-
1. Re: JBoss 3.2.1, Applets and Security
u268 Nov 7, 2003 9:39 AM (in response to scottpy)let me see your jboss.xml, ejb-jar.xml & login-config.xml
-
2. Re: JBoss 3.2.1, Applets and Security
scottpy Nov 7, 2003 10:23 AM (in response to scottpy)LoginConfig:
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.
The outline of the application-policy is:
<application-policy name="security-domain-name">
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>
<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</application-policy>
$Revision: 1.6.2.1 $
-->
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name = "client-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
<!-- Security domain for JBossMQ -->
<application-policy name = "jbossmq">
<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
</login-module>
</application-policy>
<!-- Security domains for testing new jca framework -->
<application-policy name = "HsqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</application-policy>
<application-policy name = "FirebirdDBRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sysdba</module-option>
<module-option name = "userName">sysdba</module-option>
<module-option name = "password">masterkey</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
</login-module>
</application-policy>
<application-policy name = "JmsXARealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</application-policy>
<!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name = "other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
EJB-JAR:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<display-name>AADataBean</display-name>
<ejb-name>AADataBean</ejb-name>
com.paradigm.ejb.AADataRemoteHome
com.paradigm.ejb.AADataRemote
<ejb-class>com.paradigm.ejb.AADataBean</ejb-class>
<persistence-type>Bean</persistence-type>
<prim-key-class>com.paradigm.base.ValueObject</prim-key-class>
False
<env-entry>
<env-entry-name>uni-username</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>unidata</env-entry-value>
</env-entry>
<env-entry>
<env-entry-name>uni-password</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>query1</env-entry-value>
</env-entry>
</enterprise-beans>
<assembly-descriptor>
<container-transaction>
<ejb-name>AADataBean</ejb-name>
<method-name>*</method-name>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
JBoss.xml:
Not sure where this file would be. If you are referring to another deployment descriptor, I didn't define one.
-Scott -
3. Re: JBoss 3.2.1, Applets and Security
u268 Nov 10, 2003 7:37 AM (in response to scottpy)looks like your problem resides in another place - probably it's a block of code where you'r getting remote reference to your entity?
Anyway xml's you show me are ok, and should not produce such exceptions.
Are u using some security in your application? ;) -
4. Re: JBoss 3.2.1, Applets and Security
scottpy Nov 10, 2003 10:46 AM (in response to scottpy)Unless there is a level of security by default in JBoss 3.2.1, I am not using any security. Also, I will enclose my applet code for you to see. I decided to try and use a SessionBean instance which in turn utilizes the desired EntityBean. I am getting the same result. The exception I recieved in the plugin is also below. It seems to occur in the validate() method once I try to invoke a bean method.
Thanks,
-Scott
Pardon the ugly code:/* * MVGrid.java * * Created on October 27, 2003, 3:41 PM */ package com.paradigm.applet; import com.paradigm.ejb.LLR295FacadeHome; import com.paradigm.ejb.LLR295Facade; import com.paradigm.valueObject.AAData; import com.paradigm.base.ValueObject; import com.paradigm.exception.*; import com.paradigm.base.LoginConfig; import com.paradigm.base.SimpleLoginConfig; import java.rmi.*; import javax.rmi.*; import javax.naming.