Hi all,

After three working on my jaas jboss project i just can login but not execute any ejb operations. I have checked like a million of posts...but i just cannot make it work...

I'll explain everything here.

My login-config.xml has the application policy for my users.

login-config.xml

    <application-policy name = "verifiq-domain">
      <authentication>
      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
           <!--<module-option name = "unauthenticatedIdentity">invitado</module-option>-->
           <module-option name = "password-stacking">useFirstPass</module-option>
           <module-option name = "hashStorePassword">true</module-option>
           <module-option name = "dsJndiName">java:/Bvmc</module-option>
           <module-option name = "principalsQuery">SELECT PASSWORD FROM CATALOGADOR WHERE usuario=?</module-option>
           <module-option name = "rolesQuery">SELECT ROL, 'Roles' FROM CATALOGADOR_ROL WHERE usuario=?</module-option>
           <module-option name = "hashAlgorithm">MD5</module-option>  
           <module-option name = "hashEncoding">base64</module-option>
      </login-module>
     </authentication>
     </application-policy>

My ejb definition uses this domain:

@Stateless(mappedName = "explusionStatusBo")
@SecurityDomain(value="java:/jaas/verifiq-domain")
public class ExplusionStatusBoEjb implements IExplusionStatusBo, Serializable, SessionBean, ExplusionStatusBoEjbLocal, ExplusionStatusBoEjbRemote
.....

My jboss.xml

jboss.xml
<jboss>
    <security-domain>java:/jaas/verifiq-domain</security-domain>
</jboss>

My handler jaas class:

private class PassiveCallbackHandler implements CallbackHandler
    {
        private String username;
        //char[] password;
        private String password;

        /**
         * Creates a callback handler with the give username
          * and password.
         */
        public PassiveCallbackHandler(String user, String pass) {
            this.username = user;
            this.password = pass;

        }

         /**
         * Handles the specified set of Callbacks. Uses the
         * username and password that were supplied to our
         * constructor to popluate the Callbacks.
         *
         * This class supports NameCallback and PasswordCallback.
          *
         * @param   callbacks the callbacks to handle
         * @throws  IOException if an input or output error occurs.
         * @throws  UnsupportedCallbackException if the callback is not an
         * instance of NameCallback or PasswordCallback
          */
        public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException
        {
            for (int i = 0; i < callbacks.length; i++) 
            {
                Callback callback = callbacks[i];
                 if (callback instanceof NameCallback) 
                {
                    NameCallback nameCB = (NameCallback) callback;
                    nameCB.setName(username);
                }
                else if (callback instanceof PasswordCallback) 
                 {
                    PasswordCallback passwordCB = (PasswordCallback) callback;

                    String hash = Util.createPasswordHash("MD5", "BASE64", null, null, password);
                     log.debug("password hash:" + hash);

                    passwordCB.setPassword(hash.toCharArray());
                }
            }
        }
    }

I have an ear that contains all ejbs definitions. I have another project that is a gwt client that uses these ejbs and i want to know what user is executing the ejbs to audit the operations. After all the configuration, the login code works perfectly in my gwt client:

SecurityClient securityClient = null;
        try {
            securityClient = SecurityClientFactory.getSecurityClient();
            log.debug("mi gwt password:" + password);
            log.debug("Viene a hacer login");
            securityClient.setJAAS("verifiq-domain", new PassiveCallbackHandler(usuario, password));
             securityClient.login();

At this point everything is allright. The user is logged and everything is fine. But if after login the user i want to use the ejb, it says "caller unauthorized" because it is not propagate the login to the ejb tier i think. So i have tried creating an initialcontext on my gwt client but it does not work...

Properties properties = new Properties();
                    properties.setProperty("
INITIAL_CONTEXT_FACTORY","org.jnp.interfaces.NamingContextFactory");
                     properties.setProperty("URL_PKG_PREFIXES","org.jboss.naming:org.jnp.interfaces");
                    properties.setProperty("PROVIDER_URL","jnp://localhost:1099");
                     properties.put(Context.SECURITY_PRINCIPAL, "admin");
                    try {
                        InitialContext ctx = new InitialContext(properties);
                        ExplusionStatusBoEjbRemote service = (ExplusionStatusBoEjbRemote) ctx.lookup("cervantesvirtual-enterprise/ExplusionStatusBoEjb/remote-com.cervantesvirtual.interfaces.ExplusionStatusBoEjbRemote");
                         String response = service.expell(usuario, password);
                        log.debug("respuesta ejb servicio! " + response);

To sum up, i can login but after that i can not call my ejb function. I'd love to use jaas on my project and use users and roles for all my ejbs...but i am struggling my head and this is not working at all..

pd: i am using jboss 6. I saw this link but still does not work...http://www.ajka-andrej.com/2011/05/22/jboss-6-client-authentication-sd/

thanks in advance!

Edited: i saw here https://community.jboss.org/wiki/SecurityFAQ that maybe i need.

<!-- Add this line to your login-config.xml to include the ClientLoginModule propogation -->     

<login-module code="org.jboss.security.ClientLoginModule" flag="required" ></login-module>