Jboss AS 7.1 - EJB injection in servlet with secure context
klopper Oct 2, 2012 12:58 AMHi all.
I tried execute some ejb method from servlet. My application is ear, with ejb-jar (with ejb) and war (servlet).
In standalone-full.xml configured Security realm:
<security-realm name="MyDomainRealm">
<authentication>
<jaas name="myDomain"/>
</authentication>
</security-realm>
and MyDomain:
<security-domain name="myDomain" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName" .../>
...
<module-option name="rolesQuery" value="select 'user' Role, 'Roles' RoleGroup from authinfo where name=?"/>
...
</login-module>
</authentication>
<login-module code="my.app.LoginModule" flag="required">
<module-option .../>
</login-module>
</authentication>
</security-domain>
and Jboss Remoting (my ejb maybe used by jndi remote lookup):
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="MyDomainRealm"/>
</subsystem>
In myEjb.jar jboss-ejb3.xml configure secure domain
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<s:security-domain>java:/jaas/myDomain</s:security-domain>
</s:security>
</assembly-descriptor>
and add ejb-jar.xml method permission check for myEjb:
<assembly-descriptor>
<security-role>
<role-name>user</role-name>
</security-role>
<method-permission>
<role-name>user</role-name>
<method>
<ejb-name>MyEjbBean</ejb-name>
<method-name>*</method-name>
...
myWeb.waw called on my secure context:
jboss-web.xml:
<security-domain>java:/jaas/myDomain</security-domain>
web.xml:
<security-role>
<role-name>user</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>Secure</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
............
And finally in jboss-app.xml:
<jboss-app xmlns="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
version="7.0">
<security-domain>java:/jaas/myDomain</security-domain>
<security-role>
<role-name>user</role-name>
</security-role>
</jboss-app>
MyServlet.java code part (EJB 3.0):
@EJB
IMyBeanLocal myEjb;
void test(){
myEjb.foo();
}
-------------------
When I try execute myEjb.foo() in server logs I see:
------------------------------------
10:12:57,307 TRACE [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) defaultLogin, principal=myUser
10:12:57,308 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) Begin getAppConfigurationEntry(java:), size=4
10:12:57,309 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) getAppConfigurationEntry(java:), no entry in appConfigs, tyring parentCont: null
10:12:57,309 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) getAppConfigurationEntry(java:), no entry in parentConfig, trying: other
10:12:57,310 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http--127.0.0.1-8080-1) End getAppConfigurationEntry(java:), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule
ControlFlag: LoginModuleControlFlag: optional
Options:
name=password-stacking, value=useFirstPass
[1]
LoginModule Class: org.jboss.as.security.RealmUsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=usersProperties, value=${jboss.server.config.dir}/application-users.properties
name=realm, value=ApplicationRealm
name=rolesProperties, value=${jboss.server.config.dir}/application-roles.properties
name=password-stacking, value=useFirstPass
10:12:57,325 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.7.Final.jar:4.0.7.Final]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_26]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_26]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_26]
...
-----------------------------------------------
Why
getAppConfigurationEntry(java:),???
why for myEjb used 'other' secure domain with ApplicationRealm , but not how I described in jboss-ejb3.xml a secure domain as myDomain?
I'm confused.
I tried annotate MyEjbBean with SecureDomain:
import org.jboss.security.annotation.SecurityDomain; ( i tried also import org.jboss.ejb3.annotation.SecurityDomain; )
@SecurityDomain(value="myDomain")
mistake is same...
What I did wrong?