*; import javax.ejb.CreateException; import java.util.StringTokenizer; import java.util.HashMap; import java.util.TreeMap; import java.util.TreeSet; import java.util.ArrayList; import java.util.Iterator; import java.util.Enumeration; import java.util.Vector; import java.util.Set; import java.util.Properties; import javax.swing.JApplet; import javax.swing.JTable; import javax.swing.table.TableCellEditor; import javax.swing.table.DefaultTableModel; import javax.swing.table.TableColumn; import javax.swing.table.DefaultTableColumnModel; import javax.swing.event.TableModelEvent; import javax.swing.event.TableModelListener; import javax.swing.event.ListSelectionListener; import javax.swing.event.ListSelectionEvent; import javax.swing.event.CellEditorListener; import javax.swing.event.ChangeEvent; import javax.swing.DefaultCellEditor; import javax.swing.JTextField; import com.paradigm.applet.particle.Particle; import com.paradigm.applet.particle.GridParticle; import com.paradigm.applet.particle.ColumnParticle; /** * * @author parmley */ public class MVGrid extends JApplet { /** Initializes the applet MVGrid */ public void init() { initComponents(); setGridColumns(); mvTable.getSelectionModel().addListSelectionListener(new ListSelectionListener() { public void valueChanged(ListSelectionEvent evt) { int col = mvTable.getSelectedColumn(); int row = mvTable.getSelectedRow(); if(columns[col].isEditable()) { mvTable.editCellAt(row,col); } } }); } /** This method is called from within the init() method to * initialize the form. * WARNING: Do NOT modify this code. The content of this method is * always regenerated by the Form Editor. */ private void initComponents() { scrollPane = new javax.swing.JScrollPane(); mvTable = new javax.swing.JTable(); mvTable.setFont(new java.awt.Font("Dialog", 0, 10)); mvTable.setModel(new javax.swing.table.DefaultTableModel( new Object [][] { }, new String [] { "-" } ) { boolean[] canEdit = new boolean [] { false }; public boolean isCellEditable(int rowIndex, int columnIndex) { return canEdit [columnIndex]; } }); mvTable.setAutoResizeMode(javax.swing.JTable.AUTO_RESIZE_OFF); mvTable.setDoubleBuffered(true); mvTable.setEditingColumn(0); scrollPane.setViewportView(mvTable); getContentPane().add(scrollPane, java.awt.BorderLayout.CENTER); } public void setGridColumns() { // Not ideal. This is temporary.// StringTokenizer stNames = new StringTokenizer(this.getParameter("label"), ","); StringTokenizer stEdit = new StringTokenizer(this.getParameter("writeable"), ","); StringTokenizer stKey = new StringTokenizer(this.getParameter("key"), ","); StringTokenizer stSize = new StringTokenizer(this.getParameter("size"), ","); if(tcol == null) { tcol = new DefaultTableColumnModel(); } if(tmodel == null) { tmodel = new DefaultTableModel(); tmodel.setColumnCount(stNames.countTokens()); mvTable.setModel(tmodel); } System.out.println("Setting "+stNames.countTokens()+" columns."); columns = new ColumnParticle[stNames.countTokens()]; titles = new String[stNames.countTokens()]; colWriteable = new boolean[stNames.countTokens()]; mvGrid = new Object[0][stNames.countTokens()]; int x=0; while(stNames.hasMoreTokens()) { String rname = stNames.nextToken(); String redit = stEdit.nextToken(); String rkey = stKey.nextToken(); String rsize = stSize.nextToken(); columns[x] = new ColumnParticle(); columns[x].setLabel(rname); columns[x].setEditable(Boolean.valueOf(redit).booleanValue()); columns[x].setKey(Boolean.valueOf(rkey).booleanValue()); System.out.println("Column "+x+" key? "+columns[x].isKey()); columns[x].setSize(Integer.parseInt(rsize)); columns[x].setIndex(x); titles[x] = columns[x].getLabel(); colWriteable[x] = columns[x].isEditable(); TableColumn col = columns[x].toColumn(); if(columns[x].isKey()) { System.out.println("Setting editor for column "+x); DefaultCellEditor editor = new DefaultCellEditor(new JTextField()); editor.addCellEditorListener(new CellEditorListener() { public void editingCanceled(ChangeEvent evt) { } public void editingStopped(ChangeEvent evt) { validate(); } }); col.setCellEditor(editor); } tcol.addColumn(col); x++; } mvTable.setColumnModel(tcol); stNames = null; stEdit = null; stKey = null; stSize = null; } public void finalize() { try { super.finalize(); } catch(Throwable e) { e.printStackTrace(); } mvGrid = null; titles = null; this.destroy(); } public void addRow() { new Thread() { public void run() { synchronized(tmodel) { tmodel.addRow(new Object[columns.length]); } } }.start(); } public void deleteRow() { int[] i = mvTable.getSelectedRows(); if( i.length > 0) { for(int x=0; x<i.length; x++) { tmodel.removeRow(i[x]-x); } } mvTable.repaint(); } public