4 Replies Latest reply on Apr 4, 2006 7:49 AM by pimpf

    EJB Client does not provide SECURITY_PRINCIPAL correctly

    pimpf

      Hullo there,
      It is obviuos for me that I'm missing something while I'm trying to make a secure invoke of EJB method but I can't see where exacly is the problem.

      Here is how a client call EJB method:
      Hashtable<String,String> props = new Hashtable<String,String>();

      props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");

      props.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");

      props.put(Context.PROVIDER_URL, "jnp://localhost:1099");

      props.put(Context.SECURITY_PRINCIPAL, "pimpf");

      props.put(Context.SECURITY_CREDENTIALS, "passwd");

      return new InitialContext(props);

      }


      /**

      * Get the home interface

      */

      protected SessionEJB getHome() throws Exception {

      Context ctx = this.getInitialContext();

      return (SessionEJB)ctx.lookup("pimpf-test/SessionEJB/remote");
      }

      I have very simple LoginModule which extends AbstractServerLoginModule, but in method initialize:

      public void initialize(Subject subject, CallbackHandler callbackHandler,
      Map sharedState, Map options)
      {
      super.initialize(subject, callbackHandler, sharedState, options);

      log.trace("Principals are: "+subject.getPrincipals());

      what the log file says is:
      Principals are: []

      Can anyone tell me what I'm missing on the client side, because the module is called, but somehow it decides that the caller is anonymous?

        • 1. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
          asylumx

          I am having a similar problem -- My client sets the properties almost identically to what you have shown but for some reason once I'm in the EJB tier, Jboss is telling my session bean that the anonymous "guest" user is signed in ( context.getCallerPrincipal() ).

          I've been scouring the web all morning looking for a solution and I can't figure out what I'm missing.

          Here is my setup for the JNDI Context:

           public Context getJNDIContext() throws NamingException {
           Hashtable<String, String> h = new Hashtable<String, String>();
           h.put(Context.INITIAL_CONTEXT_FACTORY, GIMGlobalConstants.INITIAL_CONTEXT_FACTORY);
           h.put(Context.PROVIDER_URL, url);
           if (principalName != null)
           h.put(Context.SECURITY_PRINCIPAL, principalName);
           if (principalPassword != null)
           h.put(Context.SECURITY_CREDENTIALS, principalPassword);
           h.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
           System.out.println("user: " + principalName + " && pass: " + principalPassword);
           return new InitialContext(h);
           }
          


          I believe the solution to my problem will be nearly identical to the solution to the originator's problem, so hopefully this will also bump the thread to get visibility to someone who has some answers!

          • 2. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
            starksm64
            • 3. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
              asylumx

              Thank you, the FAQ has solved my problem I appreciate the time you've given me!

              • 4. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
                pimpf

                That also worked for me. Almost

                Now what I recieved is something very odd:

                13:39:59,755 INFO [STDOUT] DatabaseServerLoginModule, dsJndiName=java:/PimpfOracleDS
                13:39:59,756 INFO [STDOUT] principalsQuery=select passphrase from users where username = ?
                13:39:59,756 INFO [STDOUT] rolesQuery=SELECT ROLENAME, 'ROLES' FROM ROLES WHERE ROLEID = (SELECT ROLEID FROM USERS WHERE USERNAME = ?)
                13:39:59,922 INFO [STDOUT] Going to get roles for user pimpf
                13:39:59,927 INFO [STDOUT] Assign user to role user
                13:39:59,965 ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=pimpf, requiredRoles=[user], principalRoles=null


                Obviously it takes user passphrase and rolename correctly. It tries to assign user to rolename 'user' and then it says: principalRoles = null?

                Here is the result of the rolesQuery:
                SELECT ROLENAME, 'ROLES' FROM ROLES WHERE ROLEID = (SELECT ROLEID FROM USERS WHERE USERNAME = 'pimpf')

                ROLENAME ROLES
                ----------- --------
                user ROLES


                Any ideas?! Please help