6 Replies Latest reply on Jan 28, 2009 10:18 AM by Wolfgang Knauf

    RolesAllowed causes exception on client with JBoss5

    draganj Newbie

      Hello,

      I have a problem with JBoss5,EJB3 and security. If I add @RolesAllowed attribute to stateless bean and run client I get following exception:

      Exception in thread "main" javax.ejb.EJBAccessException: Caller unauthorized
       at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:199)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
      

      There is no exception on server side.

      Note that if I use the same code and only change libraries and SecurityDomain class (other package) everything works OK on JBoss 4.2.3.

      Any ideas?

      Thanks,
      Dragan

        • 1. Re: RolesAllowed causes exception on client with JBoss5
          jaikiran pai Master

          Please post your bean code and also the client code which logs in the user.

          • 2. Re: RolesAllowed causes exception on client with JBoss5
            draganj Newbie

            Hello,

            Here it is.
            Client

            public class TestStatelessClient
            {
             public static void main(String[] args) throws Exception
             {
             Properties p = new Properties();
             //p.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
             p.setProperty("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory");
             p.setProperty("java.naming.provider.url","localhost:1099");
             p.setProperty("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
             p.setProperty(Context.SECURITY_PRINCIPAL, "kermit");
             p.setProperty(Context.SECURITY_CREDENTIALS, "thefrog");
             InitialContext ctx = new InitialContext(p);
             IHelloWorld hw = (IHelloWorld) ctx.lookup("HelloWorldBean/remote");
            
             System.out.println("Got " + hw.helloWorld("Hello server"));
             }
            }
            


            Server:
            package test.ejb.stateless;
            
            import javax.annotation.security.RolesAllowed;
            import javax.ejb.Remote;
            import javax.ejb.Stateless;
            
            import org.jboss.ejb3.annotation.SecurityDomain;
            
            
            @Stateless
            @SecurityDomain("JBossWS")
            @Remote(IHelloWorld.class)
            public class HelloWorldBean implements IHelloWorld
            {
             @RolesAllowed({"friend"})
             public String helloWorld(String in)
             {
             System.out.println("Got " + in);
             return "Hello Client";
             }
            }
            

            jboss.xml:
            ?xml version="1.0"?>
            <jboss>
             <security-domain>JBossWS</security-domain>
            </jboss>
            


            I used JBossWS security domain.

            Regards,
            Dragan

            • 3. Re: RolesAllowed causes exception on client with JBoss5
              jaikiran pai Master

               

              Properties p = new Properties();
              //p.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
              p.setProperty("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory");
              p.setProperty("java.naming.provider.url","localhost:1099");
              p.setProperty("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
              p.setProperty(Context.SECURITY_PRINCIPAL, "kermit");
              p.setProperty(Context.SECURITY_CREDENTIALS, "thefrog");


              This has changed in JBossAS-5. Checkout the EJB3 "security" tutorial to see how its done now http://anonsvn.jboss.org/repos/jbossas/projects/ejb3/trunk/docs/tutorial/security/

              • 4. Re: RolesAllowed causes exception on client with JBoss5
                draganj Newbie

                Hello,

                Thanks for the quick answer. It works.

                Do you know what is the reason why we can not use "generic" client anymore (SecurityClient is jboss specific).

                Thanks again,
                Dragan

                • 5. Re: RolesAllowed causes exception on client with JBoss5
                  jaikiran pai Master

                  Your earlier client too was JBoss specific, remember you were passing the JBoss specific JNDI properties and required JBoss specific jars in the classpath.

                  • 6. Re: RolesAllowed causes exception on client with JBoss5
                    Wolfgang Knauf Master

                    Hi Dragan,

                    actually, you use JAAS on the client side (which is a Java standard), there is not much JBoss specific stuff about this.

                    To login, you need an implementation of "javax.security.auth.callback.CallbackHandler" (which provides user/password), and perform the authentication using this CallbackHandler:

                    javax.security.auth.login.LoginContext loginContext = new LoginContext ("...", callbackHandler);
                    loginContext.login();


                    The JBoss "SecurityClient" is just an implementation of the CallbackHandler interface.

                    Hope this helps a bit

                    Wolfgang