0 Replies Latest reply on Feb 6, 2007 5:05 PM by Ilya

    security problem after migrationg to ejb3

    Ilya Newbie

      migrated project to ejb3
      looks like it won't take my security domain, because it uses UsernamePasswordLoginModule instead of my custom one =|
      although during deployment it says it will take db_store as sec. domain (last listing)

      my bean

      @Stateless(name = "UserEJB")
      @Remote(User.class)
      @TransactionManagement
      @SecurityDomain("db_store")
      public class UserBean implements User {
      ...
       @TransactionAttribute(TransactionAttributeType.SUPPORTS)
       @PermitAll
       public void create() throws CreateException
       }
      }


      my security domain
      <application-policy name="db_store">
       <authentication>
       <login-module code="ru.***.PermLoginModule" flag="sufficient">
       <module-option name="dsJndiName">
       DS/Standard
       </module-option>
       <module-option name="principalsQuery">
       SELECT pml_secret FROM permanentlogin p JOIN users u ON (p.usr_id = u.usr_id) WHERE usr_login = ? AND p.pml_secret = ? AND usr_isdeleted = 0
       </module-option>
       <module-option name="rolesQuery">
       SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
       </module-option>
       <module-option name="ignorePasswordCase">false</module-option>
       <module-option name="unauthenticatedIdentity">nobody</module-option>
       </login-module>
      
      
       <login-module code="ru.***.SCLoginModule" flag="required">
       <module-option name="dsJndiName">
       DS/Standard
       </module-option>
       <module-option name="principalsQuery">
       SELECT usr_password FROM users WHERE usr_login = ? AND usr_isdeleted = 0
       </module-option>
       <module-option name="rolesQuery">
       SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
       </module-option>
       <module-option name="ignorePasswordCase">false</module-option>
       <module-option name="unauthenticatedIdentity">nobody</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      my exception:
      javax.ejb.EJBAccessException: Authentication failure
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70)
       at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:263)
       at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:58)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:102)
       at $Proxy595281.create(Unknown Source)
       at ru.***.ejb.BeanHelper.getUserBean(BeanHelper.java:154)
       ... 21 more
      Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      


      deployment:
      2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]
      2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]