0 Replies Latest reply on Aug 2, 2012 3:10 AM by Derya Altuntas

    can not login using JAAS in JBoss 6 javax.ejb.EJBAccessException: Invalid User

    Derya Altuntas Newbie

      Here are the steps which I have done so far.

      1) I added application policy for JAAS login configuration.I attached login-config.xml.


      2) I created jaas.config file with following content.I set the path of this file in JDK in java.security file.


      login-app {


      org.jboss.security.ClientLoginModule required;




      3) I am not able to  define security domain.Because My Application is not a web application.I do not have WEB_INF directory.So I skipped this step







      4 ) I created a handler as named PassiveCallbackHandler.It is in the attachment.


      5 )I have an ejb to inject jaas login to server side.this is just test.No Logic function.

      import org.jboss.ejb3.annotation.SecurityDomain;



      @RolesAllowed(value = {



      public class UserSessionBean implements UserSessionBeanRemote {

                private Authorization auth;


                public void setAuthorization(Authorization authorization) {

                          auth = authorization;






                public Authorization getUserSession() {

                          return auth;







      6) Client code.My role table stores role id and user id attributes, so  I am sending id of user to PassiveCallbackHandler.Also I am waiting to get some role id as roles.


      /** reads user entity

      User user = getSecurityEJB().login(userNameText.getText(),


                          CallbackHandler handler = new PassiveCallbackHandler(user.getId(), String.valueOf(passwordText


                          try {

                                    LoginContext lc = new LoginContext("login-app", handler);


                                    Subject subject = lc.getSubject();


      (UserSessionBeanRemote) JndiResourceLookupHelper




                          } catch (Exception e) {

                                    System.out.println("authentication failed");





      My Problem:


      1) In case of my login succees ( password user name combination correct, subject does not return any roles.

      In case of failure success (), no exception, no info message is written to Subject




      2) When I call ejb business method getUserSession(); calll results with following exception


      javax.ejb.EJBAccessException: Invalid User

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161)