6 Replies Latest reply on Jan 28, 2009 10:18 AM by wolfgangknauf

    RolesAllowed causes exception on client with JBoss5

    draganj
    draganj Jan 28, 2009 7:47 AM

      Hello,

      I have a problem with JBoss5,EJB3 and security. If I add @RolesAllowed attribute to stateless bean and run client I get following exception:

      Exception in thread "main" javax.ejb.EJBAccessException: Caller unauthorized
 at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
 at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)

      There is no exception on server side.

      Note that if I use the same code and only change libraries and SecurityDomain class (other package) everything works OK on JBoss 4.2.3.

      Any ideas?

      Thanks,
      Dragan

      • 2193 Views
      • Tags:
        • 1. Re: RolesAllowed causes exception on client with JBoss5
          jaikiran
          jaikiran Jan 28, 2009 7:52 AM (in response to draganj)

          Please post your bean code and also the client code which logs in the user.

            • Actions
          • 2. Re: RolesAllowed causes exception on client with JBoss5
            draganj
            draganj Jan 28, 2009 8:16 AM (in response to draganj)

            Hello,

            Here it is.
            Client

            public class TestStatelessClient
{
 public static void main(String[] args) throws Exception
 {
 Properties p = new Properties();
 //p.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
 p.setProperty("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory");
 p.setProperty("java.naming.provider.url","localhost:1099");
 p.setProperty("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
 p.setProperty(Context.SECURITY_PRINCIPAL, "kermit");
 p.setProperty(Context.SECURITY_CREDENTIALS, "thefrog");
 InitialContext ctx = new InitialContext(p);
 IHelloWorld hw = (IHelloWorld) ctx.lookup("HelloWorldBean/remote");

 System.out.println("Got " + hw.helloWorld("Hello server"));
 }
}


            Server: 
            package test.ejb.stateless;

import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;

import org.jboss.ejb3.annotation.SecurityDomain;


@Stateless
@SecurityDomain("JBossWS")
@Remote(IHelloWorld.class)
public class HelloWorldBean implements IHelloWorld
{
 @RolesAllowed({"friend"})
 public String helloWorld(String in)
 {
 System.out.println("Got " + in);
 return "Hello Client";
 }
}

            jboss.xml: 
            ?xml version="1.0"?>
<jboss>
 <security-domain>JBossWS</security-domain>
</jboss>


            I used JBossWS security domain.

            Regards,
            Dragan

              • Actions
            • 3. Re: RolesAllowed causes exception on client with JBoss5
              jaikiran
              jaikiran Jan 28, 2009 8:34 AM (in response to draganj)

               

              Properties p = new Properties();
              //p.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
              p.setProperty("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory");
              p.setProperty("java.naming.provider.url","localhost:1099");
              p.setProperty("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
              p.setProperty(Context.SECURITY_PRINCIPAL, "kermit");
              p.setProperty(Context.SECURITY_CREDENTIALS, "thefrog");


              This has changed in JBossAS-5. Checkout the EJB3 "security" tutorial to see how its done now http://anonsvn.jboss.org/repos/jbossas/projects/ejb3/trunk/docs/tutorial/security/

                • Actions
              • 4. Re: RolesAllowed causes exception on client with JBoss5
                draganj
                draganj Jan 28, 2009 9:05 AM (in response to draganj)

                Hello,

                Thanks for the quick answer. It works.

                Do you know what is the reason why we can not use "generic" client anymore (SecurityClient is jboss specific).

                Thanks again,
                Dragan

                  • Actions
                • 5. Re: RolesAllowed causes exception on client with JBoss5
                  jaikiran
                  jaikiran Jan 28, 2009 9:37 AM (in response to draganj)

                  Your earlier client too was JBoss specific, remember you were passing the JBoss specific JNDI properties and required JBoss specific jars in the classpath.

                    • Actions
                  • 6. Re: RolesAllowed causes exception on client with JBoss5
                    wolfgangknauf
                    wolfgangknauf Jan 28, 2009 10:18 AM (in response to draganj)

                    Hi Dragan,

                    actually, you use JAAS on the client side (which is a Java standard), there is not much JBoss specific stuff about this.

                    To login, you need an implementation of "javax.security.auth.callback.CallbackHandler" (which provides user/password), and perform the authentication using this CallbackHandler:

                    javax.security.auth.login.LoginContext loginContext = new LoginContext ("...", callbackHandler);
loginContext.login();


                    The JBoss "SecurityClient" is just an implementation of the CallbackHandler interface.

                    Hope this helps a bit

                    Wolfgang

                      • Actions