JBoss AS7 JAAS exception: .getName() of bean: xxx is not allowed
Dear all,
I set and test JAAS according to https://community.jboss.org/wiki/JBoss7AndEjbRemoteCallWithSecurity, but it does NOT work.(You can refer to TestEar.ear_code.zip and TestEar.ear for details.)
My steps:
1. standalone.xml
<?xml version='1.0' encoding='UTF-8'?>
<server xmlns="urn:jboss:domain:1.2">
...
<management>
<security-realms>
<security-realm name="ManagementRealm">
<authentication>
<properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
<security-realm name="ApplicationRealm">
<authentication>
<jaas name="bean-sec-domain"/>
</authentication>
</security-realm>
</security-realms>
...
</management>
<profile>
...
<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="bean-sec-domain" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="defaultUsersProperties" value="file:/${jboss.server.config.dir}/x-users.properties"/>
<module-option name="defaultRolesProperties" value="file:/${jboss.server.config.dir}/x-roles.properties"/>
<module-option name="usersProperties" value="file:/${jboss.server.config.dir}/x-users.properties"/>
<module-option name="rolesProperties" value="file:/${jboss.server.config.dir}/x-roles.properties"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
...
</security-domains>
</subsystem>
...
</profile>
...
</server>
2. x-users.properties
testX=test1234
3. x-roles.properties
testX=bean
4. my ear
[-]nms-server-ear.ear
nms-server-war.war
[-]META-INF
MANIFEST.MF
application.xml
jboss-app.xml
[-]lib
[-]nms-server-ejb.jar
import.sql
[-]META-INF
MANIFEST.MF
beans.xml
jboss-ejb3.xml
persistence.xml
[-]com
[-]ybxiang
[-]nms
[-]server
[-]ejb
[-]session
ISecuredRemoteSession.class
SecuredRemoteSession.class
4.1 application.xml
<?xml version="1.0" encoding="UTF-8"?> <application xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="6" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/application_6.xsd"> <display-name>nms-server-ear</display-name> <initialize-in-order>true</initialize-in-order> <module> <ejb>nms-server-ejb.jar</ejb> </module> <module> <web> <web-uri>nms-server-war.war</web-uri> <context-root>/nms</context-root> </web> </module> </application>
4.2 jboss-app.xml
<?xml version="1.0" encoding="UTF-8"?> <p:jboss-app xmlns:p="http://www.jboss.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.jboss.com/xml/ns/javaee ../../xsd/jboss-app_7_0.xsd "> <security-domain>other</security-domain> </p:jboss-app>
4.3 jboss-ejb3.xml
<?xml version="1.0" encoding="UTF-8"?> <jboss:ejb-jar xmlns:jboss="http://www.jboss.com/xml/ns/javaee" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="urn:security" version="3.1" impl-version="2.0"> <assembly-descriptor xmlns="http://java.sun.com/xml/ns/javaee"> <security:security xmlns:security="urn:security"> <security:security-domain>bean-sec-domain</security:security-domain> <ejb-name>SecuredRemoteSession</ejb-name> </security:security> </assembly-descriptor> </jboss:ejb-jar>
4.4 EJB Interface
public interface ISecuredRemoteSession {
int add(int a, int b);
int subtract(int a, int b);
public String getName ();
public String getNameFree ();
}
4.5 My bean
import javax.annotation.Resource;
import javax.annotation.security.DeclareRoles;
import javax.annotation.security.RolesAllowed;
import javax.ejb.EJBContext;
import javax.ejb.Remote;
import javax.ejb.Stateless;
@Stateless
@Remote(ISecuredRemoteSession.class)
@DeclareRoles("bean")
public class SecuredRemoteSession implements ISecuredRemoteSession{
@Override
public int add(int a, int b) {
return a + b;
}
@Override
public int subtract(int a, int b) {
return a - b;
}
@Resource
private EJBContext context;
@Override
@RolesAllowed("bean")
public String getName()
{
return getNameFree();
}
@Override
public String getNameFree ()
{
String aName = "";
if (context.getCallerPrincipal() != null) {
aName = context.getCallerPrincipal().getName();
}
String log = "name " + aName + " " + context.isCallerInRole("bean");
System.out.println("getNameFree************************************************");
System.out.println(log);
System.out.println("getNameFree************************************************");
return "name " + aName + " " + context.isCallerInRole("bean");
}
}
5. start JBoss AS
withe command :
standalone.bat -b=192.168.1.100
6.throw nms-server-ear.ear into deployments directory
I get bellow log
... 23:39:52,953 INFO [org.jboss.weld.deployer] (MSC service thread 1-8) JBAS016008: Starting weld service for deployment nms-server-ear.ear 23:39:53,750 INFO [javax.enterprise.resource.webcontainer.jsf.config] (MSC service thread 1-5) Initializing Mojarra 2.1.7-jbossorg-1 (20120227-1401) for context '/nms' 23:39:54,562 INFO [org.hibernate.validator.util.Version] (MSC service thread 1-5) Hibernate Validator 4.2.0.Final 23:39:54,781 INFO [org.jboss.web] (MSC service thread 1-5) JBAS018210: Registering web context: /nms 23:39:54,859 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "nms-server-ear.ear"
7. My client
7.1 I put jboss-client.jar and ejb interface in my class path
7.2 EJB Client
I use PropertiesBasedEJBClientConfiguration to build my InitialContext, So I do NOT use jboss-ejb-client.properties file.
