and proven role in the JAAS modules for our test user --> <security-role> <role-name>developers</role-name> </security-role>
-
14. Re: web-tier to intialcontext remote ejb3 call
dhartford Mar 16, 2006 8:23 AM (in response to dhartford)To more clearly restate the problem:
* A EJB application server runs EJB beans with secured, RMI access. This is tested and works fine with client-side code. This client-side code works correctly remotely from the web application server.
* A web application server runs a web application that is also secured. Logins work correctly, denying when not logging in correctly. The credential/principal is visible from externalcontext.getRemoteUser(). A initial context lookup of a remote EJB bean with manually specified principal/credentials works fine.
I can not get the web application server, running jboss 4.0.4rc1 w/ embedded tomcat, to propagate the security principal/credentials from the web login (that are visible from externalcontext.getRemoteUser()) to a InitialContext lookup of a remote, secured EJB bean.