1 Reply Latest reply on Nov 19, 2006 8:53 AM by klejs

EJBAccessException

klejs Nov 18, 2006 10:18 AM

Hi,

I'm trying to use JBoss with EJB3 and JAAS but I'm getting an EJBAccessException and I can't figure out why. Im using JBoss 4.0.5.GA and EJB3. When testing for isUserInRole("operator") in my webapp it returns true but the exception is thrown when trying to call a metod on an EJB.

My config and code looks like this:

web.xml

<security-constraint>
 <web-resource-collection>
 <web-resource-name>My resources</web-resource-name>
 <description>Protects the application</description>
 <url-pattern>/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>operator</role-name>
 </auth-constraint>
 </security-constraint>

 <login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>/login.html</form-login-page>
 <form-error-page>/login_error.html</form-error-page>
 </form-login-config>
 </login-config>

jboss-web.xml

<jboss-web>
<security-domain>java:/jaas/my_security_domain</security-domain>
</jboss-web>

jboss.xml

<jboss>
<security-domain>java:/jaas/my_security_domain</security-domain>
</jboss>

login-config.xml

<application-policy name="my_security_domain">
 <authentication>
 <login-module
 code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag="required">

 <module-option name="dsJndiName">java:/myDS</module-option>
 <module-option name="principalsQuery">
 select password from user where username=?
 </module-option>
 <module-option name="rolesQuery">
 select role.rolename, 'Roles' from user_role, role where (user_role.username = ?) and (role.id = user_role.role_id)
 </module-option>
 </login-module>
 </authentication>
</application-policy>

Code for getting EJB from web app

InitialContext ctx = new InitialContext();
Object result = ctc.lookup("myEJB");

EJB code

@Stateless
@RolesAllowed("operator")
public class MyManagerBean implements MyManager {
 ...
}

The exception I get looks like this:

aused by: javax.ejb.EJBAccessException: Authentication failure
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:131)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
 at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
 at $Proxy166.listMSOperators(Unknown Source)
 at com.bossmedia.egs.jp.web.MSOperatorsListHandler.listMSOperators(Unknown Source)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
 ... 28 more
aused by: javax.security.auth.login.LoginException: Inga inloggningsmoduler har konfigurerats f÷r java:
 at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
 at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
 at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
 at org.jboss.security.plugins.SubjectActions$LoginContextAction.run(SubjectActions.java:162)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.jboss.security.plugins.SubjectActions.createLoginContext(SubjectActions.java:277)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:600)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
 at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
 ... 43 more

Can anyone help me with this? Thanks in advance.

/klejs

1. Re: EJBAccessException

klejs Nov 19, 2006 8:53 AM (in response to klejs)
I'll answer this one myself. It turns out that, in your jboss.xml file, when using EJB3 you shouldn't use the full JNDI path to point to your seurity domain but just to the name of the security domain.

So instead of:
<jboss> <security-domain>java:/jaas/my_security_domain</security-domain> </jboss>

It should be:

<jboss> <security-domain>my_security_domain</security-domain> </jboss>

/klejs
Actions