EJB authorization problem
gvnsbt Dec 24, 2010 1:02 PMHi,
I'm new to jboss.
I installed the version 5.1.0.GA on OS X 10.6.5.
I read the documentation and I did the following tests:
I have created one openldap instance tree for users (authentication) and roles, I modified the login-config.xml where I added the reference to ldap server and in web.xml of war application I defined the xml tag for authentication and authorization process.
The servlet authentication and authorization process works fine.
The servlet uses one EJB test where I added the authorization annotations (@SecurityDomain, @DenyAll, etc.).
When the servlet call a EJB method, with for example a method with the @DenyAll annotation, the method is executed and the annotation not work.
I tried to make the EAR file and JAR+WAR files but I have same problem.
Jboss ignores the authorization annotation in EJB.
At compile time that I can find in log server is:
2010-12-23 18:30:35,118 WARN [org.jboss.annotation.factory.AnnotationCreator] (main) No ClassLoader provided, using TCCL: org.jboss.managed.api.annotation.ManagementComponent
In <server>/conf/login-conf.xml I have:
.....
<policy>
.......
<application-policy name="ldapLogin">
<authentication>
<login-module flag="required" code="org.jboss.security.auth.spi.LdapLoginModule">
<module-option name="java.naming.factory.initial"> com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://192.168.82.100:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=Users,dc=gsbt,dc=it</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=gsbt,dc=it</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false </module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</authentication>
</application-policy>
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/ldapLogin</security-domain>
</jboss-web>
<security-constraint>
<web-resource-collection>
<web-resource-name>Some Resource</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Admin</role-name>
</auth-constraint>
<user-data-constraint>
<transport-guarantee> CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<security-role>
<role-name>Admin</role-name>
</security-role>
In EJB I have:
.....
@Stateless(mappedName="anagrafica")
@SecurityDomain("ldaplogin")
........
@DenyAll
public players AddRecord(String surname, String name)
{
.....
The EJB and Servlet are in separate project.
Is possible that the EJB Project needs the jaas reference xml file?
Kind Regards.
GvnSbt