-
1. Re: SecurityAssociation and ClientLoginModule authentication
tom.iten Nov 5, 2008 5:03 AM (in response to javidjamae)Hi Javid
I have the same Problem with the JndiLoginInitialContextFactory approach.
The sample runs fine with JBoss 4.2.2.GA but with Version 5.0.0.CR2 i'm
getting an <Invalid User> Message.
You can find another non JAAS approach (with the usage of LoginContext) here: http://www.jboss.com/index.html?module=bb&op=viewtopic&t=144865
best regards
Tom -
2. Re: SecurityAssociation and ClientLoginModule authentication
anil.saldhana Nov 9, 2008 11:27 AM (in response to javidjamae)SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "mypass"); or client.setJaas("other", mycallbackhandler); client.login();
http://anonsvn.jboss.org/repos/jbossas/projects/security/security-spi/tags/2.0.2.GA/spi/src/main/org/jboss/security/client/
The above is a tested/suggested approach. -
3. Re: SecurityAssociation and ClientLoginModule authentication
jaikiran Dec 22, 2008 9:34 AM (in response to javidjamae)SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "mypass");
This works with JBoss-5.0 GA. However, is there a way where i can clear of the user credentials and relogin with a new password. The usecase i am trying is :// Login with incorrect password SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "incorrectpass"); // access bean - which will throw exception because of invalid password bean.doAuthorizedOp(); // Now logout the client since password was incorrect client.logout(); // Now pass the correct password client.setSimple("anil", "correctpass"); // try accessing the bean authorized method // should have passed but fails with "Invalid User" exception bean.doAuthorizedOp();
Even after logging out the client with the incorrect password, and then login with the correct password, i get a Invalid User exception:[java] Exception in thread "main" javax.ejb.EJBAccessException: Invalid User [java] at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:137) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:65) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:486) [java] at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:56) [java] at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91) [java] at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82) [java] at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:908) [java] at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:742) [java] at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:695) [java] at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:522) [java] at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:230) [java] at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:206) [java] at org.jboss.remoting.Client.invoke(Client.java:1708) [java] at org.jboss.remoting.Client.invoke(Client.java:612) [java] at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:60) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.security.client.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:65) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:76) [java] at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [java] at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62) [java] at $Proxy3.invoke(Unknown Source)
-
4. Re: SecurityAssociation and ClientLoginModule authentication
jaikiran Dec 23, 2008 1:29 AM (in response to javidjamae)"jaikiran" wrote:
This works with JBoss-5.0 GA.
Spoke too soon. A bit of debugging shows that usingSecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "mypass");
from a standalone client to access a secure EJB on JBoss-5.0 GA server always fails with Invalid User. The principal being passed to the EJB is null. I will debug a bit more and see what the problem is. -
5. Re: SecurityAssociation and ClientLoginModule authentication
jaikiran Dec 24, 2008 1:30 AM (in response to javidjamae)"jaikiran" wrote:
A bit of debugging shows that usingSecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "mypass");
from a standalone client to access a secure EJB on JBoss-5.0 GA server always fails with Invalid User. The principal being passed to the EJB is null. I will debug a bit more and see what the problem is.
Got it working. I was missing the obvious step of client.login( ) :-) This works:SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "mypass"); client.login();
This testcase helped me understand the usage http://anonsvn.jboss.org/repos/jbossas/trunk/testsuite/src/main/org/jboss/test/security/test/client/SecurityClientUnitTestCase.java -
6. Re: SecurityAssociation and ClientLoginModule authentication
jaikiran Dec 24, 2008 1:31 AM (in response to javidjamae)"jaikiran" wrote:
However, is there a way where i can clear of the user credentials and relogin with a new password. The usecase i am trying is :// Login with incorrect password SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("anil", "incorrectpass"); // access bean - which will throw exception because of invalid password bean.doAuthorizedOp(); // Now logout the client since password was incorrect client.logout(); // Now pass the correct password client.setSimple("anil", "correctpass"); // try accessing the bean authorized method // should have passed but fails with "Invalid User" exception bean.doAuthorizedOp();
This works too. client.logout( ) clears the credentials. -
7. Re: SecurityAssociation and ClientLoginModule authentication
zithuba Mar 30, 2009 3:21 AM (in response to javidjamae)Hi, I am having a problem with the same ejb security. I have read a lot of the articles and forums but I still have the problem. I use Anil`s setup for the Jaas security login modules and deploy it with my app. It gets deployed, and I used the JB AS5 way of propagating login credentials as you described above. The user get authenticated but authorization fails for my method with a rolesallowed entry. Do I have to do this (client.login()) everytime I am going to do a lookup on the context or call an ejb method?
-
8. Re: SecurityAssociation and ClientLoginModule authentication
wolfgangknauf Mar 30, 2009 7:53 AM (in response to javidjamae)Hi,
"client.login" must be called only once.
Please start a new thread, and provide us with more details on your login module and security configuration and on your client code.
Did you check that your user is authenticated by the login module? Maybe the login fails and the login module falls back e.g. to the unauthenticatedIdentity (take a look at question 4 of the FAQ to see how to activate security layer logging).
Best regards
Wolfgang -
9. Re: SecurityAssociation and ClientLoginModule authentication
zithuba Mar 30, 2009 12:55 PM (in response to javidjamae)H,
I created this thread:
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222074#4222074