-
1. Re: Can't get method permissions to work on a session bean
jimih Dec 5, 2005 12:51 PM (in response to jimih)I forgot to mention one thing...
First I tried using org.jboss.aspects.security.SecurityDomain, but then when I deployed the application, the JBoss console window printed "ProfileManagerBean has no @SecurityDomain - skipping JACC configuration". Then I tried org.jboss.annotation.security.SecurityDomain instead, and that resulted in:
[JaccHelper] ProfileManagerBean has @SecurityDomain - peforming JACC configuration
[JaccHelper] Creating permission: (javax.security.jacc.EJBMethodPermission ProfileManagerBean getTheSecret,,)[*:getTheSecret()]
[JaccHelper] JACC Policy Configuration for deployment has been put in service
But when I tried the application, the method still gets called, as if no restriction was there.
I use JBoss 4.0.3SP1.
/Jimi -
2. Re: Can't get method permissions to work on a session bean
starksm64 Dec 5, 2005 1:56 PM (in response to jimih)And you have gone through the ejb3 docs?
http://www.jboss.com/products/ejb3 -
3. Re: Can't get method permissions to work on a session bean
psmith Dec 6, 2005 6:03 AM (in response to jimih)I seem to be having the same problem as well. I've configured the web application with the correct Security Domain and added the annotation to the SLSB but I still see the following in the deployment log:
20:36:41,562 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=au.com.pulse.online.ejb3.creditcard.CreditCardFacadeBean, class=au.com.pulse.online.ejb3.creditcard.CreditCardFacadeBean, type=STATELESS
20:36:41,687 INFO [JaccHelper] au.com.pulse.online.ejb3.creditcard.CreditCardFacadeBean has no @SecurityDomain - skipping JACC configuration
20:36:41,718 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=au.com.pulse.online.ejb3.entity.EntityFacadeBean, class=au.com.pulse.online.ejb3.entity.EntityFacadeBean, type=STATELESS
20:36:41,796 INFO [JaccHelper] au.com.pulse.online.ejb3.entity.EntityFacadeBean has no @SecurityDomain - skipping JACC configuration
20:36:41,812 INFO [JaccHelper] JACC Policy Configuration for deployment has been put in service
20:36:41,812 INFO [Ejb3Deployment] EJB3 deployment time took: 297
Yet the code has:
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jboss.aspects.security.SecurityDomain;
import au.com.pulse.online.ejb3.AbstractFacadeBean;
import au.com.pulse.online.ejb3.ValidationException;
import au.com.pulse.online.ejb3.bi.creditcard.ICreditCardFacade;
import au.com.pulse.online.persistence.ejb.crm.CreditCardDetail;
@Stateless
@SecurityDomain ("pulse-domain")
public class CreditCardFacadeBean extends AbstractFacadeBean implements ICreditCardFacade {
My main issue is that I get an IllegalStateException when I call getCallerPrincipal().
Anybody got any ideas? -
4. how to configure my EJB to work over SSL connections?
joselitol Dec 23, 2005 11:51 AM (in response to jimih)hi people,
I´ve been looking the JBoss 4.0 documentation and I couldn´t make my EJB work with SSL. I configured the jboss.xml and jboss-service.xml files and I put the annotation @SecurityDomain at the Bean just like the documentation describbed.
My EJB:package serpro.safe.server.operations; import java.util.Date; import javax.ejb.Remote; import javax.ejb.Stateless; import javax.ejb.TransactionAttribute; import javax.ejb.TransactionAttributeType; import org.jboss.aspects.security.SecurityDomain; import serpro.safe.negocio.calendario.feriado.Feriado; import serpro.safe.negocio.calendario.feriado.IControladorFeriado; import serpro.safe.server.operations.SafeOperations; import serpro.safe.util.exception.NegocioException; import serpro.safe.util.proxy.ControladorFactory; @Remote(SafeOperations.class) @Stateless public @SecurityDomain("RMI+SSL") class SafeOperationsBean implements SafeOperations { @TransactionAttribute(TransactionAttributeType.REQUIRED) public void inserirFeriado(Feriado feriado) throws NegocioException{ try { IControladorFeriado controlador = (IControladorFeriado)ControladorFactory.criar(IControladorFeriado.class); controlador.inserirFeriado(feriado); } catch (Exception e) { throw new NegocioException(e); } } }
jboss-service.xml:<server> <mbean code="org.jboss.security.plugins.JaasSecurityDomain" name="jboss.security:service=JaasSecurityDomain,domain=RMI+SSL"> <constructor> <arg type="java.lang.String" value="RMI+SSL" /> </constructor> <attribute name="KeyStoreURL">certs.keystore</attribute> <attribute name="KeyStorePass">taylor</attribute> </mbean> <mbean code="org.jboss.invocation.jrmp.server.JRMPInvoker" name="jboss:service=invoker,type=jrmp,socketType=SSL"> <attribute name="RMIObjectPort">14445</attribute> <attribute name="RMIClientSocketFactory"> org.jboss.security.ssl.RMISSLClientSocketFactory </attribute> <attribute name="RMIServerSocketFactory"> org.jboss.security.ssl.RMISSLServerSocketFactory </attribute> <attribute name="SecurityDomain">java:/jaas/RMI+SSL</attribute> <depends> jboss.security:service=JaasSecurityDomain,domain=RMI+SSL </depends> </mbean> </server>