import java.util.Hashtable;
import java.util.Properties;
import javax.naming.Context;
import javax.naming.InitialContext;
import org.jboss.ejb.client.ContextSelector;
import org.jboss.ejb.client.EJBClientConfiguration;
import org.jboss.ejb.client.EJBClientContext;
import org.jboss.ejb.client.PropertiesBasedEJBClientConfiguration;
import org.jboss.ejb.client.remoting.ConfigBasedEJBClientContextSelector;
import org.jboss.naming.remote.client.InitialContextFactory;
import com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession;
public class RemoteEJBClient_ear3_JAAS {
public static void main(String[] args) throws Exception {
invokeStatelessBean();
}
private static void invokeStatelessBean() throws Exception {
// Let's lookup the remote stateless calculator
final ISecuredRemoteSession statelessRemoteCalculator = lookupRemoteStatelessCalculator();
System.out.println("Obtained a remote stateless calculator for invocation");
// invoke on the remote calculator
int a = 204;
int b = 340;
System.out.println("Adding " + a + " and " + b + " via the remote stateless calculator deployed on the server");
int sum = statelessRemoteCalculator.add(a, b);
System.out.println("Remote calculator returned sum = " + sum);
if (sum != a + b) {
throw new RuntimeException("Remote stateless calculator returned an incorrect sum " + sum + " ,expected sum was " + (a + b));
}
// try one more invocation, this time for subtraction
int num1 = 3434;
int num2 = 2332;
System.out.println("Subtracting " + num2 + " from " + num1 + " via the remote stateless calculator deployed on the server");
int difference = statelessRemoteCalculator.subtract(num1, num2);
System.out.println("Remote calculator returned difference = " + difference);
if (difference != num1 - num2) {
throw new RuntimeException("Remote stateless calculator returned an incorrect difference " + difference + " ,expected difference was " + (num1 - num2));
}
//
System.out.println("x" + statelessRemoteCalculator.getNameFree());
System.out.println("x" + statelessRemoteCalculator.getName());
}
private static ISecuredRemoteSession lookupRemoteStatelessCalculator() throws Exception {
return lookupRemoteStatelessCalculator_WithoutPropertieFile_method2_ear();//ear
}
private static ISecuredRemoteSession lookupRemoteStatelessCalculator_WithoutPropertieFile_method2_ear() throws Exception {
String jndiName = "ejb:nms-server-ear/nms-server-ejb//SecuredRemoteSession!" + ISecuredRemoteSession.class.getName();//ear:good
Properties p = new Properties();
{
p.put("remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED", "false");
p.put("remote.connections", "default");
p.put("remote.connection.default.host", "192.168.1.100");
p.put("remote.connection.default.port", "4447");
p.put(InitialContext.SECURITY_PRINCIPAL, "testX");
p.put(InitialContext.SECURITY_CREDENTIALS, "test1234");
p.put("jboss.naming.client.ejb.context", "true");
p.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT", "false");
}
EJBClientConfiguration cc = new PropertiesBasedEJBClientConfiguration(p);
ContextSelector<EJBClientContext> selector = new ConfigBasedEJBClientContextSelector(cc);
EJBClientContext.setSelector(selector);
Properties props = new Properties();
props.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");
InitialContext context = new InitialContext(props);
return (ISecuredRemoteSession)context.lookup(jndiName);
}
}
7.3 run my client
(a) the client log:
Aug 02, 2012 11:44:28 PM org.xnio.Xnio <clinit>
INFO: XNIO Version 3.0.3.GA
Aug 02, 2012 11:44:28 PM org.xnio.nio.NioXnio <clinit>
INFO: XNIO NIO Implementation Version 3.0.3.GA
Aug 02, 2012 11:44:28 PM org.jboss.remoting3.EndpointImpl <clinit>
INFO: JBoss Remoting version 3.2.3.GA
Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.VersionReceiver handleMessage
INFO: Received server version 1 and marshalling strategies [river]
Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.RemotingConnectionEJBReceiver associate
INFO: Successful version handshake completed for receiver context EJBReceiverContext{clientContext=org.jboss.ejb.client.EJBClientContext@eb3f66, receiver=Remoting connection EJB receiver [connection=Remoting connection <175650e>,channel=jboss.ejb,nodename=cv0018179n0]} on channel Channel ID a749f8f0 (outbound) of Remoting connection 016292a4 to /192.168.1.100:4447
Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.remoting.ChannelAssociation$ResponseReceiver handleMessage
WARN: Unsupported message received with header 0xffffffff
Aug 02, 2012 11:44:29 PM org.jboss.ejb.client.EJBClient <clinit>
INFO: JBoss EJB Client version 1.0.5.Final
Obtained a remote stateless calculator for invocation
