-
1. Re: AccessException invoking an EJB method
jaikiran Apr 30, 2010 10:58 AM (in response to apoth)R M wrote:
Thanks.
Is there a jboss.xml with a security-domain element? If yes, what value does it contain?
-
2. Re: AccessException invoking an EJB method
apoth Apr 30, 2010 11:28 AM (in response to jaikiran)Yes, it contains: java:/jaas/JEEOE_ClientLoginRealm
There's a login-config.xml with an application-policy with a matching name, with four login-modules defined in an authentication, which are in order; BaseCertLoginModule, LdapLoginModule, RoleMappingLogingModule, ClientLoginModule.
Thanks.
-
3. Re: AccessException invoking an EJB method
jaikiran Apr 30, 2010 11:32 AM (in response to apoth)So then you'll have to pass the valid username/password as expected by those login modules.
-
4. Re: AccessException invoking an EJB method
apoth Apr 30, 2010 11:51 AM (in response to jaikiran)Sure, I have a few questions around that...
- Do all the login modules require the same credentials - do I authenticate using one or all of them?
- How do I pass the username and password (is it passing java.naming.security.prinicpal and java.naming.security.credentials properties to the Context?)
- How do I find where the existing username and passwords be stored?
Thanks again.
-
5. Re: AccessException invoking an EJB method
apoth May 4, 2010 4:27 AM (in response to apoth)I forgot a question about a 'Caused by' in the stack trace:
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
...
Why would it be using the UsernamePasswordLoginModule and not one of the four specified in the login-config.xml for the security-domain?
-
6. Re: AccessException invoking an EJB method
jaikiran May 4, 2010 5:54 AM (in response to apoth)Which version of JBoss AS is this? Can you post the contents of your login-config.xml and jboss.xml? Also enable TRACE level logging of security package to see what's going on. See Q4 here in FAQ http://community.jboss.org/wiki/SecurityFAQ
P.S: Instead of specifying java:/jaas/JEEOE_ClientLoginRealm you might want to try just JEEOE_ClientLoginRealm in the jboss.xml. There was a change in this area in some version of JBoss AS.
-
7. Re: AccessException invoking an EJB method
apoth May 4, 2010 6:25 AM (in response to jaikiran)4.3.0
Deployment failed after taking out the java:/jaas/ from the security domain.
I can't really post the whole file contents, it's on a closed network so it's really only as much as I can remember at a time, I know that's a pain.
I'll look into the logging now, thanks.
-
8. Re: AccessException invoking an EJB method
apoth May 4, 2010 6:44 AM (in response to apoth)Ok, now I can see it pass through BaseCertLoginModule in the server.log, though it just says "exit: login()" and then LdapLoginModule says 'bad password for username=null'.
So at least I know it's getting into BaseCertLoginModule.