jboss.xml:<jboss> <enterprise-beans> <session> <ejb-name>SafeOperations</ejb-name> <configuration-name>Standard Stateless SessionBean</configuration-name> <invoker-bindings> <invoker> <invoker-proxy-binding-name>stateless-ssl-invoker</invoker-proxy-binding-name> </invoker> </invoker-bindings> </session> </enterprise-beans> <invoker-proxy-bindings> <invoker-proxy-binding> <name>stateless-ssl-invoker</name> <invoker-mbean>jboss:service=invoker,type=jrmp,socketType=SSL</invoker-mbean> <proxy-factory>org.jboss.proxy.ejb.ProxyFactory</proxy-factory> <proxy-factory-config> <client-interceptors> <home> <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </home> <bean> <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor> <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor> <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor> <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor> </bean> </client-interceptors> </proxy-factory-config> </invoker-proxy-binding> </invoker-proxy-bindings> </jboss>
I´ve got the following messages on JBoss console:
13:32:07,279 INFO [JaccHelper] Initialising JACC Context for deployment: safe-beans.ejb3
13:32:07,310 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=OperacaoBean, class=OperacaoBean, type=STATELESS
13:32:07,560 INFO [JaccHelper] OperacaoBean has no @SecurityDomain - skipping JACC configuration
13:32:07,591 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=serpro.safe.server.operations.SafeOperationsBean, class=serpro.safe.server.operations.SafeOperationsBean, type=STATELESS
13:32:07,638 INFO [JaccHelper] serpro.safe.server.operations.SafeOperationsBean has no @SecurityDomain - skipping JACC configuration
13:32:07,654 INFO [JaccHelper] JACC Policy Configuration for deployment has been put in service
13:32:07,654 INFO [Ejb3Deployment] EJB3 deployment time took: 375
13:32:07,794 INFO [ProxyDeployer] no declared remote bindings for : OperacaoBean
13:32:07,794 INFO [ProxyDeployer] there is remote interfaces for OperacaoBean
13:32:07,794 INFO [ProxyDeployer] default remote binding has jndiName of Operacao
13:32:07,919 INFO [ProxyDeployer] no declared remote bindings for : serpro.safe.server.operations.SafeOperationsBean
13:32:07,919 INFO [ProxyDeployer] there is remote interfaces for serpro.safe.server.operations.SafeOperationsBean
13:32:07,919 INFO [ProxyDeployer] default remote binding has jndiName of serpro.safe.server.operations.SafeOperations
13:32:07,966 INFO [EJB3Deployer] Deployed: file:/C:/jboss-4.0.3SP1/server/default/deploy/safe-beans.ejb3
13:33:38,513 INFO [JaccHelper] Initialising JACC Context for deployment: safe-beans.ejb3
13:33:38,560 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=OperacaoBean, class=OperacaoBean, type=STATELESS
13:33:38,607 INFO [JaccHelper] OperacaoBean has no @SecurityDomain - skipping JACC configuration
13:33:38,685 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=serpro.safe.server.operations.SafeOperationsBean, class=serpro.safe.server.operations.SafeOperationsBean, type=STATELESS
13:33:38,732 INFO [JaccHelper] serpro.safe.server.operations.SafeOperationsBean has no @SecurityDomain - skipping JACC configuration
13:33:38,732 INFO [JaccHelper] JACC Policy Configuration for deployment has been put in service
13:33:38,732 INFO [Ejb3Deployment] EJB3 deployment time took: 219
13:33:38,779 INFO [ProxyDeployer] no declared remote bindings for : OperacaoBean
13:33:38,779 INFO [ProxyDeployer] there is remote interfaces for OperacaoBean
13:33:38,779 INFO [ProxyDeployer] default remote binding has jndiName of Operacao
13:33:38,872 INFO [ProxyDeployer] no declared remote bindings for : serpro.safe.server.operations.SafeOperationsBean
13:33:38,872 INFO [ProxyDeployer] there is remote interfaces for serpro.safe.server.operations.SafeOperationsBean
13:33:38,872 INFO [ProxyDeployer] default remote binding has jndiName of serpro.safe.server.operations.SafeOperations
13:33:38,919 INFO [EJB3Deployer] Deployed: file:/C:/jboss-4.0.3SP1/server/default/deploy/safe-beans.ejb3 -
5. Re: Can't get method permissions to work on a session bean
joselitol Dec 27, 2005 10:17 AM (in response to jimih)"jimih" wrote:
I forgot to mention one thing...
First I tried using org.jboss.aspects.security.SecurityDomain, but then when I deployed the application, the JBoss console window printed "ProfileManagerBean has no @SecurityDomain - skipping JACC configuration". Then I tried org.jboss.annotation.security.SecurityDomain instead, and that resulted in:
[JaccHelper] ProfileManagerBean has @SecurityDomain - peforming JACC configuration
[JaccHelper] Creating permission: (javax.security.jacc.EJBMethodPermission ProfileManagerBean getTheSecret,,)[*:getTheSecret()]
[JaccHelper] JACC Policy Configuration for deployment has been put in service
But when I tried the application, the method still gets called, as if no restriction was there.
I use JBoss 4.0.3SP1.
/Jimi
Hi have you found the solution about it? I´m having the same problem... -
6. Re: Can't get method permissions to work on a session bean
bill.burke Dec 27, 2005 3:16 PM (in response to jimih)we have not documented yet on how to use SSL with EJB3. THere is a unit test case for it within CVS if you need it now.
You are looking at the EJB 2.1 container way to configure SSL. This will not work AT ALL and don't even attempt it.