9 Replies Latest reply on Nov 15, 2012 8:34 PM by bondchan921

    JBossAS 5 and @WebService with BASIC authentication

    fheldt

      I wanted to give JBossAS 5.1.0.CR1 a try and deployed a simple webservice, which does fine on 4.2.3.GA. I only had to change the package name for the SecurityDomain Annotation. The session bean is deployed in a simple jar (no META-INF/jboss.xml). The application-policy "dhcRealm" is defined in dhc-jboss-beans.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <deployment xmlns="urn:jboss:bean-deployer:2.0">
       <application-policy xmlns="urn:jboss:security-beans:1.0" name="dhcRealm">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/DHCDS</module-option>
       <module-option name="principalsQuery">...</module-option>
       <module-option name="rolesQuery">...</module-option>
       </login-module>
       </authentication>
       <authorization>
       <policy-module code="org.jboss.security.authorization.modules.JACCAuthorizationModule" flag="required"/>
       </authorization>
       </application-policy>
      </deployment>
      
      



      @Stateless
      @WebService
      @SOAPBinding(style=SOAPBinding.Style.RPC, use=SOAPBinding.Use.LITERAL)
      @RolesAllowed({"Admin", "Operator", "User"})
      @SecurityDomain("dhcRealm")
      @WebContext(contextRoot="HCUCService", authMethod="BASIC", transportGuarantee="NONE", secureWSDLAccess=false)
      public class WebServiceEJB implements WebServiceIf {
      ...
      }
      


      I can see the generated WSDL under http://127.0.0.1:8080/HCUCService/WebServiceEJB?wsdl and everything looks fine so far.

      But as soon as i call any method from the service (with the correct user/password) it fails . As i can see in the logs, it uses the default "other" realm and not the specified "dhcRealm"! Did i miss something?

      Any hints about this problem?

        • 1. Re: JBossAS 5 and @WebService with BASIC authentication
          jaikiran

          Can you please post the logs, including the TRACE level logs for the security package in AS? See Q4 here http://www.jboss.org/community/wiki/SecurityFAQ on how to enable TRACE level logging of security package.

          • 2. Re: JBossAS 5 and @WebService with BASIC authentication
            jaikiran

             

            I only had to change the package name for the SecurityDomain Annotation

            Which package do you use now?


            • 3. Re: JBossAS 5 and @WebService with BASIC authentication
              fheldt

              Here is the log (it's from 5.0.1.GA), same problem here...

              2009-05-06 11:39:16,746 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
              2009-05-06 11:39:16,747 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
              2009-05-06 11:39:16,751 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /HCUCService/WebServiceEJB
              2009-05-06 11:39:16,753 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against POST /WebServiceEJB --> true
              2009-05-06 11:39:16,754 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
              2009-05-06 11:39:16,755 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
              2009-05-06 11:39:16,769 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] Creating SDC for domain=jboss-web-policy
              2009-05-06 11:39:16,786 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
              2009-05-06 11:39:16,802 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@5b1f02
              2009-05-06 11:39:16,802 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] CachePolicy set to: org.jboss.util.TimedCachePolicy@50c5b8
              2009-05-06 11:39:16,802 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] setCachePolicy, c=org.jboss.util.TimedCachePolicy@50c5b8
              2009-05-06 11:39:16,802 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
              2009-05-06 11:39:16,817 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
              2009-05-06 11:39:16,817 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test
              2009-05-06 11:39:16,817 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              2009-05-06 11:39:16,817 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              2009-05-06 11:39:16,833 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
              2009-05-06 11:39:16,833 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
              2009-05-06 11:39:16,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /HCUCService/WebServiceEJB
              2009-05-06 11:39:16,848 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against POST /WebServiceEJB --> true
              2009-05-06 11:39:16,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
              2009-05-06 11:39:16,848 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
              2009-05-06 11:39:16,848 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
              2009-05-06 11:39:16,848 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
              2009-05-06 11:39:16,848 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] Begin authenticate, username=DHC.Heldt
              2009-05-06 11:39:16,848 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] Begin isValid, principal:DHC.Heldt, cache info: null
              2009-05-06 11:39:16,848 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] defaultLogin, principal=DHC.Heldt
              2009-05-06 11:39:16,848 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jboss-web-policy), size=11
              2009-05-06 11:39:16,848 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jboss-web-policy), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
              ControlFlag: Anmeldemodul-Steuerflag: required
              Options:
              
