8 Replies Latest reply on May 4, 2010 6:44 AM by apoth

AccessException invoking an EJB method

apoth Apr 30, 2010 10:51 AM

I've got some client code which does a JNDI lookup for an EJB reference.

It successfully creates an EJBHome reference but if I call a create method on it (just an empty stub of a method), it throws an exception:

java.rmi.AccessException: SecurityException; nested exception is:

javax.security.auth.login.FailedLoginException: Password Incorrect/Password required

...etc...

(Difficult to paste the whole stack trace as it's on a secured network without internet access).

Does anyone have any ideas where/how I can set the username and password and where it might be configured that I would need one?

Thanks.

1. Re: AccessException invoking an EJB method

jaikiran Apr 30, 2010 10:58 AM (in response to apoth)

R M wrote:

where it might be configured that I would need one?

Thanks.
Is there a jboss.xml with a security-domain element? If yes, what value does it contain?
Actions
2. Re: AccessException invoking an EJB method

apoth Apr 30, 2010 11:28 AM (in response to jaikiran)

Yes, it contains: java:/jaas/JEEOE_ClientLoginRealm

There's a login-config.xml with an application-policy with a matching name, with four login-modules defined in an authentication, which are in order; BaseCertLoginModule, LdapLoginModule, RoleMappingLogingModule, ClientLoginModule.

Thanks.
Actions
3. Re: AccessException invoking an EJB method

jaikiran Apr 30, 2010 11:32 AM (in response to apoth)

So then you'll have to pass the valid username/password as expected by those login modules.
Actions
4. Re: AccessException invoking an EJB method

apoth Apr 30, 2010 11:51 AM (in response to jaikiran)

Sure, I have a few questions around that...

- Do all the login modules require the same credentials - do I authenticate using one or all of them?
- How do I pass the username and password (is it passing java.naming.security.prinicpal and java.naming.security.credentials properties to the Context?)
- How do I find where the existing username and passwords be stored?

Thanks again.
Actions
5. Re: AccessException invoking an EJB method

apoth May 4, 2010 4:27 AM (in response to apoth)

I forgot a question about a 'Caused by' in the stack trace:

Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
...

Why would it be using the UsernamePasswordLoginModule and not one of the four specified in the login-config.xml for the security-domain?
Actions
6. Re: AccessException invoking an EJB method

jaikiran May 4, 2010 5:54 AM (in response to apoth)

Which version of JBoss AS is this? Can you post the contents of your login-config.xml and jboss.xml? Also enable TRACE level logging of security package to see what's going on. See Q4 here in FAQ http://community.jboss.org/wiki/SecurityFAQ

P.S: Instead of specifying java:/jaas/JEEOE_ClientLoginRealm you might want to try just JEEOE_ClientLoginRealm in the jboss.xml. There was a change in this area in some version of JBoss AS.
Actions
7. Re: AccessException invoking an EJB method

apoth May 4, 2010 6:25 AM (in response to jaikiran)

4.3.0

Deployment failed after taking out the java:/jaas/ from the security domain.

I can't really post the whole file contents, it's on a closed network so it's really only as much as I can remember at a time, I know that's a pain.

I'll look into the logging now, thanks.
Actions
8. Re: AccessException invoking an EJB method

apoth May 4, 2010 6:44 AM (in response to apoth)

Ok, now I can see it pass through BaseCertLoginModule in the server.log, though it just says "exit: login()" and then LdapLoginModule says 'bad password for username=null'.

So at least I know it's getting into BaseCertLoginModule.
Actions

Go to original post