1 Reply Latest reply on Sep 20, 2005 6:48 PM by aabendschein

    unable to access secured ejb from resource adapter

    aabendschein
    aabendschein Sep 2, 2005 6:27 PM

      We have an EJB application that makes use of a resource adapter to handle bidirectional socket communications with a number of external clients. This application also communicates to a remote console application using the traditional EJB home/remote interfaces.

      I am now in the process of adding security to the application using an LDAP repository. While I have been successful in getting the console to access the EJBs via use of the org.jboss.security.auth.spi.LdapLoginModule (after user login), I have so far not been able to get the resource adapter to access the 'secured' ejbs.

      Regardless of what configuration changes I have made to the deployment descriptor (for example <security-domain-and-application>, <security-domain>, <security-identity>), the result is always 'Bad password for username=null'.

      I suppose that there is some configuration that I need that I simply don't understand. Any thoughts?

      I would be most grateful for any help.

      Thanks,

      Andy

      Pertinent information:
      JBoss version: 4.0.2(build: CVSTag=JBoss_4_0_2
      OS: windows XP Professional

      -ds.xml contents:

      <?xml version="1.0" encoding="UTF-8"?>
<connection-factories>

<!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
<no-tx-connection-factory>
<jndi-name>CMAConnectionFactory</jndi-name>


<!-- JBoss 4.0.x -->
<rar-name>03-cma-message.rar</rar-name>
<connection-definition>com.cox.cma.server.message.ra.intf.CMAConnectionFactory</connection-definition>

<!--ALA begin -->
<security-domain-and-application>cma</security-domain-and-application>
<security-identity>
 <run-as>
 <roll-name>user</roll-name>
 </run-as>
</security-identity>
<!-- ALA end -->

</no-tx-connection-factory>

</connection-factories>



      Stack trace: 
      2005-09-02 16:20:37,459 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Resource adapter is starting.
2005-09-02 16:20:37,459 DEBUG [com.cox.cma.server.message.ra.ResourceAdapterImpl] Resource adapter loading properties from XML.
2005-09-02 16:20:37,469 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting Acceptor.
2005-09-02 16:20:37,469 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Local socket address: 0.0.0.0/0.0.0.0:6565
2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.Acceptor] Acceptor configured to listen for incoming connections on 0.0.0.0/0.0.0.0:6565
2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Acceptor starting work thread to accept incoming connections.
2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting SecureAcceptor.
2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.SecureAcceptor] Local socket address: 0.0.0.0/0.0.0.0:6566
2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.Acceptor] Run method called to accept incoming connections.
2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Starting the isRunning loop!
2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.SecureAcceptor] SecureAcceptor configured to listen for incoming (temporarily non-)secure connections on 0.0.0.0/0.0.0.0:6566
2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.SecureAcceptor] SecureAcceptor starting work thread to accept incoming connections.
2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting ReplyReceiver...
2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.outbound.ReplyReceiver] Creating AsyncTimer session bean to trigger periodic cleanup.
2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.inbound.SecureAcceptor] Run method called to accept incoming secure connections.
2005-09-02 16:20:38,000 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=null
2005-09-02 16:20:38,010 DEBUG [org.jboss.ejb.plugins.LogInterceptor] SecurityException in method: public abstract com.cox.cma.server.message.ra.ejb.AsyncTimerLocal com.cox.cma.server.message.ra.ejb.AsyncTimerLocalHome.create() throws javax.ejb.CreateException:
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
 at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:166)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:483)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:425)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:251)
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:180)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:106)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121)
 at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
 at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
 at org.jboss.ejb.Container.invoke(Container.java:894)
 at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:342)
 at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
 at $Proxy67.create(Unknown Source)
 at com.cox.cma.server.message.ra.outbound.ReplyReceiver.<init>(ReplyReceiver.java:145)
 at com.cox.cma.server.message.ra.outbound.ReplyReceiver.getInstance(ReplyReceiver.java:179)
 at com.cox.cma.server.message.ra.ResourceAdapterImpl.start(ResourceAdapterImpl.java:151)
 at org.jboss.resource.deployment.RARDeployment.startService(RARDeployment.java:102)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
 at org.jboss.system.ServiceDynamicMBeanSupport.invoke(ServiceDynamicMBeanSupport.java:110)
 at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:150)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:418)
 at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
 at $Proxy32.start(Unknown Source)
 at org.jboss.deployment.SimpleSubDeployerSupport.startService(SimpleSubDeployerSupport.java:378)
 at org.jboss.deployment.SimpleSubDeployerSupport.start(SimpleSubDeployerSupport.java:141)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
 at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
 at $Proxy8.deploy(Unknown Source)
 at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:325)
 at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:501)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:204)
 at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:277)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
 at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:418)
 at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
 at $Proxy4.start(Unknown Source)
 at org.jboss.deployment.SARDeployer.start(SARDeployer.java:273)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:722)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
 at $Proxy5.deploy(Unknown Source)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:434)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:315)
 at org.jboss.Main.boot(Main.java:195)
 at org.jboss.Main$1.run(Main.java:463)
 at java.lang.Thread.run(Thread.java:595)


      • 2370 Views
      • Tags:
        • 1. Re: unable to access secured ejb from resource adapter
          aabendschein
          aabendschein Sep 20, 2005 6:48 PM (in response to aabendschein)

          After a lot of digging, I eventually found that the magic that I was looling for was a mechanism of establishing the credentials that the resource adapter needed to access the other, protected EJBs.

          The relevant code is shown here:

          String systemName = System.getProperty("systemName");
          String systemPassword = System.getProperty("systemPassword");

          org.jboss.security.SecurityAssociation.setPrincipal(new org.jboss.security.SimplePrincipal(systemName));
          org.jboss.security.SecurityAssociation.setCredential(systemPassword.toCharArray());

          where the systemName and systemPassword are read as system properties.

            • Actions