              2009-05-06 11:39:16,864 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize
              2009-05-06 11:39:16,864 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Security domain: other
              2009-05-06 11:39:16,864 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
              2009-05-06 11:39:16,880 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
              java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
               at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
               at java.security.AccessController.doPrivileged(Native Method)
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
               at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
               at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
               at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
               at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
               at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
               at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
               at java.lang.Thread.run(Thread.java:619)
              2009-05-06 11:39:16,911 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] abort
              2009-05-06 11:39:16,911 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] Login failure
              javax.security.auth.login.LoginException: Missing users.properties file.
               at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:148)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
               at java.security.AccessController.doPrivileged(Native Method)
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
               at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
               at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
               at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
               at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
               at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
               at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
               at java.lang.Thread.run(Thread.java:619)
              2009-05-06 11:39:16,942 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] End isValid, false
              2009-05-06 11:39:16,942 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: DHC.Heldt is NOT authenticated
              2009-05-06 11:39:16,942 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] End authenticate, principal=null
              2009-05-06 11:39:16,942 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test
              2009-05-06 11:39:16,942 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              2009-05-06 11:39:16,942 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              2009-05-06 11:39:24,632 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
              2009-05-06 11:39:24,632 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
              2009-05-06 11:39:24,648 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /HCUCService/WebServiceEJB
              2009-05-06 11:39:24,648 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against POST /WebServiceEJB --> true
              2009-05-06 11:39:24,648 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
              2009-05-06 11:39:24,648 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
              2009-05-06 11:39:24,648 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
              2009-05-06 11:39:24,648 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
              2009-05-06 11:39:24,648 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] Begin authenticate, username=DHC.Heldt
              2009-05-06 11:39:24,648 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] Begin isValid, principal:DHC.Heldt, cache info: null
              2009-05-06 11:39:24,648 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] defaultLogin, principal=DHC.Heldt
              2009-05-06 11:39:24,648 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jboss-web-policy), size=11
              2009-05-06 11:39:24,648 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jboss-web-policy), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
              ControlFlag: Anmeldemodul-Steuerflag: required
              Options:
              
              2009-05-06 11:39:24,663 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize
              2009-05-06 11:39:24,663 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Security domain: other
              2009-05-06 11:39:24,663 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
              2009-05-06 11:39:24,663 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
              java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
               at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
               at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
               at java.security.AccessController.doPrivileged(Native Method)
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
               at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
               at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
               at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
               at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
               at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
               at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
               at java.lang.Thread.run(Thread.java:619)
              2009-05-06 11:39:24,694 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] abort
              2009-05-06 11:39:24,694 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] Login failure
              javax.security.auth.login.LoginException: Missing users.properties file.
               at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:148)
               at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
               at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
               at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
               at java.lang.reflect.Method.invoke(Method.java:597)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
               at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
               at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
               at java.security.AccessController.doPrivileged(Native Method)
               at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
               at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
               at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
               at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
               at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
               at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
               at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
               at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
               at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
               at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
               at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
               at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
               at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
               at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
               at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
               at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
               at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
               at java.lang.Thread.run(Thread.java:619)
              2009-05-06 11:39:24,726 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] End isValid, false
              2009-05-06 11:39:24,726 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] User: DHC.Heldt is NOT authenticated
              2009-05-06 11:39:24,726 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] End authenticate, principal=null
              2009-05-06 11:39:24,726 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test
              2009-05-06 11:39:24,726 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              2009-05-06 11:39:24,726 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
              


              I tried to log in with 'DHC.Heldt'. Why is it using "jboss-web-policy"?


