Credentials propagation to a remote jboss server
tang_2001 Nov 7, 2006 11:47 AMHello,
I'm trying to authenticate the accesses to a jboss-4.0.4 server through an EJB session facade with a unique "generic" user account.
This server is remotely acceded from a jboss-portal-2.4 server.
I used to authenticate this way from a simple tomcat5.0 server, but I can't succeed in doing the same from the jboss portal server.
Following is the description of my current configuration.
on jboss portal side:
--------------------
1- Added an SSOValve as described just like in page http://www.simongbrown.com/blog/2004/11/04/1099588633312.html
This valve does something like:
request.setUserPrincipal(new SSOPrincipal(request.getContext() .getRealm(), username, password, roles));
where SSOPrincipal extends org.apache.catalina.realm.GenericPrincipal
2- An extract of my jboss-web.xml file:
<security-domain>java:/jaas/client-login</security-domain>
This should help propagating my credentials to my session facade on a remote jboss server
on the remote jboss server side:
-------------------------------
I have the following settings that used to work when I had a simple tomcat server in the front side. Now I try to do the same with jboss portal in front, but the remote jboss server settings remain the same:
1- I defined in jboss-login file:
<application-policy name="gubpm"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties"> props/gubpm-users.properties </module-option> <module-option name="rolesProperties"> props/gubpm-roles.properties </module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required"> <!-- Any existing security context will be restored on logout --> <module-option name="restore-login-identity"> true </module-option> </login-module> </authentication> </application-policy>
3- From jboss portal, I do a lookup of the remote facade:
Hashtable props = new Hashtable(); props.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); String providerUrl = Constants.PROVIDER_URL; props.put(Context.PROVIDER_URL, providerUrl); Object reference = (new InitialContext(props)).lookup("SessionFacade"); SessionFacadeHome home = (SessionFacadeHome) PortableRemoteObject .narrow(reference, SessionFacadeHome.class); return home.create();
2- I also added the following line to my jboss.xml file:
<security-domain>java:/jaas/gubpm</security-domain>
3- My ejb is configured to authorize accesses to the methods to role 'Authenticated'
The result is that this fail on the lookup line:
Object reference = (new InitialContext(props)).lookup("SessionFacade");
with the following error:
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213) at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
Of course I checked that the given username and password are the same that the remote jboss server expect to find in files props/gubpm-users.properties and props/gubpm-roles.properties. I cannot find what is wrong in my settings...
Please help!
Thanks,
Tanguy