2 Replies Latest reply on Oct 25, 2012 1:11 PM by trvsschmdt

    Call to secured EJB from a secured EJB fails login

    trvsschmdt
    trvsschmdt Oct 25, 2012 11:08 AM

      Working on migrating a JBoss 6 app that was only called remotely from a separate tomcat sever, to an AS 7 app with the front end deployed as war in the ear.  I was able to setup FORM authenticaton on the web app and and am able to call secured EJBs from ny servlet file by just injecting @Remote or @Local interfaces using @EJB. 

       

      The problem I am hitting though is that if an EJB called from a servlet tries to call another secured EJB from itself get a login failure that says Password Incorrect/Required.  I can see the ctx.getCallerPrincipal is set so I don't understand the problem with this call.

       

      The front end and the EJBs are secured by LDAP modue.

       

      Any help is appreciated and please let me know if you need more details.

       

      Travis

        • 1. Re: Call to secured EJB from a secured EJB fails login
          jaikiran
          jaikiran Oct 25, 2012 12:54 PM (in response to trvsschmdt)

          Travis, welcome to the forums!

           

          Please post the entire exception stacktrace, the relevant code and configs and also the exact JBoss AS7 version that you are using.

            • Actions
          • 2. Re: Call to secured EJB from a secured EJB fails login
            trvsschmdt
            trvsschmdt Oct 25, 2012 1:11 PM (in response to jaikiran)

            Using 7.1.1.Final

             

            **********  Full stack Trace of Error ***************************

             

             

            11:39:10,994 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-2) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

                      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final]

                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_29]

                      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_29]

                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_29]

                      at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_29]

                      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_29]

                      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_29]

                      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_29]

                      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]

                      at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_29]

                      at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_29]

                      at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                      at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                      at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                      at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]

                      at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:306) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:272) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_29]

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:173) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at edu.uiowa.shl.tt.local.UserCacheLocal$$$view199.getId(Unknown Source) [timetracker.jar:]

                      at edu.uiowa.shl.tt.bean.TimeSheetBean.fetch(TimeSheetBean.java:73) [timetracker.jar:]

                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_29]

                      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_29]

                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_29]

                      at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_29]

                      at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:228) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:304) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:190) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:80) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:106) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                      at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:179) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:179) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:43) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:128) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) [jboss-ejb-client-1.0.5.Final.jar:1.0.5.Final]

                      at $Proxy131.fetch(Unknown Source)          at edu.uiowa.shl.tt.modules.timesheet.server.TimeSheetServlet.fetch(TimeSheetServlet.java:33)

                      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_29]

                      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_29]

                      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_29]

                      at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_29]

                      at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:569)

                      at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:208)

                      at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:248)

                      at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)

                      at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

                      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329)

                      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248)

                      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)

                      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161)

                      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:397)

                      at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.1.Final.jar:7.1.1.Final]

                      at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153)

                      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155)

                      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368)

                      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877)

                      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671)

                      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930)

                      at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_29]

             

             

            ************ Domain configuration in Standalone.xml ************************

             

                            <security-domain name="timetracker">

                                <authentication>

                                    <login-module code="org.jboss.security.ClientLoginModule" flag="required">

                                        <module-option name="restore-login-identity" value="true"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                    <login-module code="edu.uiowa.shl.tt.util.LoginLDAPModule" flag="required">

                                        <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                                        <module-option name="java.naming.provider.url" value="ldap://ldap1.uhl.uiowa.edu:389/"/>

                                        <module-option name="baseCtxDN" value="dc=uhl,dc=uiowa,dc=edu"/>

                                        <module-option name="baseFilter" value="(&amp;(uid={0})(ou=*))"/>

                                        <module-option name="rolesCtxDN" value="dc=uhl,dc=uiowa,dc=edu"/>

                                        <module-option name="roleFilter" value="(&amp;(uid={0})(ou=*))"/>

                                        <module-option name="roleAttributeIsDN" value="true"/>

                                        <module-option name="roleAttributeID" value="GroupMembership"/>

                                        <module-option name="roleNameAttributeID" value="cn"/>

                                        <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                        <module-option name="unauthenticatedIdentity" value="system"/>

                                        <module-option name="throwValidateError" value="true"/>

                                    </login-module>

                                    <login-module code="edu.uiowa.shl.tt.util.LoginRolesModule" flag="required">

                                        <module-option name="dsJndiName" value="java:/SecurityDS"/>

                                        <module-option name="rolesQuery" value="{call ejb_roles(?,'timetracker')}"/>

                                        <module-option name="unauthenticatedIdentity" value="system"/>

                                        <module-option name="password-stacking" value="useFirstPass"/>

                                    </login-module>

                                </authentication>

                            </security-domain>

             

             

             

            ********** Servlet class calling EJB ***************

             

            public class TimeSheetServlet extends AppServlet implements TimesheetServiceInt {

             

             

                      private static final long serialVersionUID = 1L;

             

                      @EJB

                      TimeSheetRemote time;

             

             

                      public TimeSheetVO update(TimeSheetVO sheet) throws Exception {

                          return time.update(sheet);

                }

             

             

                public TimeSheetVO fetch(Datetime week) throws Exception {

                          return time.fetch(week);

                }

               

                public TimeSheetVO fetch(TimeSheetVO sheet) throws Exception {

                                   return time.fetch(sheet);

                }

            }

             

             

            ********  Pertinent code for EJB calling the EJB that fails *******************

             

            @Stateless

            @SecurityDomain("timetracker")

            @RolesAllowed("time-select")

            public class TimeSheetBean implements TimeSheetRemote,TimeSheetLocal {

             

             

                @PersistenceContext(unitName = "timetracker")

                private EntityManager manager;

               

                @EJB

                private UserCacheLocal userCache;

               

                @EJB

                private PersonCacheLocal personCache;

               

                @EJB

                private StaffLocal    staffLocal;

               

                @Resource

                SessionContext ctx;

             

             

                public TimeSheetVO fetch(Datetime week) throws Exception {

                          return fetch(personCache.getPersonId(userCache.getId()),week == null ? Datetime.getInstance(Datetime.YEAR, Datetime.DAY) : week);

                }

               

                      public TimeSheetVO fetch(TimeSheetVO sheet) throws Exception {

                                Calendar cal;

             

                                if(sheet.getWeek() == null) {

                                          cal = Calendar.getInstance();

                                          cal.add(Calendar.DAY_OF_WEEK, -(cal.get(Calendar.DAY_OF_WEEK)-1));

                                          sheet.setWeek(Datetime.getInstance(Datetime.YEAR,Datetime.DAY,cal.getTime()));

                                }

             

                                if(sheet.getPerson() == null) {

                                          sheet.setPerson(personCache.getPersonId(userCache.getId()));  *********** Fails on this call to userCache,getId();

                                }

             

                                try {

                                          return fetch(sheet.getPerson(),sheet.getWeek());

                                }catch(Exception e) {

                                          e.printStackTrace();

                                          throw e;

                                }

                      }

              • Actions