              • 4. Re: JBossAS 5 and @WebService with BASIC authentication
                fheldt

                The package is:

                import org.jboss.security.annotation.SecurityDomain;

                • 5. Re: JBossAS 5 and @WebService with BASIC authentication
                  jaikiran

                   

                  "fheldt" wrote:
                  The package is:

                  import org.jboss.security.annotation.SecurityDomain;


                  For JBossAS-5.x, you need to use @org.jboss.ejb3.annotation.SecurityDomain http://www.jboss.org/file-access/default/members/jbossejb3/freezone/docs/tutorial/1.0.6/html/Security_and_Transactions_in_EJB3.html

                  • 6. Re: JBossAS 5 and @WebService with BASIC authentication
                    fheldt

                    OK, i changed the annotation to @org.jboss.ejb3.annotation.SecurityDomain and gave it another try (under JbossAS 5.0.1.GS), but it didn't work either... :-(

                    Any hints?

                    2009-05-08 09:59:24,164 DEBUG [org.apache.catalina.connector.MapperListener] Handle jboss.web:type=RequestProcessor,worker=http-localhost%2F127.0.0.1-8080,name=HttpRequest1 type : JMX.mbean.registered
                    2009-05-08 09:59:24,164 DEBUG [org.apache.catalina.connector.MapperListener] Handle jboss.web:type=RequestProcessor,worker=http-localhost%2F127.0.0.1-8080,name=HttpRequest1 type : JMX.mbean.registered
                    2009-05-08 09:59:24,181 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
                    2009-05-08 09:59:24,181 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
                    2009-05-08 09:59:24,196 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /HCUCService/WebServiceEJB
                    2009-05-08 09:59:24,196 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against GET /WebServiceEJB --> false
                    2009-05-08 09:59:24,196 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
                    2009-05-08 09:59:24,196 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=null
                    2009-05-08 09:59:24,196 DEBUG [org.apache.catalina.core.StandardWrapper] Allocating non-STM instance
                    2009-05-08 09:59:24,196 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,196 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,212 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,212 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,274 DEBUG [org.apache.catalina.connector.MapperListener] Handle jboss.web:type=RequestProcessor,worker=http-localhost%2F127.0.0.1-8080,name=HttpRequest2 type : JMX.mbean.registered
                    2009-05-08 09:59:24,274 DEBUG [org.apache.catalina.connector.MapperListener] Handle jboss.web:type=RequestProcessor,worker=http-localhost%2F127.0.0.1-8080,name=HttpRequest2 type : JMX.mbean.registered
                    2009-05-08 09:59:24,274 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
                    2009-05-08 09:59:24,274 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
                    2009-05-08 09:59:24,274 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /HCUCService/WebServiceEJB
                    2009-05-08 09:59:24,274 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against GET /WebServiceEJB --> false
                    2009-05-08 09:59:24,274 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
                    2009-05-08 09:59:24,274 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, caller=null
                    2009-05-08 09:59:24,274 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,274 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,321 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,321 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,321 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, caller=null
                    2009-05-08 09:59:24,321 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    2009-05-08 09:59:24,321 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    2009-05-08 09:59:24,602 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,602 TRACE [org.jboss.web.tomcat.security.RunAsListener] WebServiceEJB, runAs: null
                    2009-05-08 09:59:24,602 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, caller=null
                    2009-05-08 09:59:24,602 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    2009-05-08 09:59:24,602 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1241769572170 sessioncount 0
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1241769572170 sessioncount 0
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1241769572170 sessioncount 0
                    2009-05-08 09:59:32,170 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                    2009-05-08 09:59:32,171 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1241769572171 sessioncount 0
                    2009-05-08 09:59:32,171 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                    2009-05-08 09:59:34,989 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:{}
                    2009-05-08 09:59:34,990 TRACE [org.jboss.web.tomcat.security.JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
                    2009-05-08 09:59:34,990 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /HCUCService/WebServiceEJB
                    2009-05-08 09:59:34,990 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[WebServiceEJB]' against POST /WebServiceEJB --> true
                    2009-05-08 09:59:34,990 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
                    2009-05-08 09:59:34,990 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
                    2009-05-08 09:59:35,037 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.JACCAuthorizationModule:{}REQUIRED}is:[REQUIRED]
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.authorization.modules.web.WebJACCPolicyModuleDelegate] resourceCheck=false : userDataCheck=true : roleRefCheck=false
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.authorization.modules.web.WebJACCPolicyModuleDelegate] hasUserDataPermission, p=(javax.security.jacc.WebUserDataPermission / POST)
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.authorization.modules.web.WebJACCPolicyModuleDelegate] Denied: (javax.security.jacc.WebUserDataPermission / POST)
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] REQUIRED failed for Name=org.jboss.security.authorization.modules.JACCAuthorizationModule:subject=Betreff:
                    :role=Roles()
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] Error in authorize:
                    org.jboss.security.authorization.AuthorizationException: Authorization Failed:
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:263)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:67)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:152)
                     at java.security.AccessController.doPrivileged(Native Method)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:148)
                     at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:474)
                     at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:124)
                     at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasUserDataPermission(WebAuthorizationHelper.java:201)
                     at org.jboss.web.tomcat.security.JBossWebRealm.hasUserDataPermission(JBossWebRealm.java:643)
                     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
                     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                     at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                     at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
                     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                     at java.lang.Thread.run(Unknown Source)
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.plugins.javaee.WebAuthorizationHelper] hasRole check failed:Authorization Failed:
                    org.jboss.security.authorization.AuthorizationException: Authorization Failed:
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:263)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:67)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:152)
                     at java.security.AccessController.doPrivileged(Native Method)
                     at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:148)
                     at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:474)
                     at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:124)
                     at org.jboss.security.plugins.javaee.WebAuthorizationHelper.hasUserDataPermission(WebAuthorizationHelper.java:201)
                     at org.jboss.web.tomcat.security.JBossWebRealm.hasUserDataPermission(JBossWebRealm.java:643)
                     at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:461)
                     at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
                     at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
                     at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
                     at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                     at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                     at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
                     at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                     at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
                     at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
                     at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:601)
                     at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                     at java.lang.Thread.run(Unknown Source)
                    2009-05-08 09:59:35,081 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed hasUserDataPermission() test
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    2009-05-08 09:59:35,081 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
                    



