-
1. Re: Configure JAAS security for default app with Jetty
I solved my own problem. Here is for all that may face the same situation:
The solution is that your webapp jboss-web.xml file should map the protected context as:<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> <jboss-web> <context-root>/</context-root> <!-- Uncomment the security-domain to enable security. You will need to edit the htmladaptor login configuration to setup the login modules used to authentication users. --> <security-domain>java:/jaas/default</security-domain> </jboss-web>
and the login-config.xml should match that:<application-policy name = "default"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/users.properties</module-option> <module-option name="rolesProperties">props/roles.properties</module-option> </login-module> </authentication> </application-policy>
do a restart and then everything should work.
Regards,
George -
2. Re: Configure JAAS security for default app with Jetty
i'm having a similar problem. My problem is when it's makes a call to the bean.
I'm running JBOSS 6. I'm not 100% sure that this is the security model as I took this from an example found on the internet for JBOSS 5.
1st - I don't want any security around my EJB. If anyone has ideas as to how to do that, insight would be appreciated. Why no security, I'm just running it on my local for now.
2nd - Since I can find nothing that enables me to do this, I now am stuck w/the inability to find property files.
Here is all of my xml files.
I have added the following to each login-config.xml file in JBOSS.
<application-policy name = "my-web">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">
props/my-web-users.properties
</module-option>
<module-option
name="rolesProperties">
props/my-web-roles.properties
</module-option>
</login-module>
</authentication>
</application-policy>
Contents of jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/my-web</security-domain>
</jboss-web>
Contents of ejb-jar.xml
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
<ejb-jar>
<enterprise-beans>
<session>
<description>Calculation Appeals Manager EJB</description>
<display-name>CalculationAppealsManagerBean</display-name>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<home>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerHome</home>
<remote>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManager</remote>
<ejb-class>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<env-entry>
<env-entry-name>ejb.sessionTimeout</env-entry-name>
<env-entry-type>java.lang.String</env-entry-type>
<env-entry-value>600</env-entry-value>
</env-entry>
<security-role-ref>
<role-name>EchoUser</role-name>
<role-link>Echo</role-link>
</security-role-ref>
<security-identity>
<run-as>
<role-name>InternalUser</role-name>
</run-as>
</security-identity>
</session>
</enterprise-beans>
<assembly-descriptor>
<security-role>
<role-name>all</role-name>
</security-role>
<method-permission>
<role-name>all</role-name>
<method>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
<container-transaction>
<method>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<method-name>*</method-name>
</method>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
contents of web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<icon></icon>
<display-name>Commissions Web Portal</display-name>
<description>Commissions Web Portal</description>
<distributable></distributable>
<servlet>
<description></description>
<display-name>CalculationAppealsServlet</display-name>
<servlet-name>CalculationAppealsServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CalculationAppealsServlet</servlet-name>
<url-pattern>/CCAServlet</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>SecureServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<servlet>
<servlet-name>UnsecureServlet</servlet-name>
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
<run-as>
<description>InternalThe anonymous user role</description>
<role-name>InternalUser</role-name>
</run-as>
</servlet>
<servlet>
<servlet-name>UnsecureServletWithLogin</servlet-name>
<!-- <description>A servlet whose mapping does not exist under the restricted context that </description>-->
<servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
</servlet>
<security-role>
<description>A user allowed to invoke echo methods</description>
<role-name>Echo</role-name>
</security-role>
<security-role>
<description>A user with no permissions</description>
<role-name>nobody</role-name>
</security-role>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<mime-mapping>
<extension>txt</extension>
<mime-type>text/plain</mime-type>
</mime-mapping>
<mime-mapping>
<extension>html</extension>
<mime-type>text/html</mime-type>
</mime-mapping>
<mime-mapping>
<extension>xls</extension>
<mime-type>application/vnd.ms-excel</mime-type>
</mime-mapping>
<welcome-file-list>
<welcome-file>splash.jsp</welcome-file>
</welcome-file-list>
</web-app>
contents of jboss.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 6.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd">
<jboss>
<security-domain>java:/jaas/my-web</security-domain>
<enterprise-beans>
<session>
<ejb-name>CalculationAppealsManagerBean</ejb-name>
<jndi-name>CalculationAppealsManagerBean</jndi-name>
<security-identity>
<run-as-principal>InternalUser</run-as-principal>
</security-identity>
</session>
</enterprise-beans>
</jboss>
I've copied the my-web-roles.properties and my-web-user.properties to the following:
C:\JBoss\jboss-6.1.0.Final\server\all\conf\props
C:\JBoss\jboss-6.1.0.Final\server\default\conf\props
I do get a warning in the logs but while it's an issue, this i believe is the gating issue. Here is the log error:
14:10:54,828 INFO [ContextConfig] WARNING: Security role name InternalUser used in a <run-as> without being defined in a <security-role>
You might find that some of the naming around security/roles is not consistent. That I'm aware of but first things first, have to find the properties files. -
3. Re: Configure JAAS security for default app with Jetty
I modified my jboss.xml to be this:
<security-domain></security-domain>
I removed any elements in the <security-domain>
Problem resolved.