jboss 6 security jass problem
hibernator_11 Sep 5, 2012 3:15 PMHi all,
After three working on my jaas jboss project i just can login but not execute any ejb operations. I have checked like a million of posts...but i just cannot make it work...
I'll explain everything here.
My login-config.xml has the application policy for my users.
login-config.xml <application-policy name = "verifiq-domain"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <!--<module-option name = "unauthenticatedIdentity">invitado</module-option>--> <module-option name = "password-stacking">useFirstPass</module-option> <module-option name = "hashStorePassword">true</module-option> <module-option name = "dsJndiName">java:/Bvmc</module-option> <module-option name = "principalsQuery">SELECT PASSWORD FROM CATALOGADOR WHERE usuario=?</module-option> <module-option name = "rolesQuery">SELECT ROL, 'Roles' FROM CATALOGADOR_ROL WHERE usuario=?</module-option> <module-option name = "hashAlgorithm">MD5</module-option> <module-option name = "hashEncoding">base64</module-option> </login-module> </authentication> </application-policy>
My ejb definition uses this domain:
@Stateless(mappedName = "explusionStatusBo") @SecurityDomain(value="java:/jaas/verifiq-domain") public class ExplusionStatusBoEjb implements IExplusionStatusBo, Serializable, SessionBean, ExplusionStatusBoEjbLocal, ExplusionStatusBoEjbRemote .....
My jboss.xml
jboss.xml <jboss> <security-domain>java:/jaas/verifiq-domain</security-domain> </jboss>
My handler jaas class:
private class PassiveCallbackHandler implements CallbackHandler { private String username; //char[] password; private String password; /** * Creates a callback handler with the give username * and password. */ public PassiveCallbackHandler(String user, String pass) { this.username = user; this.password = pass; } /** * Handles the specified set of Callbacks. Uses the * username and password that were supplied to our * constructor to popluate the Callbacks. * * This class supports NameCallback and PasswordCallback. * * @param callbacks the callbacks to handle * @throws IOException if an input or output error occurs. * @throws UnsupportedCallbackException if the callback is not an * instance of NameCallback or PasswordCallback */ public void handle(Callback[] callbacks) throws java.io.IOException, UnsupportedCallbackException { for (int i = 0; i < callbacks.length; i++) { Callback callback = callbacks[i]; if (callback instanceof NameCallback) { NameCallback nameCB = (NameCallback) callback; nameCB.setName(username); } else if (callback instanceof PasswordCallback) { PasswordCallback passwordCB = (PasswordCallback) callback; String hash = Util.createPasswordHash("MD5", "BASE64", null, null, password); log.debug("password hash:" + hash); passwordCB.setPassword(hash.toCharArray()); } } } }
I have an ear that contains all ejbs definitions. I have another project that is a gwt client that uses these ejbs and i want to know what user is executing the ejbs to audit the operations. After all the configuration, the login code works perfectly in my gwt client:
SecurityClient securityClient = null; try { securityClient = SecurityClientFactory.getSecurityClient(); log.debug("mi gwt password:" + password); log.debug("Viene a hacer login"); securityClient.setJAAS("verifiq-domain", new PassiveCallbackHandler(usuario, password)); securityClient.login();
At this point everything is allright. The user is logged and everything is fine. But if after login the user i want to use the ejb, it says "caller unauthorized" because it is not propagate the login to the ejb tier i think. So i have tried creating an initialcontext on my gwt client but it does not work...
Properties properties = new Properties(); properties.setProperty(" INITIAL_CONTEXT_FACTORY","org.jnp.interfaces.NamingContextFactory"); properties.setProperty("URL_PKG_PREFIXES","org.jboss.naming:org.jnp.interfaces"); properties.setProperty("PROVIDER_URL","jnp://localhost:1099"); properties.put(Context.SECURITY_PRINCIPAL, "admin"); try { InitialContext ctx = new InitialContext(properties); ExplusionStatusBoEjbRemote service = (ExplusionStatusBoEjbRemote) ctx.lookup("cervantesvirtual-enterprise/ExplusionStatusBoEjb/remote-com.cervantesvirtual.interfaces.ExplusionStatusBoEjbRemote"); String response = service.expell(usuario, password); log.debug("respuesta ejb servicio! " + response);
To sum up, i can login but after that i can not call my ejb function. I'd love to use jaas on my project and use users and roles for all my ejbs...but i am struggling my head and this is not working at all..
pd: i am using jboss 6. I saw this link but still does not work...http://www.ajka-andrej.com/2011/05/22/jboss-6-client-authentication-sd/
thanks in advance!
Edited: i saw here https://community.jboss.org/wiki/SecurityFAQ that maybe i need.
<!-- Add this line to your login-config.xml to include the ClientLoginModule propogation -->
<login-module code="org.jboss.security.ClientLoginModule" flag="required" ></login-module>