7 Replies Latest reply on Apr 23, 2010 8:18 AM by alrubinger

JAAS

silenius Oct 22, 2009 12:01 PM

Hello all,

I'm trying to make Embedded JBoss work without success.
Each time I try to call a protected EJB3 method I get the following error:

javax.ejb.EJBAccessException: Caller unauthorized
 at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:184)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:166)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:249)
 at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:214)
 at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:86)
 at $Proxy83.insertClient(Unknown Source)
 at my.package.business.ClientAdministrationServiceBeanTest.insertClient(ClientAdministrationServiceBeanTest.java:109)

My SessionBean looks like this:

@Stateless
@Local(ClientAdministrationService.class)
@LocalBinding(jndiBinding = "clientAdministrationService")
@SecurityDomain("MyRealm")
@RunAs("private")
public class ClientAdministrationServiceBean implements ClientAdministrationService {

 @EJB
 ClientDAO clientDAO;

 @PermitAll
 @TransactionAttribute(value = TransactionAttributeType.REQUIRED)
 public Client insertClient(Client client){
 client.setStatus(Status.ENABLE);

 return clientDAO.insert(client);
 }
 ...
}

My test class (using TestNG) looks like this:

public class ClientAdministrationServiceBeanTest {

 private static final Logger LOGGER = LoggerFactory.getLogger(ClientAdministrationServiceBeanTest.class);

 private static ClientAdministrationService service;

 private SecurityClient securityClient;

 @BeforeClass
 public void setUp() throws Exception {
 try {
 if (!Bootstrap.getInstance().isStarted()) {
 Bootstrap.getInstance().bootstrap();
 Bootstrap.getInstance().scanClasspath("classes");
// Bootstrap.getInstance().deploy(makeURLForDir("target/classes"));
// String resource = "META-INF/persistence.xml";
// Bootstrap.getInstance().deployResourceBase(resource);
 }
 } catch (DeploymentException e) {
 LOGGER.error(e.getMessage(), e);
// } catch (IOException e) {
// LOGGER.error(e.getMessage(), e);
 }
 securityClient = SecurityClientFactory.getSecurityClient();
 securityClient.setSimple("admin", "test");
 securityClient.login();
// SecurityAssociation.setPrincipal(new SimplePrincipal("admin"));
// SecurityAssociation.setCredential("test".toCharArray());
 InitialContext ctx = new InitialContext();
 service = (ClientAdministrationService) ctx.lookup("clientAdministrationService");
 }

 @AfterClass
 public void tearDown() throws Exception {
 securityClient.logout();
 if (System.getProperty("shutdown.embedded.jboss") != null) {
 Bootstrap.getInstance().shutdown();
 }
 }
 ...
}

If I remove the annotation @SecurityDomain("MyRealm") from my Session Bean the code works fine.

Is there a way to use a self defined JAAS domain policy inside my EJB3 with Embedded JBoss?

Thanks, kind regards,
Samuel Santos

1. Re: JAAS

silenius Mar 9, 2010 1:05 PM (in response to silenius)

Since I didn't find any proper way to make this work, here is a possible workaround for Maven.

Create a jboss.xml file and place it under src/main/resources:

{code:xml}
<!DOCTYPE jboss PUBLIC
    "-//JBoss//DTD JBOSS 5.0/EN"
    "http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
<jboss>
    <security-domain></security-domain>
</jboss>
{code}

Exclude jboss.xml from your normal build process:

{code:xml}
<plugin>
    <groupId>org.apache.maven.plugins</groupId>
    <artifactId>maven-ejb-plugin</artifactId>
    <configuration>
        <excludes>
            <exclude>META-INF/jboss.xml</exclude>
        </excludes>
    </configuration>
</plugin>
{code}

This will override @SecurityDomain so you can call any protected bean/method.

2. Re: JAAS

eiselejosef Apr 1, 2010 10:14 AM (in response to silenius)

Hi Samuel,

it is very sad there is no support for this JBoss embedded container any more. Quite easy from JBoss to say (from: http://community.jboss.org/wiki/embeddedjboss)
"Note: This implementation is retired. "

We did all our Tests for JBoss 5 in this embedded container and after we switched on security we can't test any more :-(

I tried everything what I know to login to the container and as far I know this was successful, see Log:

TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Authenticating as unauthenticatedIdentity=lwk
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] User 'test' authenticated, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] commit, loginOk=true
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Checking user: test, roles string: Role1
TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Adding to Roles: Role1

but later.

javax.ejb.EJBAccessException: Caller unauthorized
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:184)

I gave up finding a way to get this running using client code.

I would like to use your workaround with Maven, maybe you could help me with this because I used so far only the provided ZIP-Download.

