1 Reply Latest reply on Sep 28, 2011 8:38 AM by mmoyses

    Authorization Modules - Jboss AS 7

    ramonmolossi

      Trying to use Authorization Modules in Jboss AS 7 but nothing happens.

       

      Authorizing a EJB Method, the org.jboss.as.ejb3.security.AuthorizationInterceptor calls for securityManager.isCallerInRole of org.jboss.as.security.service.SimpleSecurityManager and finally this one calls for the default AuthorizationManager am.getSubjectRoles(...) method.

       

      After that, a disjoint is made with the subjectRoles and declared AnnotationRoles in method is done. And this is all the decision made.

       

      At no moment the authorize(...) method from AuthorizationManager has been called. And then neither authorize(..) method from AuthorizationModules has been called.

       

      I'm missing something? Some configuration or some annotation?

       

      I'm doing a test with AllDenyAuthorizationModule.

       

      This is my config in security subsystem :


                      <security-domain name="myDomain" cache-type="default">
                          <authentication>
                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                                  <module-option name="dsJndiName" value="java:jboss/datasources/myDS"/>
                                  <module-option name="principalsQuery" value="mySLQ1"/>
                                  <module-option name="rolesQuery" value="mySQL2"/>
                                  <module-option name="hashAlgorithm" value="MD5"/>
                                  <module-option name="hashEncoding" value="HEX"/>
                              </login-module>
                          </authentication>
                          <authorization>
                              <policy-module code="org.jboss.security.authorization.modules.AllDenyAuthorizationModule" flag="required"/>
                          </authorization>
                      </security-domain>
      
      

       

      And this is a example of my Ejb class:

       

      @Stateless
      @SecurityDomain("myDomain")
      public class TestBusiness {
              @RolesAllowed({"Role1"})
                public void testRole1Access(){
                          System.out.println("============ Role 1 Access =================");
                }
      }
      
      
      

       

      My Log is active at TRACE Level. No error.