Simple Auth for HelloWorld-Example not working...
j0llyr0g3r Jun 18, 2008 2:50 PMHey folks,
since my first tries with JAAS and Jboss failed with a complex application, i made a simple HelloWorld application to exclude all possible errors.
My application is really simple:
RMI-client:
public static void main(String[] args) throws NamingException, RemoteException { Hashtable<String, String> props = new Hashtable<String, String>(); props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory"); props.put(Context.PROVIDER_URL,"jnp://sdoesmon:1099"); Context ctx = new InitialContext(props); ISayHello iSayHello = (ISayHello) ctx.lookup("SayHello/SayHello/remote"); System.out.println("Sending command...."); String result = iSayHello.sayHello(); System.out.println("result: " + result); }
My EJB:
@Stateless @Remote public class SayHello implements ISayHello { public String sayHello() { return "Yippie! There i am!"; } }
This works like a charm and my client tells me:
Sending command.... result: Yippie! There i am!
Now i wanted to add JAAS-authentification, so:
* I added the following lines to my client:
props.put(Context.SECURITY_PRINCIPAL, "admin"); props.put(Context.SECURITY_CREDENTIALS, "foo");
* I added the file users.properties to the directory META-INF of my ejb-subproject:
admin=foo
* I added the file roles.properties to the directory META-INF of my ejb-subproject:
admin=SayHelloRole
* I added the file ejb-jar.xml to the directory META-INF of my ejb-subproject:
<ejb-jar> <enterprise-beans> <session> <ejb-name>SayHello</ejb-name> <security-role-ref> <role-name>SayHelloRole</role-name> <role-link>SayHelloRole</role-link> </security-role-ref> </session> </enterprise-beans> <assembly-descriptor> <security-role> <description>foo</description> <role-name>SayHelloRole</role-name> </security-role> <method-permission> <role-name>SayHelloRole</role-name> <method> <ejb-name>SayHello</ejb-name> <method-name>*</method-name> </method> </method-permission> </assembly-descriptor> </ejb-jar>
* I added the file jboss.xml to the directory META-INF of my project ROOT:
<jboss> <security-domain>java:/jaas/SayHello</security-domain> <enterprise-beans> <session> <ejb-name>SayHello</ejb-name> <jndi-name>SayHello</jndi-name> </session> </enterprise-beans> </jboss>
So far, so good.....
Finally, i added this to the login-config.xml:
<application-policy name = "SayHello"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties"> META-INF/users.properties </module-option> <module-option name="rolesProperties"> META-INF/roles.properties </module-option> </login-module> </authentication> </application-policy>
I hoped this would work, but of course it doesn't, i can connect to my EJB with whatever user i want.
Even if i give the wrong password / user, my client still says:
Sending command.... result: Yippie! There i am!
Jesus Christ! I don't even know where to start looking for the reason for this behaviour......
I would really appreciate it if somebody could give me a hint what is going wrong here......
What could i do to narrow down what my application is missing?