My Test with Maven was not successful: I downloaded from http://anonsvn.jboss.org/repos/jbossas/branches/EMBEDDED_JBOSS_BETA3 and I started mvn for the pom.xml. But I receive a lot of errors:

org.apache.maven.reactor.MavenExecutionException: Cannot find parent: org.jboss:
jboss-parent for project: org.jboss.jbossas:jboss-as-aggregate:pom:5.0.0-SNAPSHO
T for project org.jboss.jbossas:jboss-as-aggregate:pom:5.0.0-SNAPSHOT

Would you mind helping me on that?

Thanx in advance

Josef
Actions

3. Re: JAAS

silenius Apr 14, 2010 12:41 PM (in response to eiselejosef)

Hi Joseff,

Off the top of my head, these are the steps you need to do to configure it with Maven:

Download jboss-embedded-beta3.SP12-bin.zip;
Extract it, and copy the folder embedded-jboss-beta3.SP12/bootstrap into YOUR_MAVEN_PROJECT/src/test/resources;

Add the dependencies jboss-embedded-beta3.SP12.jar, jboss-embedded-all-beta3.SP12.jar, hibernate-all-beta3.SP12.jar, and thirdparty-all-beta3.SP12.jar to your POM;

<dependencies>
    ...
    <dependency>
        <groupId>org.jboss.embedded</groupId>
        <artifactId>jboss-embedded-all</artifactId>
        <version>beta3.SP12</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.jboss.embedded</groupId>
        <artifactId>hibernate-all</artifactId>
        <version>beta3.SP12</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>org.jboss.embedded</groupId>
        <artifactId>thirdparty-all</artifactId>
        <version>beta3.SP12</version>
        <scope>test</scope>
    </dependency>
    ...
</dependencies>

Finally, bootstrap it as I'm doing in my first post above.

try {
    if (!Bootstrap.getInstance().isStarted()) {
        LOGGER.info("Jboss Embedded started!");
        Bootstrap.getInstance().bootstrap();
        Bootstrap.getInstance().scanClasspath("classes");
    }
} catch (DeploymentException e) {
    LOGGER.error(e.getMessage(), e);
} catch (Exception e) {
    LOGGER.error(e.getMessage(), e);
}

Cheers,

Samuel

4. Re: JAAS

eiselejosef Apr 8, 2010 9:20 AM (in response to silenius)

Hi Samuel,

I remember a 2h workshop for using maven, but I think that was not enough to understand your answer...

At the moment I used ANT-Build Files to build everything necessary from the sources I have checked out from SVN (http://anonsvn.jboss.org/repos/jbossas/branches/EMBEDDED_JBOSS_BETA3). As far I see in the build.xml
...
<property name="embedded.version" value="embedded-jboss-beta3.SP12"/>
...
it is your SP12 Version. I commented the exception in RoleBasedAuthorizationInterceptorv2.java and now everything works without JAAS :-)

But I would like to understand your way to solve the problem. I have the following questions:

2) Which folder do you mean? ..\EMBEDDED_JBOSS_BETA3\embedded\src\test\resources ?
3) Which POM ? ..\EMBEDDED_JBOSS_BETA3\pom.xml ?
4) What do you mean with bootstrap ?

Maybe you could give me your pom.xml and the mvn-command you used?!

Thank you very much in advance.
Kind regards

Josef
Actions
5. Re: JAAS

silenius Apr 14, 2010 12:40 PM (in response to eiselejosef)

Hi Josef,

I've edited my previous post.
Hopefully it will be a lot clearer now.
Actions
6. Re: JAAS

eiselejosef Apr 15, 2010 6:09 AM (in response to silenius)

Thank you very much for your answer I will try this next time I'm working in this project.

cu Josef
Actions
7. Re: JAAS

alrubinger Apr 23, 2010 8:18 AM (in response to eiselejosef)

Josef Eisele wrote:

it is very sad there is no support for this JBoss embedded container any more. Quite easy from JBoss to say (from: http://community.jboss.org/wiki/embeddedjboss)
"Note: This implementation is retired. "

Hi guys:

I can empathize with your frustration, but we had to go another path for Embedded usage of the AS. The older implementation essentially was a fork, so what we've now done is added lifecycle and deployment APIs to AS itself. Another thing we're now working hard on is the Embeddable EJB3 Container (as defined by the EJB 3.1 Specification Chapter 22). This one takes a different approach as we bootstrap a small (read: quick) runtime and enable more rapid deployment. When we couple these with the flexibility and power of ShrinkWrap and Arquillian, we'll be left with a solution which is fast, runnable from the IDE without any extra config, and reduces tons of boilerplate from your test code.

For now I think you might benefit from looking at the Embedded APIs that are about to ship with JBossAS 6.0.0.M3. In time for the release I'll be providing a more expansive Wiki and Examples section, but for now:

http://anonsvn.jboss.org/repos/jbossas/projects/embedded/examples/trunk/

S,
ALR
Actions

Go to original post