void debugJSObject(Object obj) { System.out.println("OBJECT: "+obj+" TYPE: "+obj.getClass().getName()); } public void insertRow() { tmodel.insertRow(mvTable.getSelectedRow(), new Object[columns.length]); } public String getKeys() { int keyCol = 0; int rows = tmodel.getRowCount(); StringBuffer sbuff = new StringBuffer(); // Consider firing the stop edit event here. -SCP// colIterator: for(int x=0; x<columns.length; x++) { if(columns[x].isKey()) { keyCol = x; break colIterator; } } for(int x=0; x<rows; x++) { sbuff.append(tmodel.getValueAt(x, keyCol)+","); } return sbuff.toString(); } public void validate() { final int col = mvTable.getSelectedColumn(); final int row = mvTable.getSelectedRow(); final String value = mvTable.getValueAt(row,col) != null?(String)mvTable.getValueAt(row,col):null; if(value != null) { new Thread() { public void run() { synchronized(tmodel) { LLR295Facade facade = getLLR295Facade(); ValueObject params = new ValueObject(); try { params.setElement(1,0,0, "COMPANY.MASTER;1"); params.setElement(2,0,0, "value"); } catch(SystemException e) { e.printStackTrace(); } System.out.println("AADataRemoteHome recieved."); try { //System.setProperty("java.security.debug", "access,failure"); ArrayList result = facade.getAAData("123456987",params, getLoginConfig()); //AAData dat = (AAData)result.get(0); //tmodel.setValueAt(dat.getDescription()+"", row, col+1); } catch(ApplicationException e) { tmodel.setValueAt(e.getMessage(), row, col+1); } catch(RemoteException e) { e.printStackTrace(); } } } }.start(); } } private LLR295Facade getLLR295Facade() { String host = this.getCodeBase().getHost (); Properties p = new Properties(); //p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory"); p.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory"); p.put("java.naming.provider.url", host); //p.put(Context.PROVIDER_URL, host); p.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces"); //p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces"); // Need JNDI Setup Params for this Applet! -SCP// try { if(llrFacade == null) { InitialContext context = new InitialContext(p); Object ref = null; LLR295FacadeHome home = null; //DEBUG// System.out.println("Looking up context: LLR295FacadeBean"); ref = context.lookup("LLR295FacadeBean"); home = (LLR295FacadeHome)PortableRemoteObject.narrow(ref, LLR295FacadeHome.class); //DEBUG// System.out.println("Home interface recieved."); llrFacade = (LLR295Facade)home.create(); } return llrFacade; } catch(NamingException e) { System.out.println("LLR295Facade[NamingException]: Failed to load facade bean. msg="+e.getMessage()); e.printStackTrace(); return null; } catch(CreateException e) { System.out.println("LLR295Facade[CreateException]: Failed to load facade bean. msg="+e.getMessage()); e.printStackTrace(); return null; } catch(RemoteException e) { System.out.println("LLR295Facade[RemoteException]: Failed to load facade bean. msg="+e.getMessage()); e.printStackTrace(); return null; } } private LoginConfig getLoginConfig() { if(config == null) { config = new SimpleLoginConfig(); config.setAcctPath("uojSB.DEMO"); config.setHostIP("helios"); config.setSysUserId("unidata"); config.setSysPassword("query1"); config.setAppUserId("bqt1"); config.setAppPassword("XXXX"); } return config; } private LoginConfig config; private LLR295Facade llrFacade; private DefaultTableColumnModel tcol; private DefaultTableModel tmodel; private ColumnParticle[] columns; private volatile String currentCell; private ArrayList rows; private Object[][] mvGrid; private String[] titles; private boolean[] colWriteable; // Variables declaration - do not modify private javax.swing.JTable mvTable; private javax.swing.JScrollPane scrollPane; // End of variables declaration }
[exception]
Looking up context: LLR295FacadeBean
Home interface recieved.
java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:112)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:39)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
at $Proxy0.create(Unknown Source)
at com.paradigm.applet.MVGrid.getLLR295Facade(Unknown Source)
at com.paradigm.applet.MVGrid.access$300(Unknown Source)
at com.paradigm.applet.MVGrid$5.run(Unknown Source)
[/exception]