                    • 7. Re: JBossAS 5 and @WebService with BASIC authentication
                      jaikiran

                       

                      2009-05-06 11:39:24,648 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] Begin authenticate, user
                      name=DHC.Heldt
                      2009-05-06 11:39:24,648 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-pol
                      icy] Begin isValid, principal:DHC.Heldt, cache info: null
                      2009-05-06 11:39:24,648 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-pol
                      icy] defaultLogin, principal=DHC.Heldt
                      2009-05-06 11:39:24,648 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigu
                      rationEntry(jboss-web-policy), size=11


                      From what i see, the flow is not yet reaching the EJB layer. Its failing at the web level. Do you have any security constraints in the web.xml file and do you have a jboss-web.xml file? What are its contents?

                      • 8. Re: JBossAS 5 and @WebService with BASIC authentication
                        fheldt

                        First, the deployed jar has neither web.xml or jboss-web.xml.

                        Second, the log you quote is from the @org.jboss.security.annotation.SecurityDomain version, the version with @org.jboss.ejb3.annotation.SecurityDomain hasn't even a single trace of the login name.

                        Looking at the log i find this entry before the error suspicious:

                        2009-05-08 09:59:35,081 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] REQUIRED failed for Name=org.jboss.security.authorization.modules.JACCAuthorizationModule:subject=Betreff::role=Roles()
                        


                        • 9. Re: JBossAS 5 and @WebService with BASIC authentication
                          bondchan921

                          Have you solve this issue ? I have the same issue now