Can't get access right from Java Client
jmcollin92 Sep 23, 2006 5:01 AMI'm sorry to ask this question another time but I read all documentation and FAQ and I can't get my java client access to my EJB.
I'm on this pb for 3 days, and I had to make it works.
Thank's for your help.
Environnemt : Jboss4.0.1.SP1 and I try with 4.0.4.GA without success.
Here are some piece of code :
In the client :
System.setProperty("java.security.auth.login.config", "file://path/to/auth.conf"); Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.security.jndi.LoginInitialContextFactory"); env.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces"); env.put(Context.PROVIDER_URL, "jnp://localhost:1099"); env.put(Context.SECURITY_CREDENTIALS,"root"); env.put(Context.SECURITY_PRINCIPAL,"root"); env.put(Context.SECURITY_PROTOCOL,"CPIProject"); javax.naming.InitialContext initialContext = new javax.naming.InitialContext(env); Object objRef = initialContext.lookup(jndiName); MyHome home = javax.rmi.PortableRemoteObject.narrow(objRef, MyHome.class); /* It's fails at the next line !! */ MyBean bean = home.create(); ...
The auth.conf is :
CPIProject { org.jboss.security.ClientLoginModule required password-stacking="useFirstPass" ; };
The login-config.xml is :
<application-policy name="CPIProject"> <authentication> <login-module code="org.jboss.security.ClientLoginModule" flag="required"/> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="dsJndiName">java:/CPIDS</module-option> <module-option name="principalsQuery">Select PASSWORD from COLLABORATEUR where LOGIN=?</module-option> <module-option name="rolesQuery">Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK</module-option> </login-module> </authentication> </application-policy>
The debug security trace in server.log :
2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] Begin isValid, principal:, cache info: null 2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] defaultLogin, principal= 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(CPIProject), size=9 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(CPIProject), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.ClientLoginModule ControlFlag: LoginModuleControlFlag : required Options:[1] LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule ControlFlag: LoginModuleControlFlag : required Options:name=rolesQuery, value=Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK name=principalsQuery, value=Select PASSWORD from COLLABORATEUR where LOGIN=? name=unauthenticatedIdentity, value=guest name=dsJndiName, value=java:/CPIDS 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] Begin login 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] Obtained login: , credential.class: null 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] End login 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@4626217 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/CPIDS 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=Select PASSWORD from COLLABORATEUR where LOGIN=? 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: Select PASSWORD from COLLABORATEUR where LOGIN=?, with username: 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] abort 2006-09-23 10:45:44,671 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort 2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] Login failure javax.security.auth.login.FailedLoginException: No matching username found in Principals at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:152)
We can see that the Principal is empty !
The security informations seems to be not propagating from Client to Server.
The FAQ says "put a ClientLoginModule". I've done this without sucess.
For information, authentication is all right from a struts web app.
What goes wrong ?