Lookup Security Context in JBoss AS7/Wildfly
bharadwaj.ap Dec 31, 2015 2:12 AMHi All,
We are migrating from JBoss 4.0 to AS7.1.
We've followed the below Documentation:
We now are facing issues in looking up Security context using JNDI. Currently we are using JNP project for JNDI naming with JBoss 4.0, but from AS7 onwards jboss-remote-naming project is being used. (Ref: https://docs.jboss.org/author/display/AS72/Remote+EJB+invocations+via+JNDI+-+EJB+client+API+or+remote-naming+project)
Lookup of Security Context with JNP
Context securityCtx = null; InitialContext iniCtx = new InitialContext(); securityCtx = (Context) iniCtx.lookup("java:comp/env/security"); . . . // Get the JBoss security manager from the ENC context SubjectSecurityManager securityMgr = (SubjectSecurityManager) securityCtx.lookup("securityMgr"); Subject subject = new Subject(); principal = certMapping.toPrinicipal(certs); if (securityMgr.isValid(principal, certs, subject)) { if (trace) log.trace("User: " + principal + " is authenticated"); SecurityAssociationActions.setPrincipalInfo(principal, certs, subject); // Get the CallerPrincipal mapping RealmMapping realmMapping = (RealmMapping) securityCtx.lookup("realmMapping");
This is how lookup is being done and Principal is validated.
Below is the JNDI Tree, it is able to get the namespace comp/env/security as this is using JNP with JBoss AS4.0
+- comp (class: javax.naming.Context) | +- TransactionSynchronizationRegistry[link -> java:TransactionSynchronizationRegistry] (class: javax.naming.LinkRef) | +- UserTransaction[link -> UserTransaction] (class: javax.naming.LinkRef) | +- env (class: org.jnp.interfaces.NamingContext) | | +- security (class: org.jnp.interfaces.NamingContext) | | | +- securityMgr[link -> java:/jaas/jboss-web-policy] (class: javax.naming.LinkRef) | | | +- subject[link -> java:/jaas/jboss-web-policy/subject] (class: javax.naming.LinkRef) | | | +- realmMapping[link -> java:/jaas/jboss-web-policy/realmMapping] (class: javax.naming.LinkRef) | | | +- security-domain[link -> java:/jaas/jboss-web-policy] (class: javax.naming.LinkRef) | | | +- authorizationMgr[link -> java:/jaas/jboss-web-policy/authorizationMgr] (class: javax.naming.LinkRef) | +- ORB[link -> java:/JBossCorbaORB] (class: javax.naming.LinkRef) | +- BeanManager (class: org.jnp.interfaces.MarshalledValuePair) | +- ModuleName (class: java.lang.String)
But now we are using jboss-remote-naming project for JNDI implementation in JBoss AS7.1.1 and below is the jndi.properties file.
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory java.naming.factory.url.pkgs=org.jboss.ejb.client.naming java.naming.provider.url=remote://localhost:4447
we are getting below exception while login
11:42:28,483 ERROR [com.xxx.security.realm.XYZJAASRealm] (ajp--127.0.0.1-8009-1) NamingException occured: javax.naming.NameNotFoundException: comp/env/security -- service jboss.naming.context.java.jboss.exported.comp.env.security at org.jboss.as.naming.ServiceBasedNamingStore.lookup(ServiceBasedNamingStore.java:97) at org.jboss.as.naming.NamingContext.lookup(NamingContext.java:178) at org.jboss.naming.remote.protocol.v1.Protocol$1.handleServerMessage(Protocol.java:127) [jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final] at org.jboss.naming.remote.protocol.v1.RemoteNamingServerV1$MessageReciever$1.run(RemoteNamingServerV1.java:73) [jboss-remote-naming-2.0.4.Final.jar:2.0.4.Final] at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [rt.jar:1.7.0_76] at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [rt.jar:1.7.0_76] at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_76]
Kindly help how to resolve this?