-
1. Re: JBoss 4.2.3 and Security Annotations
wolfgangknauf Aug 6, 2009 5:35 AM (in response to bacooper81)Hi,
yes, those annotations are supported for JBoss 4.2.x.
I cannot point you to a better documentation, but feel free to ask questions here.
Wolfgang -
2. Re: JBoss 4.2.3 and Security Annotations
jaikiran Aug 6, 2009 7:45 AM (in response to bacooper81)For AS 4.x and EJB3, these might help:
http://www.jboss.org/ejb3/docs/tutorial/
http://www.jboss.org/ejb3/docs/tutorial/security/security.html -
3. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 6, 2009 10:42 AM (in response to bacooper81)Thanks for the responses. I will check out those tutorials.
-
4. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 6, 2009 11:40 AM (in response to bacooper81)The security tutorial mentions that I need to use the jboss annotation org.jboss.ejb3.security.SecurityDomain, but it doesn't seem to exist in the jars that come with 4.2.3. I added all the jars in the jboss lib directory to my external library, but still don't have access to this class. Is there another jar file I need?
Thanks again for the help. -
5. Re: JBoss 4.2.3 and Security Annotations
wolfgangknauf Aug 7, 2009 5:49 AM (in response to bacooper81)It is "@org.jboss.annotation.security.SecurityDomain" for JBoss 4.2.
Not a wise decision of the JBoss guys to change the package of an annotation :-(
Best regards
Wolfgang -
6. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 11, 2009 5:54 PM (in response to bacooper81)That's very strange. I looked for that annotation, and discovered I don't have the org.jboss.annotation package. I do have other packages under org.jboss, but not that one. Are you sure this comes with version 4.2.3.GA, and is in the lib directory?
-
7. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 12, 2009 1:26 PM (in response to bacooper81)It looks like there is a special ejb plugin for jboss :
http://www.jboss.org/ejb3
Is that something I need. It looks like this one is only for JBoss AS 5.1.0 though. I also see installation docs for JBoss 4.0.3SP1:
http://www.jboss.org/ejb3/docs/tutorial/installing.html
But nothing for JBoss 4.2 -
8. Re: JBoss 4.2.3 and Security Annotations
jaikiran Aug 13, 2009 2:03 AM (in response to bacooper81)"bacooper81" wrote:
That's very strange. I looked for that annotation, and discovered I don't have the org.jboss.annotation package.
Wolfgang is right about the annotation to use for 4.x"bacooper81" wrote:
Are you sure this comes with version 4.2.3.GA, and is in the lib directory?
Its available in 4.2.x but not in the lib folder. Its in JBOSS_HOME/server/< servername>/deploy/ejb3.deployer/jboss-annotations-ejb3.jar.
It looks like there is a special ejb plugin for jboss :
http://www.jboss.org/ejb3
Is that something I need. It looks like this one is only for JBoss AS 5.1.0 though.
Yes, its only for JBoss AS-5.x
I also see installation docs for JBoss 4.0.3SP1:
http://www.jboss.org/ejb3/docs/tutorial/installing.html
But nothing for JBoss 4.2
JBoss AS 4.2.x by default has EJB3 support available, so you do not have to install anything else. The rest of the tutorials on that page apply for AS-4.2.x too. -
9. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 13, 2009 2:45 PM (in response to bacooper81)Awesome. I see jboss-annotations-ejb3.jar. Thanks so much for the reply.
-
10. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 20, 2009 6:15 PM (in response to bacooper81)Ok, I'm able to authenticate users logging into the app now, but as soon as I put @SecurityDomain on a session bean, I get the following error when I make a call to a method on that bean:
javax.ejb.EJBAccessException: Authentication failure
Please let me know if you have any idea what I'm doing wrong. Thanks.
session bean:@Stateless @SecurityDomain("castOfShadows") public class ContentManagerBean implements ContentManager { @PersistenceContext(unitName = "castOfShadows") protected EntityManager entityManager; public List<Content> findContentByType(ContentType contentType) { ... } }
jboss-web.xml<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> <jboss-web> <security-domain>java:/jaas/castOfShadows</security-domain> </jboss-web>
jboss.xml<?xml version="1.0"?> <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 4.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_4_2.dtd"> <jboss> <security-domain>java:/jaas/castOfShadows</security-domain> </jboss>
login-config.xml<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> ... <application-policy name = "castOfShadows"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties"> props/shadows-web-users.properties </module-option> <module-option name="rolesProperties"> props/shadows-web-roles.properties </module-option> </login-module> </authentication> </application-policy> </policy>
-
11. Re: JBoss 4.2.3 and Security Annotations
wolfgangknauf Aug 21, 2009 9:18 AM (in response to bacooper81)Hi,
activate logging of the security layer, this will probably provide you with more details (e.g. failures in the login module).
Take a look at http://www.jboss.org/community/wiki/SecurityFAQ , question 4.
Best regards
Wolfgang -
12. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 25, 2009 1:43 PM (in response to bacooper81)I've been making a lot of progress, and I'm finally able to log in using DatabaseServerLoginModule with clear text passwords in my DB. So thanks for all the help so far.
Ideally, I'd like to configure the module to use encrypted passwords though. I'm using AES encryption in my database and have a secret key to encrypt/decrypt them. Is there a way to do this? I see in the docs at http://www.jboss.org/community/wiki/DatabaseServerLoginModule that you can specify a hashAlgorithm and hashEncoding, but I don't see anything about how to apply your secret key. Am I missing something? Wouldn't I have to configure it to use my secret key in order to hash the password correctly? -
13. Re: JBoss 4.2.3 and Security Annotations
bacooper81 Aug 26, 2009 2:25 PM (in response to bacooper81)Never mind. I was able to use my db encryption by subclassing DatabaseServerLoginModule and overriding the convertRawPassword.