0 Replies Latest reply on Nov 7, 2006 11:47 AM by tang_2001

    Credentials propagation to a remote jboss server

    tang_2001
    tang_2001 Nov 7, 2006 11:47 AM

      Hello,

      I'm trying to authenticate the accesses to a jboss-4.0.4 server through an EJB session facade with a unique "generic" user account.
      This server is remotely acceded from a jboss-portal-2.4 server.
      I used to authenticate this way from a simple tomcat5.0 server, but I can't succeed in doing the same from the jboss portal server.
      Following is the description of my current configuration.

      on jboss portal side:
      --------------------
      1- Added an SSOValve as described just like in page http://www.simongbrown.com/blog/2004/11/04/1099588633312.html
      This valve does something like:

      request.setUserPrincipal(new SSOPrincipal(request.getContext()
 .getRealm(), username, password, roles));

      where SSOPrincipal extends org.apache.catalina.realm.GenericPrincipal

      2- An extract of my jboss-web.xml file: 
      <security-domain>java:/jaas/client-login</security-domain>

      This should help propagating my credentials to my session facade on a remote jboss server

      on the remote jboss server side:
      -------------------------------
      I have the following settings that used to work when I had a simple tomcat server in the front side. Now I try to do the same with jboss portal in front, but the remote jboss server settings remain the same:
      1- I defined in jboss-login file: 
      <application-policy name="gubpm">
 <authentication>
 <login-module
 code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag="required">
 <module-option name="usersProperties">
 props/gubpm-users.properties
 </module-option>
 <module-option name="rolesProperties">
 props/gubpm-roles.properties
 </module-option>
 </login-module>
 <login-module code="org.jboss.security.ClientLoginModule"
 flag="required">
 <!-- Any existing security context will be restored on logout -->
 <module-option name="restore-login-identity">
 true
 </module-option>
 </login-module>
 </authentication>
 </application-policy>


      3- From jboss portal, I do a lookup of the remote facade: 
      Hashtable props = new Hashtable();
 props.put(Context.INITIAL_CONTEXT_FACTORY,
 "org.jnp.interfaces.NamingContextFactory");
 String providerUrl = Constants.PROVIDER_URL;
 props.put(Context.PROVIDER_URL, providerUrl);

 Object reference = (new InitialContext(props)).lookup("SessionFacade");

 SessionFacadeHome home = (SessionFacadeHome) PortableRemoteObject
 .narrow(reference, SessionFacadeHome.class);

 return home.create();



      2- I also added the following line to my jboss.xml file: 
      <security-domain>java:/jaas/gubpm</security-domain>


      3- My ejb is configured to authorize accesses to the methods to role 'Authenticated'

      The result is that this fail on the lookup line: 
      Object reference = (new InitialContext(props)).lookup("SessionFacade");


      with the following error: 
      Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)


      Of course I checked that the given username and password are the same that the remote jboss server expect to find in files props/gubpm-users.properties and props/gubpm-roles.properties. I cannot find what is wrong in my settings...

      Please help!
      Thanks,

      Tanguy

      • 2473 Views
      • Tags: