5 Replies Latest reply on Feb 24, 2012 11:23 PM by ganeshment

    login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)

    ganeshment

      Hi,

        Iam facing problem with EJBContext login principal changing to anonymous and due to this applicaiton login is failing. I have attached sample application showing the problem Iam facing.

       

      1) It contains SessionBean and function to return EJBContext principal (TestEJB)

      2) Remote EJB client sets'up login context with username "admin" and password as "admin", resolves SessionBean  , and gets the EJBContext principal and it's getting principal as anonymous (TestRemoteEJB)

      3)  I have tried the same with servlet and same problem is there (TestWeb)

       

      Can you please suggest what Iam doing wrong and a way to fix the problem.

       

      Regards,

      Ganesh

        • 1. Re: login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)
          jaikiran

          Ganesh Saithala wrote:

           

          2) Remote EJB client sets'up login context with username "admin" and password as "admin", resolves SessionBean  , and gets the EJBContext principal and it's getting principal as anonymous (TestRemoteEJB)

          Security propagation from remote EJB clients is not yet implemented. So this won't work. We are planning to have that in 7.1.0.CR1.

           

           

          Ganesh Saithala wrote:

           

          3)  I have tried the same with servlet and same problem is there (TestWeb)

           

          I haven't yet downloaded and checked the code you attached. I or someone else might. But it would easier if you just posted (use the code formatting options in the advanced editor of the reply window) the relevant piece of code from the servlet and the EJB and also the exception stacktrace (if any).

          • 2. Re: login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)
            sfcoy

            Does your servlet work if you inject the session bean reference with @EJB instead of using an explicit JNDI lookup?

            • 3. Re: login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)
              ganeshment

              Sorry for the late response. Now Iam using JBOSS7.1 CR1 release and Iam still facing problem with sending credentials from remote EJB client to server

               

              My example program is as below

               

              Srever Side :

              1) It contains SessionBean and function to return EJBContext principal (TestEJB)

              package demo;

              import java.security.Principal;

              import javax.annotation.Resource;
              import javax.ejb.SessionContext;
              import javax.ejb.Stateless;

              import org.jboss.security.annotation.SecurityDomain;

              @Stateless
              @SecurityDomain(value = "iS3Login")
              public class SessionBean implements SessionBeanInterface {

              @Resoure   
                 

                   private EJBContext context;

              @Override
              public Principal getPrincipal() {
                return context.getCallerPrincipal();
              }

              }

               

              Client Side : I confirm my when I run client it's picking up jboss-ejb-client.properties file)

              2)jboss-ejb-client.properties contents

               

               

              3) Remote EJB Client program :

              demo;

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

               

              java.net.URL;

               

              java.security.Security;

               

              java.util.Hashtable;

               

               

              javax.naming.Context;

              import

               

              javax.naming.InitialContext;

              import

               

              javax.naming.NamingException;

              import

               

              javax.security.auth.login.LoginContext;

              import

               

              javax.security.auth.login.LoginException;

               

              import

               

              org.jboss.sasl.JBossSaslProvider;

               

              public

               

              class

              RemoteEJBClient {

               

              static

              {

               

              new

              JBossSaslProvider());

               

               

              }

               

               

               

              private static final String USER_LOGIN_NAME = "admin"

              ;

               

               

               

              private static final String USER_PASSWORD = "admin"

              ;

               

              private static LoginContext loginContext

              ;

               

              public static final String AUTH_LOGIN_CONFIG = "java.security.auth.login.config"

              ;

               

              public static final String AUTH_CONF = "/auth.conf"

              ;

               

              public static void main(String[] args) throws

              Exception {

               

              private static void invokeStatelessBean() throws

              NamingException, LoginException {

               

              final

              SessionBeanInterface statelessSessionBeanInterface = lookupRemoteStatelessCalculator();

               

              out.println("Obtained a remote stateless SessionBeanInterface for invocation"

              );

               

              out.println("EJB principal "

              + statelessSessionBeanInterface.getPrincipal());

               

              private static SessionBeanInterface lookupRemoteStatelessCalculator() throws

              NamingException, LoginException {

               

              if (System.getProperties().getProperty(RemoteEJBClient.AUTH_LOGIN_CONFIG) == null

              ) {

               

              class.getClass().getResource(RemoteEJBClient.AUTH_CONF

              );

               

              if (url != null

              ) {

               

              AUTH_LOGIN_CONFIG

              , url.toString());

               

               

               

               

               

               

               

              final Hashtable jndiProperties = new

              Hashtable();

               

              URL_PKG_PREFIXES, "org.jboss.ejb.client.naming"

               

               

              final Context context = new

              InitialContext(jndiProperties);

               

              final String appName = "TestEAR"

              ;

               

              final String moduleName = "TestEJB"

              ;

               

              final String distinctName = ""

              ;

               

              final String beanName = "SessionBean"

              ;

               

              final String viewClassName = SessionBeanInterface.class

              .getName();

               

              out.println("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/" + beanName + "!"

              + viewClassName);

               

              return (SessionBeanInterface) context.lookup("ejb:" + appName + "/" + moduleName + "/" + distinctName + "/"

              + beanName

               

              "!"

              +

               

              System.

               

               

               

               

               

               

              );

               

               

              jndiProperties.put(Context.

              loginContext.login();

              loginContext = new LoginContext("logincontextname", callbackHandler);

              AppCallbackHandler callbackHandler = new AppCallbackHandler(USER_LOGIN_NAME, USER_PASSWORD.toCharArray());

              }

              }

               

               

              System.getProperties().setProperty(RemoteEJBClient.

