3 Replies Latest reply on Dec 18, 2009 7:15 AM by Celinio Fernandes

    JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory

    Celinio Fernandes Novice

      Hi,

      I have developped a stateful session bean where access to methods are restricted :

       

      @SecurityDomain("myDomainBlabla")
      @RolesAllowed({"xxx", "yyy"})
      @Stateful
      public class BlablaBean  implements BlablaRemote {


                @RolesAllowed({"xxx"})
                  public void doSomething(User user) {
                  ...
                  }
                  ...
      }

       

      Authentication and authorization worls well from a JUnit test case.
      Inside my JUnit class, I perform a connection :

       

                SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           
                  securityClient.login();


      No problem. The user with role xxx gets access to the method doSomething(User user)
      according to the files myApp-users.properties and myApp-roles.properties

       

      I am now trying to authenticate the user in a Struts 2 action (LoginAction) and propagate the role, using the same code :


                  SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           
                  securityClient.login();  
               

                 
      It does not work, i get an error when i try to access the method doSomething(User user) :

       

      11:22:44,456 ERROR [STDERR] javax.ejb.EJBAccessException: Invalid User

       

      What is wrong ? I am guessing i need to propagate the role to the entire app, how do i do that ?

       

      Thanks for helping

        • 2. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
          Celinio Fernandes Novice

          Thanks very much for helping.

           

          So i replaced :

          SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
          securityClient.setSimple(getLogin(), getPassword());       
          securityClient.login();

           

          with

           

          WebAuthentication pwl = new WebAuthentication();
          pwl.login(getLogin(), getPassword());

           

          I now have a different error message  :

           

          12:59:59,599 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
          java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
              at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.access$000(Unknown Source)
              at javax.security.auth.login.LoginContext$4.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
              at javax.security.auth.login.LoginContext.login(Unknown Source)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
              at org.jboss.web.tomcat.security.login.WebAuthentication.login(WebAuthentication.java:93)
              at com.eni.dvtejb.clientStruts2.action.LoginAction.execute(LoginAction.java:76)

           

           

          I have these 2 properties files (users + roles) located here :

          jboss-5.1.0.GA.jdk6\server\default\conf\props

           

          They worked for my EJB client test.

          Do i need to include them in my Struts 2 webapp also ?

          • 3. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
            Celinio Fernandes Novice

            I think I got it :

            I added a file jboss-web.xml in my webapp, it seems to work fine now

             

            Thanks