Adding 204 and 340 via the remote stateless calculator deployed on the server
Remote calculator returned sum = 544
Subtracting 2332 from 3434 via the remote stateless calculator deployed on the server
Remote calculator returned difference = 1102
xname $local false
Aug 02, 2012 11:44:30 PM org.jboss.ejb.client.remoting.ChannelAssociation resultReady
INFO: Discarding result for invocation id 3 since no waiting context found
Exception in thread "main" java.lang.reflect.UndeclaredThrowableException
at $Proxy0.getName(Unknown Source)
at com.ybxiang.nms.simpleclient.RemoteEJBClient_ear3_JAAS.invokeStatelessBean(RemoteEJBClient_ear3_JAAS.java:48)
at com.ybxiang.nms.simpleclient.RemoteEJBClient_ear3_JAAS.main(RemoteEJBClient_ear3_JAAS.java:21)
Caused by: java.io.StreamCorruptedException: Unexpected byte found when reading an object: 53
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:750)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:209)
at org.jboss.marshalling.river.RiverUnmarshaller.readFields(RiverUnmarshaller.java:1677)
at org.jboss.marshalling.river.RiverObjectInputStream.defaultReadObject(RiverObjectInputStream.java:73)
at java.lang.Throwable.readObject(Throwable.java:913)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at org.jboss.marshalling.reflect.SerializableClass.callReadObject(SerializableClass.java:213)
at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1574)
at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557)
at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557)
at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557)
at org.jboss.marshalling.river.RiverUnmarshaller.doInitSerializable(RiverUnmarshaller.java:1557)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadNewObject(RiverUnmarshaller.java:1235)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:272)
at org.jboss.marshalling.river.RiverUnmarshaller.doReadObject(RiverUnmarshaller.java:209)
at org.jboss.marshalling.AbstractObjectInput.readObject(AbstractObjectInput.java:37)
at org.jboss.ejb.client.remoting.InvocationExceptionResponseHandler$MethodInvocationExceptionResultProducer.getResult(InvocationExceptionResponseHandler.java:82)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:270)
at org.jboss.ejb.client.TransactionInterceptor.handleInvocationResult(TransactionInterceptor.java:47)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:272)
at org.jboss.ejb.client.ReceiverInterceptor.handleInvocationResult(ReceiverInterceptor.java:132)
at org.jboss.ejb.client.EJBClientInvocationContext.getResult(EJBClientInvocationContext.java:260)
at org.jboss.ejb.client.EJBClientInvocationContext.awaitResponse(EJBClientInvocationContext.java:399)
at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:140)
at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121)
at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104)
... 3 more
Caused by: an exception which occurred:
in field suppressedExceptions
in object of type javax.ejb.EJBAccessException
(b) the server side exception:
23:39:54,859 INFO [org.jboss.as.server] (DeploymentScanner-threads - 2) JBAS018559: Deployed "nms-server-ear.ear" 23:44:30,000 INFO [stdout] (EJB default - 3) getNameFree************************************************ 23:44:30,000 INFO [stdout] (EJB default - 3) name $local false 23:44:30,000 INFO [stdout] (EJB default - 3) getNameFree************************************************ 23:44:30,031 ERROR [org.jboss.ejb3.invocation] (EJB default - 4) JBAS014134: EJB Invocation failed on component SecuredRemoteSession for method public abstract java.lang.String com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession.getName(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String com.ybxiang.nms.server.ejb.session.ISecuredRemoteSession.getName() of bean: SecuredRemoteSession is not allowed at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:302) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:196) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_20] at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_20] at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_20] at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_20] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_20] at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_20] at org.jboss.threads.JBossThread.run(JBossThread.java:122)
I want to know why the fourth method getName() is NOT allowed while the first 3 method is OK!!!
My code is almost the same as the one described in https://community.jboss.org/wiki/JBoss7AndEjbRemoteCallWithSecurity
I attached all codes.
Please help me! Thank you in advance!
-
code.zip 3.9 MB
-
TestEar.ear 2.6 KB
-
TestEar.ear_code.zip 14.5 KB