Help me about JAAS on JBoss !!!
changemylife Jan 27, 2007 3:27 AMHi All !
I am a beginner's JBoss. I have a problem that I understand: I have a Bean called HelloBean that have two methods "printA" and "printB". My ejb-jar.xml has contents:
......
<assembly-descriptor>
<Security-role>
<role-name>RoleA</role-name>
</Security-role>
<Security-role>
<role-name>RoleB</role-name>
</Security-role>
<method-permission>
<role-name>RoleA</role-name>
<ejb-name>HelloBean</ejb-name>
<method-name>printA</method-name>
</method-permission>
<method-permission>
<role-name>RoleB</role-name>
<ejb-name>HelloBean</ejb-name>
<method-name>printB</method-name>
</method-permission>
</assembly-descriptor>
......
On the Client side, I write fragment of code that implement javax.security.auth.spi.LoginModule
......
LoginContext lc = new LoginContext("helloDomain", new ClientCallbackHandler());
lc.login();
Subject ret = lc.getSubject();
Subject.doAs(sub, new SampleAction());
.......
Inside my class SampleAction, I write:
public class SampleAction implements PrivilegedAction{
.....
Properties props = new Properties();
props.put(Context.PROVIDER_URL,"violon:1099");
props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
InitialContext context = new InitialContext(props);
Hello obj = (Hello)context.lookup("HelloBean/remote");
obj.printA();
.....
My config file and policy file :
------------client.config----
helloDomain {
auth.ref.MyLoginModule required debug=false;
};
------------client.policy----
grant codebase "file:./-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "createLoginContext.helloDomain";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission java.util.PropertyPermission "*", "read";
};
When I run, I enter username and password and receive some message:
---------
javax.naming.CommunicationException: Could not obtain connection to any of these urls: violon:1099 and discovery failed with error: java.security.AccessControlException: access denied (java.net.SocketPermission 230.0.0.4 connect,accept,resolve) [Root exception is javax.naming.CommunicationException: Failed to connect to server violon:1099 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission violon resolve)]]
at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1414)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:594)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
at javax.naming.InitialContext.lookup(Unknown Source)
at auth.ref.SampleAction.run(SampleAction.java:41)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Unknown Source)
at main.AuthClient.main(AuthClient.java:70)
Caused by: javax.naming.CommunicationException: Failed to connect to server violon:1099 [Root exception is java.security.AccessControlException: access denied (java.net.SocketPermission violon resolve)]
at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:269)
at org.jnp.interfaces.NamingContext.checkRef(NamingContext.java:1385)
... 7 more
Caused by: java.security.AccessControlException: access denied (java.net.SocketPermission violon resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName0(Unknown Source)
at java.net.InetAddress.getAllByName(Unknown Source)
at java.net.InetAddress.getByName(Unknown Source)
at org.jnp.interfaces.TimedSocketFactory.createSocket(TimedSocketFactory.java:76)
at org.jnp.interfaces.NamingContext.getServer(NamingContext.java:239)
... 8 more
PLEASE HELP ME TO SOLVE MY PROBLEM !!