Issues with custom Database Login module
raj_kumar Jun 9, 2014 6:38 AMHi,
I am using EAP 6.2 and trying to add a custom database login module and trying to access the secured EJB. But while calling it is throwing a eexception :-
16:03:04,119 TRACE [org.jboss.security] (Remoting "rkp1-lnv520" task-3) PBOX000200: Begin isValid, principal: Admin, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@16e1f2f
16:03:04,120 TRACE [org.jboss.security] (Remoting "rkp1-lnv520" task-3) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@16e1f2f, credential class: class java.lang.String
16:03:04,120 TRACE [org.jboss.security] (Remoting "rkp1-lnv520" task-3) PBOX000205: End validateCache, result = true
16:03:04,120 TRACE [org.jboss.security] (Remoting "rkp1-lnv520" task-3) PBOX000201: End isValid, result = true
16:03:04,121 TRACE [org.jboss.security.audit] (Remoting "rkp1-lnv520" task-3) [Success]Source=org.jboss.as.security.service.SimpleSecurityManager;Action=authentication;principal=Admin;
16:03:04,371 TRACE [org.jboss.security] (EJB default - 2) PBOX000200: Begin isValid, principal: Admin, cache entry: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@16e1f2f
16:03:04,372 TRACE [org.jboss.security] (EJB default - 2) PBOX000204: Begin validateCache, domainInfo: org.jboss.security.authentication.JBossCachedAuthenticationManager$DomainInfo@16e1f2f, credential class: class java.lang.String
16:03:04,372 TRACE [org.jboss.security] (EJB default - 2) PBOX000205: End validateCache, result = true
16:03:04,372 TRACE [org.jboss.security] (EJB default - 2) PBOX000201: End isValid, result = true
16:03:04,372 TRACE [org.jboss.security.audit] (EJB default - 2) [Success]Source=org.jboss.as.security.service.SimpleSecurityManager;Action=authentication;principal=Admin;
16:03:04,372 TRACE [org.jboss.security] (EJB default - 2) PBOX000354: Setting security roles ThreadLocal: {}
16:03:04,373 DEBUG [org.jboss.security] (EJB default - 2) PBOX000293: Exception caught: javax.naming.NameNotFoundException: policyRegistration -- service jboss.naming.context.java.policyRegistration
at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:103)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:197)
at org.jboss.as.naming.InitialContext.lookup(InitialContext.java:120)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:183)
at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:179)
at javax.naming.InitialContext.lookup(Unknown Source) [rt.jar:1.6.0_30]
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.getPolicyRegistrationFromJNDI(EJBAuthorizationHelper.java:353) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:303) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:269) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:112) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:81) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:329) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:70) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:203) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask.run(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.6.0_30]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_30]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
16:03:04,376 DEBUG [org.jboss.security] (EJB default - 2) PBOX000291: Method: hello, interface: Remote, required roles: Roles(<NOBODY>,)
16:03:04,377 DEBUG [org.jboss.security] (EJB default - 2) PBOX000292: Insufficient method permissions [principal: Admin, EJB name: HelloWorld, method: hello, interface: Remote, required roles: Roles(<NOBODY>,), principal roles: Roles(), run-as roles: null]
16:03:04,377 DEBUG [org.jboss.security] (EJB default - 2) PBOX000299: Required module org.jboss.security.authorization.modules.DelegatingAuthorizationModule failed
16:03:04,377 DEBUG [org.jboss.security] (EJB default - 2) PBOX000325: Authorization processing error: org.jboss.security.authorization.AuthorizationException: PBOX000017: Acces denied: authorization failed
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.invokeAuthorize(JBossAuthorizationContext.java:268) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.access$000(JBossAuthorizationContext.java:71) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.authorization.JBossAuthorizationContext$1.run(JBossAuthorizationContext.java:147) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_30]
at org.jboss.security.plugins.authorization.JBossAuthorizationContext.authorize(JBossAuthorizationContext.java:143) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.JBossAuthorizationManager.internalAuthorization(JBossAuthorizationManager.java:429) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.JBossAuthorizationManager.authorize(JBossAuthorizationManager.java:115) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.security.plugins.javaee.EJBAuthorizationHelper.authorize(EJBAuthorizationHelper.java:318) [picketbox-4.0.19.SP2-redhat-1.jar:4.0.19.SP2-redhat-1]
