security problem after migrationg to ejb3
atamur Feb 6, 2007 5:05 PMmigrated project to ejb3
looks like it won't take my security domain, because it uses UsernamePasswordLoginModule instead of my custom one =|
although during deployment it says it will take db_store as sec. domain (last listing)
my bean
@Stateless(name = "UserEJB") @Remote(User.class) @TransactionManagement @SecurityDomain("db_store") public class UserBean implements User { ... @TransactionAttribute(TransactionAttributeType.SUPPORTS) @PermitAll public void create() throws CreateException } }
my security domain
<application-policy name="db_store"> <authentication> <login-module code="ru.***.PermLoginModule" flag="sufficient"> <module-option name="dsJndiName"> DS/Standard </module-option> <module-option name="principalsQuery"> SELECT pml_secret FROM permanentlogin p JOIN users u ON (p.usr_id = u.usr_id) WHERE usr_login = ? AND p.pml_secret = ? AND usr_isdeleted = 0 </module-option> <module-option name="rolesQuery"> SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0 </module-option> <module-option name="ignorePasswordCase">false</module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> <login-module code="ru.***.SCLoginModule" flag="required"> <module-option name="dsJndiName"> DS/Standard </module-option> <module-option name="principalsQuery"> SELECT usr_password FROM users WHERE usr_login = ? AND usr_isdeleted = 0 </module-option> <module-option name="rolesQuery"> SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0 </module-option> <module-option name="ignorePasswordCase">false</module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy>
my exception:
javax.ejb.EJBAccessException: Authentication failure at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70) at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:263) at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:58) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:102) at $Proxy595281.create(Unknown Source) at ru.***.ejb.BeanHelper.getUserBean(BeanHelper.java:154) ... 21 more Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213) at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
deployment:
2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null] 2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]