1 Reply Latest reply on Aug 16, 2007 4:19 AM by alxs

    SEAM & EJB & JAAS

    tilnik
    tilnik May 11, 2007 7:21 AM

      I encountered problem and I don't know how to resolve it.
      I have an application deployed on jboss-4.0.5GA (jbossws upgaded to jbossws-1.2.1.GA). Part of application is stateless session bean deployed as WebService.
      @WebService(name = "CtxManager", serviceName = "CtxManagerService", targetNamespace = WSConstants.TARGET_NAMESPACE)
      @WebContext(contextRoot = ctxWS, authMethod = "BASIC", transportGuarantee = "CONFIDENTIAL", secureWSDLAccess = true)
      @Stateless
      @SecurityDomain("myApplicationPolicyName")
      @RolesAllowed("cuser")
      public class CtxManagerBean implements CtxManager{
      ...
      @WebMethod
      public boolean hasActiveCall(@WebParam(name = "dialNumber"){...}
      ...
      }
      Same application also has seam component:
      @Stateless
      @Name("orgUnitBrowser")
      @Restrict("#{s:hasRole('cuser')}")
      public class OrgUnitBrowserBean implements OrgUnitBrowserLocal{...}

      When I try to invoke CtxManagerBean.hasActiveCall method from orgUnitBroswer I get authorization failure ([RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[cuser], principalRoles=[]).

      When I invoke WS method from my WS client, authentication/authorization works fine. Web page (a JSF page that invokes orgUnitBrowser method that invokes ctxManager method) is also protected.
      login-config.xml:

      ...
 <application-policy name = "myApplicationPolicyName">
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/myDataSource</module-option>
 <module-option name = "principalsQuery">SELECT password FROM USERS WHERE username=?</module-option>
 <module-option name = "rolesQuery">SELECT r.description, 'Roles'
 FROM USERS u
 JOIN USERS_ROLE ur ON ur.users_id=u.id
 JOIN ROLE r ON ur.roles_id=r.id
 AND u.username=?
 </module-option>
 </login-module>
 <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"/>
 </authentication>
 </application-policy>
...

      components.xml: 
      ...
 <drools:rule-base name="securityRules">
 <drools:rule-files>
 <value>/security.drl</value>
 </drools:rule-files>
 </drools:rule-base>

 <security:identity jaas-config-name="myApplicationPolicyName"
 security-rules="#{securityRules}"/>
...

      page.xml: 
      ...
<page view-id="/cuser/*" login-required="true">
 <restrict>#{s:hasRole('cuser')}</restrict></page>
...

      What else should I define/change, to resolve problem?


      • 4355 Views
      • Tags: