3 Replies Latest reply on Dec 18, 2009 7:15 AM by Celinio Fernandes

    JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory

    Celinio Fernandes Novice


      I have developped a stateful session bean where access to methods are restricted :


      @RolesAllowed({"xxx", "yyy"})
      public class BlablaBean  implements BlablaRemote {

                  public void doSomething(User user) {


      Authentication and authorization worls well from a JUnit test case.
      Inside my JUnit class, I perform a connection :


                SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           

      No problem. The user with role xxx gets access to the method doSomething(User user)
      according to the files myApp-users.properties and myApp-roles.properties


      I am now trying to authenticate the user in a Struts 2 action (LoginAction) and propagate the role, using the same code :

                  SecurityClient securityClient = SecurityClientFactory.getSecurityClient();           
                  securityClient.setSimple("user1", "pwd1");           

      It does not work, i get an error when i try to access the method doSomething(User user) :


      11:22:44,456 ERROR [STDERR] javax.ejb.EJBAccessException: Invalid User


      What is wrong ? I am guessing i need to propagate the role to the entire app, how do i do that ?


      Thanks for helping

        • 2. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
          Celinio Fernandes Novice

          Thanks very much for helping.


          So i replaced :

          SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
          securityClient.setSimple(getLogin(), getPassword());       




          WebAuthentication pwl = new WebAuthentication();
          pwl.login(getLogin(), getPassword());


          I now have a different error message  :


          12:59:59,599 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
          java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
              at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
              at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
              at java.lang.reflect.Method.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.invoke(Unknown Source)
              at javax.security.auth.login.LoginContext.access$000(Unknown Source)
              at javax.security.auth.login.LoginContext$4.run(Unknown Source)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
              at javax.security.auth.login.LoginContext.login(Unknown Source)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
              at org.jboss.web.tomcat.security.login.WebAuthentication.login(WebAuthentication.java:93)
              at com.eni.dvtejb.clientStruts2.action.LoginAction.execute(LoginAction.java:76)



          I have these 2 properties files (users + roles) located here :



          They worked for my EJB client test.

          Do i need to include them in my Struts 2 webapp also ?

          • 3. Re: JBoss 5.1.0 GA, Struts 2.0 and EJB 3.0 : SecurityClientFactory
            Celinio Fernandes Novice

            I think I got it :

            I added a file jboss-web.xml in my webapp, it seems to work fine now