2 Replies Latest reply on Nov 5, 2010 10:48 AM by jaikiran

Ejb 3.1 & JBoss AS 6 M5 User Authentifiaction and Autorisation

suikast42 Nov 5, 2010 7:10 AM

Hi @ all,

My Environment:

Aplication Sevrer : jboss-6.0.0.20100911-M5 (default configuration without any changes)

IDE: Eclipse 3.6

Jboss Tools V 3.2

Java Version: JDK 1.6 U 20

OS: Windows Vista 32 Bit

My Problem:

I Create a test Application. It Contains only one Stateless Bean with local an remote interfaces:

package beans.stateless;

import interfaces.stateless.FirstStatelessBeanLocal;
import interfaces.stateless.FirstStatelessBeanRemote;

import javax.annotation.*;
import javax.annotation.security.*;
import javax.ejb.*;

import org.apache.commons.logging.*;
import org.jboss.aop.*;
import org.jboss.beans.metadata.api.annotations.*;
import org.jboss.security.annotation.*;

/**
 * Session Bean implementation class FirstStatelessBean
 */
@Stateless
@SecurityDomain("JBossWS")
@RolesAllowed("{friend}")
public class FirstStatelessBean implements FirstStatelessBeanRemote, FirstStatelessBeanLocal {

    /**
     * Default constructor.
     */
    private int    pCounterLocal    = 0;
    private int    pCounterRemote    = 0;

    @Resource
    private SessionContext myCtx ; 
    
    public FirstStatelessBean() {
    }

    @PreDestroy
    public void destroy() {
        LogFactory.getLog( getClass() ).warn( "Destroy" );
        pCounterLocal=0;
        pCounterRemote=0;
    }
    
    @PostConstruct
    public void create(){
        LogFactory.getLog( getClass() ).warn( "Create" );
    }

    
    @Override
    public String sayHelloLocal( String pMesssage ) {
        String lMessage = "Hello Local to " + pMesssage + " " + ( ++pCounterLocal ) + " Times";
        LogFactory.getLog( getClass() ).info( lMessage );
        return lMessage;
    }

    @Override
    public String sayHelloRemote( String pMesssage ) {
        String lMessage = "Hello Remote to " + pMesssage + " " + ( ++pCounterRemote ) + " Times";
        LogFactory.getLog( getClass() ).info( lMessage );
//      LogFactory.getLog( getClass() ).info( myCtx.getCallerPrincipal() );
        return lMessage;
    }

    @Override
    @PrePassivate
    public void passviate() {
        LogFactory.getLog( getClass() ).warn( "Passivate" );        
    }


}

On The Client side I get the JNDI Refrence on the following way:

Properties p = new Properties();
                p.put( Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory" );
                p.put( Context.PROVIDER_URL, "jnp://" + pServerAddr + ":" + pServerPort );
InitialContext jndiContext = new InitialContext( p );

So my excpected behavior (when I call sayHelloRemote) is an Exception. But this request still works with worong user information.

So what I'm doing wrong ?

1. Re: Ejb 3.1 & JBoss AS 6 M5 User Authentifiaction and Autorisation

suikast42 Nov 5, 2010 10:02 AM (in response to suikast42)

So I try the example from http://community.jboss.org/wiki/Chapter15-SecurityandSchoolEJBAccess, I can access to all Methods without any authentification.
Actions
2. Re: Ejb 3.1 & JBoss AS 6 M5 User Authentifiaction and Autorisation

jaikiran Nov 5, 2010 10:48 AM (in response to suikast42)

Let's continue this discussion in your other thread here http://community.jboss.org/message/569827#569827
Actions

Go to original post