at org.jboss.as.security.service.SimpleSecurityManager.authorize(SimpleSecurityManager.java:269) [jboss-as-security-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:112) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:81) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:329) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:70) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:203) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask.run(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.6.0_30]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_30]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
16:03:04,380 TRACE [org.jboss.security.audit] (EJB default - 2) [Failure]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Action=authorization;Exception:=PBOX000017: Acces denied: authorization failed ;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=null}:method=public abstract void com.osi.HelloWorldRemote.hello():ejbMethodInterface=Remote:ejbName=HelloWorld:ejbPrincipal=Admin:MethodRoles=Roles(<NOBODY>,):securityRoleReferences=null:callerSubject=Subject:
Principal: Admin
Principal: Roles(members)
Principal: CallerPrincipal(members)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=2.0];policyRegistration=null;
16:03:04,381 TRACE [org.jboss.security] (EJB default - 2) PBOX000354: Setting security roles ThreadLocal: null
16:03:04,381 ERROR [org.jboss.as.ejb3.invocation] (EJB default - 2) JBAS014134: EJB Invocation failed on component HelloWorld for method public abstract void com.osi.HelloWorldRemote.hello(): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract void com.osi.HelloWorldRemote.hello() of bean: HelloWorld is not allowed
at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:114) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:81) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:55) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.2.Final-redhat-1.jar:1.1.2.Final-redhat-1]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:329) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:70) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:203) [jboss-as-ejb3-7.3.0.Final-redhat-14.jar:7.3.0.Final-redhat-14]
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.FutureTask.run(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(Unknown Source) [rt.jar:1.6.0_30]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [rt.jar:1.6.0_30]
at java.lang.Thread.run(Unknown Source) [rt.jar:1.6.0_30]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
I looked into several other forums but was not able to find the answer, security module is inside EAR in Jar file, below is my configuration
EJB ;-
@SecurityDomain("MyTestDomain")
@Stateless
@LocalBean
@Remote(HelloWorldRemote.class)
public class HelloWorld implements HelloWorldRemote, HelloWorldLocal {
snippets from Standalone.xml
<security-realm name="TestDomain">
<authentication>
<jaas name="MyTestDomain"/>
</authentication>
</security-realm>
<security-domain name="MyTestDomain" cache-type="default">
<authentication>
<login-module code="com.osi.auth.TestLoginModule" flag="required" module="deployment.TestEAR.ear.Test.jar">
<module-option name="dsJndiName" value="java:/TESTDB"/>
<module-option name="principalsQuery" value="SELECT PASSWORD FROM NETXOPER WHERE NAME=?"/>
<module-option name="rolesQuery" value="SELECT NAME, 'Roles' FROM NETXOPER WHERE NAME=?"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
Secrity Module code :-
public class TestLoginModule extends DatabaseServerLoginModule{
@Override
protected String getUsersPassword() throws LoginException {
System.out.println("Get user Password called");
return "true";
}
@Override
protected Group[] getRoleSets() throws LoginException{
// The declarative permissions
Group roles = new SimpleGroup("Roles");
// The caller identity
Group callerPrincipal = new SimpleGroup("CallerPrincipal");
Group[] groups = {roles, callerPrincipal};
System.out.println("Get role set called, userName = " +getUsername());
return groups;
//return null;
}
@Override
protected boolean validatePassword(String inputPassword,
String expectedPassword){
System.out.println(" Username = " + getUsername());
System.out.println("input pass = " + inputPassword + " expected pass = " + expectedPassword);
System.out.println("Validating password");
return true;
}
}
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting" security-realm="TestDomain"/>
</subsystem>