               

              URL url = RemoteEJBClient.

               

               

              }

               

                

               

              System.

              System.

               

               

              invokeStatelessBean();

              }

               

               

               

               

               

               

               

               

               

               

              /**

               

              * User password

              */

               

               

              /**

               

              * User login name

              */

              // Security.insertProviderAt(new JBossSaslProvider(), 1);

               

              Security.addProvider(

               

                

               

               

               

               

               

               

              import

               

               

              import

               

              import

               

              + viewClassName);

               

              4)  I have tried servlet using EJB injection but it's nto working

               

               

              package demo;

              import java.io.IOException;
              import java.io.PrintWriter;

              import javax.ejb.EJB;
              import javax.servlet.ServletException;
              import javax.servlet.http.HttpServlet;
              import javax.servlet.http.HttpServletRequest;
              import javax.servlet.http.HttpServletResponse;

              public class PrincipalViewer extends HttpServlet {

              private static final long serialVersionUID = 1L;
                  @EJB(mappedName = "java:global/TestEAR/TestEJB/SessionBean!demo.SessionBeanInterface")
                  SessionBeanInterface sessionBean;
                private void processRequest(HttpServletRequest request, HttpServletResponse response)
                     throws ServletException, IOException {
                       response.setContentType("text/html;charset=UTF-8");
                       PrintWriter out = response.getWriter();

                       try {
                          // InitialContext ctx = new InitialContext();
                          // request.login("admin", "admin");
                          // SessionBeanInterface sessionBean =
                          // InitialContext.doLookup("java:global/TestEAR/TestEJB/SessionBean!demo.SessionBeanInterface");
                          // sessionBeanInterface sessionBean = (SessionBeanInterface)
                          // ctx.lookup("java:global/TestEAR/TestEJB/SessionBean!demo.SessionBeanInterface");
                          // SessionBeanInterface sessionBean = (SessionBeanInterface)
                          // ctx.lookup("java:module/SessionBean!demo.SessionBeanInterface");

                           out.println("<html>");
                           out.println("<head>");
                           out.println("<title>Principal Viewer</title>");
                           out.println("</head>");
                           out.println("<body>");
                           out.println("<h1>Principal in EJB = " + sessionBean.getPrincipal().getName() + "</h1>");
                           if (sessionBean.getPrincipal().getName().equals("anonymous")) {
                            out.println("<h2>session will be invalidated</h2>");
                            request.getSession(true).invalidate();
                           }
                           out.println("</body>");
                           out.println("</html>");
                          
                       } finally {
                           out.close();
                       }
                }

               

                 @Override
                    protected void doGet(HttpServletRequest request, HttpServletResponse response)
                    throws ServletException, IOException {
                  processRequest(request, response);
                    }

                    @Override
                    protected void doPost(HttpServletRequest request, HttpServletResponse response)
                    throws ServletException, IOException {
                        processRequest(request, response);
                    }
              }

               

              5) web.xml contents

               

              <?xml version="1.0" encoding="UTF-8"?>
              <web-app id="WebApp_ID" version="3.0"
              xmlns="http://java.sun.com/xml/ns/javaee"
              xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
              <display-name>TestWeb</display-name>
              <servlet>
                <servlet-name>TestWeb</servlet-name>
                <servlet-class>demo.PrincipalViewer</servlet-class>
              </servlet>
              <servlet-mapping>
                <servlet-name>TestWeb</servlet-name>
                <url-pattern>/TestWeb</url-pattern>
              </servlet-mapping>
              <session-config>
                <session-timeout>30</session-timeout>
              </session-config>
              <welcome-file-list>
                <welcome-file>index.jsp</welcome-file>
              </welcome-file-list>
              <security-constraint>
                <web-resource-collection>
                 <web-resource-name>all</web-resource-name>
                 <url-pattern>/*</url-pattern>
                 <http-method>GET</http-method>
                 <http-method>POST</http-method>
                </web-resource-collection>
              </security-constraint>
              <login-config>
                <auth-method>FORM</auth-method>
                <form-login-config>
                 <form-login-page>/index.jsp</form-login-page>
                 <form-error-page>/error.jsp</form-error-page>
                </form-login-config>
              </login-config>
              <security-role>
                <role-name>Admin</role-name>
              </security-role>
              </web-app>

               

               

               

               

               

              }

               

              }

               

              Can you please suggest how to make remote EJB Client to work.

               

              import

               

               

               

               

              package

              endpoint.name=remoting-connector

               

              remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false

               

              remote.connections=default

               

              remote.connection.default.host=localhost

              remote.connection.default.port = 4447

              remote.connection.two.connect.options.org.xnio.Options.SASL_SERVER_AUTH=true

              remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

               

              remote.connection.two.host=localhost

              remote.connection.two.port = 4447

              remote.connection.two.connect.options.org.xnio.Options.SASL_SERVER_AUTH=true

              remote.connection.two.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

              • 4. Re: login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)
                ganeshment

                For sending remote EJB client credentials to server, Do I need to make any SASL configuration changes in standalone.xml file? 

                • 5. Re: login pricipal is changing to anonymous in EJBContext (JBOSS7.1 beta)
                  ganeshment

                  check the thread below for fix details in JBOSS 7.1 Final version

                  https://community.jboss.org/thread/177435