0 Replies Latest reply on Aug 2, 2012 3:10 AM by deryaaltuntas

    can not login using JAAS in JBoss 6 javax.ejb.EJBAccessException: Invalid User

    deryaaltuntas
    deryaaltuntas Aug 2, 2012 3:10 AM

      Here are the steps which I have done so far.

      1) I added application policy for JAAS login configuration.I attached login-config.xml.

       

      2) I created jaas.config file with following content.I set the path of this file in JDK in java.security file.

       

      login-app {

       

      org.jboss.security.ClientLoginModule required;

       

      };

       

      3) I am not able to  define security domain.Because My Application is not a web application.I do not have WEB_INF directory.So I skipped this step

      Example
 of 
jboss‐web.xml:

      <?xml
version="1.0"
encoding="UTF‐8"?>

      <jboss‐web>

      <security‐domain>java:/jaas/airbus</security‐domain>

      </jboss‐web>

       

      4 ) I created a handler as named PassiveCallbackHandler.It is in the attachment.

       

      5 )I have an ejb to inject jaas login to server side.this is just test.No Logic function.

      import org.jboss.ejb3.annotation.SecurityDomain;

      @Stateful

      @SecurityDomain("security-siguard")

      @RolesAllowed(value = {

                "1"

      })

      public class UserSessionBean implements UserSessionBeanRemote {

                private Authorization auth;

                @Override

                public void setAuthorization(Authorization authorization) {

                          auth = authorization;

       

                }

       

       

                @Override

                public Authorization getUserSession() {

                          return auth;

       

                }

       

       

      }

       

      6) Client code.My role table stores role id and user id attributes, so  I am sending id of user to PassiveCallbackHandler.Also I am waiting to get some role id as roles.

       

      /** reads user entity

      User user = getSecurityEJB().login(userNameText.getText(),

                                              String.valueOf(passwordText.getPassword()));

                          CallbackHandler handler = new PassiveCallbackHandler(user.getId(), String.valueOf(passwordText

                                              .getPassword()));

                          try {

                                    LoginContext lc = new LoginContext("login-app", handler);

                                    lc.login();

                                    Subject subject = lc.getSubject();

                                    subject.getPrincipals();

      (UserSessionBeanRemote) JndiResourceLookupHelper

                                              .lookup("UserSessionBean/remote");

      .getUserSession();

       

                          } catch (Exception e) {

                                    System.out.println("authentication failed");

                                    e.printStackTrace();

                          }

       

       

      My Problem:

       

      1) In case of my login succees ( password user name combination correct, subject does not return any roles.

      In case of failure success (), no exception, no info message is written to Subject

       

       

       

      2) When I call ejb business method getUserSession(); calll results with following exception

       

      javax.ejb.EJBAccessException: Invalid User

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161)