3 Replies Latest reply on Dec 4, 2006 12:07 AM by cboatwright

EJB3 SessionBean endpoint and security

cboatwright Sep 22, 2006 12:28 AM

I recently [finally] had time to upgrade to Eclipse 3.2 and JBoss 4.0.4 and ejb3 and am prototyping out some Web Services using the "181" way. I did the "HelloWorld" example in the Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=JBWS181HelloWorld) and got things working very quickly.

I then saw many examples about how to create an endpoint out of a EJB3 session bean. Again, very easy. Very nice.

However, when I searched for how to setup security, I've run into problems. I added the @SecurityDomain and so forth, but cannot get it to secure and/or a client to authenticate.

My goal is simply: create a Web Service that a client can call with a username and password that the JBoss JAAS container can handle. It appears that this can be done, but I must be missing something simple. I appears you add the "@PortComponent" and "@SecurityDomain" and "@RolesAllowed" annotations and pass in the valid information.

When a client access the Web Service it get an authentication error even though I think I'm passing in the correct username/password. I'm using the defaults (kermit/thefrog in the role "friend").

The EJB3 Stateless Session Bean endpoint:

package com.buildlinks.ejb;

import java.rmi.RemoteException;
import java.security.Identity;
import java.security.Principal;

import javax.annotation.Resource;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJB;
import javax.ejb.SessionContext;
import javax.ejb.Stateless;
import javax.jws.WebMethod;
import javax.jws.WebService;
import javax.jws.soap.SOAPBinding;
import javax.naming.Context;
import javax.naming.InitialContext;
import javax.naming.NamingException;
import javax.persistence.Transient;

import org.jboss.annotation.security.SecurityDomain;
import org.jboss.ws.annotation.PortComponent;

@EJB(name="HelloWorldBean", description="", beanInterface=com.buildlinks.ejb.HelloWorld.class, beanName="HelloWorldBean")
@WebService(name="HelloWorld")
@SOAPBinding(style = SOAPBinding.Style.RPC)
@PortComponent(authMethod="BASIC", transportGuarantee="NONE", urlPattern="/*", contextRoot="/BuildLinksEjb3")
@SecurityDomain("JBossWS")
@RolesAllowed("friend")

/**
 * @author cboatwright
 */
public @Stateless class HelloWorldBean implements HelloWorld
{
 @Resource
 @Transient
 SessionContext ctx;

 public HelloWorldBean()
 {
 System.out.println("HelloWorldBean created");
 }

 @WebMethod
 public String echoString(String str1, String str2) throws RemoteException
 {
 System.out.println("str=" + str1 + ", str2=" + str2);

 if (ctx != null)
 {
 Principal caller = ctx.getCallerPrincipal();
 Identity identity = ctx.getCallerIdentity();
 System.out.println("isCallerInRole(friend)=" + ctx.isCallerInRole("friend"));
 System.out.println("caller=" + caller);
 System.out.println("identity=" + identity);
 }

 return "Thanks you for sending [" + str1 + "] and [" + str2 + "]";
 }
}

The calling client:

package com.buildlinks.client;

import java.net.URL;
import java.util.Properties;

import javax.xml.namespace.QName;
import javax.xml.rpc.Service;
import javax.xml.rpc.ServiceFactory;
import javax.xml.rpc.Stub;

import org.jboss.ws.jaxrpc.ServiceFactoryImpl;
import org.jboss.ws.jaxrpc.StubExt;

import com.buildlinks.ejb.HelloWorld;

public class WsClientTest
{
 public static void main(String[] args)
 {
 try
 {
 // http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html
 Properties systemSettings = System.getProperties();
 systemSettings.put("http.basic.username", "kermit");
 systemSettings.put("http.basic.password", "thefrog");
// systemSettings.put("http.proxyHost", "localhost");
// systemSettings.put("http.proxyPort", "8888");
// systemSettings.put("http.nonProxyHosts", "");
// systemSettings.put("http.proxyUserName",username);
// systemSettings.put("http.proxyPassword",password);
 System.setProperties(systemSettings);

 URL url = new URL("http://localhost/BuildLinksEjb3/HelloWorldBean?wsdl");
 QName qname = new QName("http://ejb.buildlinks.com/jaws", "HelloWorldBeanService");

 ServiceFactory factory = ServiceFactoryImpl.newInstance();
 Service service = factory.createService(url, qname);

 HelloWorld webServiceProxy = (HelloWorld)service.getPort(HelloWorld.class);
 ((Stub)webServiceProxy)._setProperty(StubExt.USERNAME_PROPERTY, "kermit");
 ((Stub)webServiceProxy)._setProperty(StubExt.PASSWORD_PROPERTY, "thefrog");

 System.out.println("Before");
 String rv = webServiceProxy.echoString("Colin", "Boatwright");
 System.out.println("After");

 System.out.println("rv=" + rv);

 }
 catch (Exception e)
 {
 e.printStackTrace(System.err);
 }
 }
}

1. Re: EJB3 SessionBean endpoint and security

boby Sep 25, 2006 10:13 AM (in response to cboatwright)

I have the same problem, whereas with Axis 1.4, that works.
Actions
2. Re: EJB3 SessionBean endpoint and security

cboatwright Oct 3, 2006 10:52 PM (in response to cboatwright)

I sortof answer my own question at http://www.jboss.com/index.html?module=bb&op=viewtopic&t=91699.

The trick is to not use the auto-generated WAR file but created your own with the proper security nodes in the web.xml file.
Actions
3. Re: EJB3 SessionBean endpoint and security

cboatwright Dec 4, 2006 12:07 AM (in response to cboatwright)
Thought I would answer my own question again now that jbossws 1.0.4.GA (http://labs.jboss.com/portal/jbossws) is out. They fixed the issue with the transportGuarantee parameter with the org.jboss.ws.annotation.PortComponent annotation. When I upgraded things started working.

@PortComponent(authMethod="BASIC", urlPattern="/lists.ws",transportGuarantee="CONFIDENTIAL") @RolesAllowed("BLDADM") @SecurityDomain("BuildLinksWs")

I no longer had to create my own web.xml (nor jboss-web.xml) files.
Actions

Go to original post