10 Replies Latest reply on Nov 1, 2008 2:29 AM by jaikiran pai

    Accessing a secure EJB from standalone Java client

    Jamie Johnson Newbie
    Jamie Johnson Oct 24, 2008 9:25 AM

      I am attempting to connect to an EJB that is under a JAAS Domain which has unauthenticated access support via the unauthenticatedIdentity attribute in my login-config.xml. If I provide the appropriate information when building my initalcontext (a valid username and password) everything works fine. But if I attempt to connect to without specifying a username/password I get

      Exception in thread "main" java.lang.NullPointerException
 at org.jboss.security.jndi.JndiLoginInitialContextFactory.getInitialContext(JndiLoginInitialContextFactory.java:95)
 at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
 at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
 at javax.naming.InitialContext.init(Unknown Source)
 at javax.naming.InitialContext.<init>(Unknown Source)
 at com.csp.ejb.authentication.AuthenticationBean.getInitialContext(AuthenticationBean.java:76)
 at com.csp.test.client.Client.main(Client.java:60)


      If I set the user name as guest and then try to create the InitalContext I get AuthenticationDenied for all functions.

      My question is how do I make a connection to the server using the unauthenticated user?

      • 8831 Views
      • Tags:
        • 1. Re: Accessing a secure EJB from standalone Java client
          Wolfgang Knauf Master
          Wolfgang Knauf Oct 27, 2008 9:30 AM (in response to Jamie Johnson)

          Hi,

          could you provide us with details of your "login-config.xml" and your application security settings?

          Security constraints for the "guest" user must be specified in e.g. web.xml and in the security constraints of your EJBs (you have to declare the allowed resources/methods for the guest user).

          Hope this helps

          Wolfgang

          • 2. Re: Accessing a secure EJB from standalone Java client
            Jamie Johnson Newbie
            Jamie Johnson Oct 27, 2008 10:40 AM (in response to Jamie Johnson)

            My EJB looks like this:

            @RolesAllowed({"user", "admin"})
 public String echoUser(String src) {
 log.debug("echoUser called with source string " + src);
 return "Echo User: " + src;
 }

 /* (non-Javadoc)
 * @see com.csp.ejb.echo.EchoBeanInterface#echoAdmin(java.lang.String)
 */
 @RolesAllowed({"admin"})
 public String echoAdmin(String src) {
 log.debug("echoAdmin called with source string " + src);
 return "Echo Admin: " + src;
 }

 /* (non-Javadoc)
 * @see com.csp.ejb.echo.EchoBeanInterface#echoAll(java.lang.String)
 */
 @PermitAll
 public String echoAll(String src) {
 log.debug("echoAll called with source string " + src);
 return "Echo All: " + src;
 }

            my login-config file is very simple and looks like 

            <application-policy name="test">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
 <module-option name="unauthenticatedIdentity">guest</module-option>
 <module-option name="usersProperties">props/axle-users.properties</module-option>
 <module-option name="rolesProperties">props/axle-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>


            The application works fine if I login as a user or admin and try to use the echo functions, but if I do not login I can't call the echoAll method.

            • 3. Re: Accessing a secure EJB from standalone Java client
              Wolfgang Knauf Master
              Wolfgang Knauf Oct 28, 2008 8:36 AM (in response to Jamie Johnson)

              I don't see an error in your snippets. How do you connect? Could you post also snippets of your client side?

              Best regards

              Wolfgang

              • 4. Re: Accessing a secure EJB from standalone Java client
                Jamie Johnson Newbie
                Jamie Johnson Oct 28, 2008 8:49 AM (in response to Jamie Johnson)

                 

                Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099");
InitialContext ctx = new InitialContext(env);

InitialContext ctx = b.getInitialContext();
EchoBeanRemote echoBean = (EchoBeanRemote) ctx.lookup("SecuredEchoEnterpriseApplication/EchoBean/remote");


                the error is 

                Exception in thread "main" java.lang.NullPointerException
 at org.jboss.security.jndi.JndiLoginInitialContextFactory.getInitialContext(JndiLoginInitialContextFactory.java:95)
 at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:667)
 at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:247)
 at javax.naming.InitialContext.init(InitialContext.java:223)
 at javax.naming.InitialContext.<init>(InitialContext.java:197)
 at test.client.Client.main(Client.java:60)


                • 5. Re: Accessing a secure EJB from standalone Java client
                  Wolfgang Knauf Master
                  Wolfgang Knauf Oct 28, 2008 9:18 AM (in response to Jamie Johnson)

                  Those two lines are a bit strange:

                  InitialContext ctx = new InitialContext(env);

InitialContext ctx = b.getInitialContext();

                  I guess, that line 60 is the one with the error?

                  Do you use an application client or a web client? For application clients, you MUST specifiy the JNDI connection properties on creating the InitialContext: 
                  Properties props = new Properties();
 props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 props.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming.client");
 props.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099");

 InitialContext initialContext = new InitialContext(props);


                  Hope this brings us a bit further (though I am not really a professionel on JAAS)

                  Wolfgang

                  • 6. Re: Accessing a secure EJB from standalone Java client
                    Jamie Johnson Newbie
                    Jamie Johnson Oct 28, 2008 3:35 PM (in response to Jamie Johnson)

                    Sorry you are correct the line b.getInitialContext() does not belong, but this is not the cause of the issue.

                    • 7. Re: Accessing a secure EJB from standalone Java client
                      Ragav Gomatam Novice
                      Ragav Gomatam Oct 28, 2008 9:04 PM (in response to Jamie Johnson)

                      Can you post the method permissions on the ejb ?

                      • 8. Re: Accessing a secure EJB from standalone Java client
                        Wolfgang Knauf Master
                        Wolfgang Knauf Oct 29, 2008 4:37 AM (in response to Jamie Johnson)

                        jej2003, could you create a really small sample, which shows the problem (and contains no unrelated code)? It would be best if you placed a sample EAR on some public server.

                        ragavgomatam, the method permissions are in post 3.

                        Best regards

                        Wolfgang

                        • 9. Re: Accessing a secure EJB from standalone Java client
                          Jamie Johnson Newbie
                          Jamie Johnson Oct 31, 2008 12:47 PM (in response to Jamie Johnson)

                          I will do first thing Monday. Sorry for the delay.

                          • 10. Re: Accessing a secure EJB from standalone Java client
                            jaikiran pai Master
                            jaikiran pai Nov 1, 2008 2:29 AM (in response to Jamie Johnson)

                             

                            env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");


                            This looks incorrect. I usually use: 

                            env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");


                            See if this change fixes the issue. If not, please follow what Wolfgang mentioned in his post.