3 Replies Latest reply on Dec 18, 2009 7:15 AM by longbeach

    JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory

    longbeach

      Hi,

      I have developped a stateful session bean where access to methods are restricted :

       

      @SecurityDomain("myDomainBlabla")
      @RolesAllowed({"xxx", "yyy"})
      @Stateful
      public class BlablaBean  implements BlablaRemote {


                @RolesAllowed({"xxx"})
                  public void doSomething(User user) {
                  ...
                  }
                  ...
      }

       

      Authentication and authorization worls well from a JUnit test case.
      Inside my JUnit class, I perform a connection :

       

                SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           
                  securityClient.login();


      No problem. The user with role xxx gets access to the method doSomething(User user)
      according to the files myApp-users.properties and myApp-roles.properties

       

      I am now trying to authenticate the user in a Struts 2 action (LoginAction) and propagate the role, using the same code :


                  SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           
                  securityClient.login();  
               

                 
      It does not work, i get an error when i try to access the method doSomething(User user) :

       

      11:22:44,456 ERROR [STDERR] javax.ejb.EJBAccessException: Invalid User

       

      What is wrong ? I am guessing i need to propagate the role to the entire app, how do i do that ?

       

      Thanks for helping

        • 1. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
          wolfgangknauf

          Hi,

           

          in a webapp, you will need this: http://community.jboss.org/wiki/WebAuthentication

           

          Best regards

           

          Wolfgang

          • 2. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
            longbeach

            Thanks very much for helping.

             

            So i replaced :

            SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
            securityClient.setSimple(getLogin(), getPassword());       
            securityClient.login();

             

            with

             

            WebAuthentication pwl = new WebAuthentication();
            pwl.login(getLogin(), getPassword());

             

            I now have a different error message  :

             

            12:59:59,599 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
            java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
                at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
                at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
                at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
                at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
                at java.lang.reflect.Method.invoke(Unknown Source)
                at javax.security.auth.login.LoginContext.invoke(Unknown Source)
                at javax.security.auth.login.LoginContext.access$000(Unknown Source)
                at javax.security.auth.login.LoginContext$4.run(Unknown Source)
                at java.security.AccessController.doPrivileged(Native Method)
                at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
                at javax.security.auth.login.LoginContext.login(Unknown Source)
                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
                at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
                at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
                at org.jboss.web.tomcat.security.login.WebAuthentication.login(WebAuthentication.java:93)
                at com.eni.dvtejb.clientStruts2.action.LoginAction.execute(LoginAction.java:76)

             

             

            I have these 2 properties files (users + roles) located here :

            jboss-5.1.0.GA.jdk6\server\default\conf\props

             

            They worked for my EJB client test.

            Do i need to include them in my Struts 2 webapp also ?

            • 3. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
              longbeach

              I think I got it :

              I added a file jboss-web.xml in my webapp, it seems to work fine now

               

              Thanks