9 Replies Latest reply on Apr 8, 2013 3:47 PM by wdfink

EJB to EJB call

sunil_dixit Mar 14, 2013 3:28 AM

Hi,

I am trying to call secured ejb from non secured ejb but I am not able to propagate security information. Here is business case

Client supply user name & password to EJB_A (i.e. remote call) and EJB_A do authentication (using jaas) and if authentication is done then it tries to call EJB_B ( secured) using it's remote interface.

I am using following env.

JBOSS 7.1

JDK 1.6

Here are changes I have made

Added following xml in "Standalone.xml

<security-realm name="TestRealm">

</authentication>

</security-realm>

<security-domain name="TestJAAS" cache-type="default">

<login-module code="UsersRoles" flag="required">

<module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>

<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>

<module-option name="debug" value="true"/>

</login-module>

</authentication>

</security-domain>

Here is code of EJB_A

@Stateless

public class AuthEJB implements AuthEJBRemote, AuthEJBLocal {

public void authenticate(Principal p, String password){

boolean valid = false;

Subject activeSubject = new Subject();

try {

AuthenticationManager authenticationManager = new JBossSecurityContext(SecurityConstants.JAAS_CONTEXT_ROOT + "TestJAAS").getAuthenticationManager();

activeSubject.getPrincipals().add(p);

valid = authenticationManager.isValid(p, password, activeSubject);

} catch (Exception e1) {

e1.printStackTrace();

}

if(valid){

PrivilegedAction<Void > acc = new PrivilegedAction<Void>() {

@Override

public Void run() {

try{

InitialContext context = new InitialContext();

HelloWorldRemote remote = (HelloWorldRemote) context.lookup("java:app/SecuredEJB/HelloWorld!com.test.HelloWorldRemote");

remote.sayHello();

}catch(Exception exception)

{

exception.printStackTrace();

}

return null;

}

};

activeSubject.doAsPrivileged(activeSubject, acc, null);

System.out.println("DONE");

}

Here is code of EJB_B

@Stateless(name="HelloWorld")

@SecurityDomain("TestJAAS")

public class HelloWorld implements HelloWorldRemote, HelloWorldLocal {

@RolesAllowed({"Manager"})

public void sayHello()

{

System.out.println("########################## HELOO JEEE #######################");

}

Here is client code

Hashtable<String, Object> env = new Hashtable();

env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.naming.remote.client.InitialContextFactory");

env.put(Context.PROVIDER_URL, "remote://localhost:4447");

env.put("jboss.naming.client.ejb.context",true);

env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");

env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

InitialContext context = new InitialContext(env);

AuthEJBRemote remote = (AuthEJBRemote) context.lookup("SecuredEJB/AuthEJB!com.test.AuthEJBRemote");

Principal principal1 = new SimplePrincipal("admin");

remote.authenticate(principal1 , "admin");

I am getiing following exception when EJB_A invoke method in EJB_B

12:57:05,086 INFO [org.jboss.ejb.client] (pool-3-thread-1) JBoss EJB Client version 1.0.11.Final-redhat-1

12:57:14,227 WARN [org.jboss.security] (EJB default - 1) PBOX000234: Invalid or misspelled module option: debug

12:57:14,274 ERROR [org.jboss.security] (EJB default - 1) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required

at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) [picketbox-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171) [picketbox-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]

at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_37]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_37]

at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_37]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:388) [jboss-as-security-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:326) [jboss-as-security-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:221) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:42) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:125) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

at $Proxy13.sayHello(Unknown Source) at com.test.AuthEJB$1.run(AuthEJB.java:43) [SecuredEJB.jar:]

at com.test.AuthEJB$1.run(AuthEJB.java:1) [SecuredEJB.jar:]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at javax.security.auth.Subject.doAsPrivileged(Subject.java:454) [rt.jar:1.6.0_37]

at com.test.AuthEJB.authenticate(AuthEJB.java:51) [SecuredEJB.jar:]

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]

at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]

at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:226) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:302) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:188) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:321) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:69) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:202) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439) [rt.jar:1.6.0_37]

at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_37]

at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_37]

at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]

at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]

at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]

at org.jboss.threads.JBossThread.run(JBossThread.java:122)

12:57:14,352 ERROR [org.jboss.as.ejb3.invocation] (EJB default - 1) JBAS014134: EJB Invocation failed on component HelloWorld for method public abstract void com.test.HelloWorldRemote.sayHello(): javax.ejb.EJBAccessException: JBAS013323: Invalid User

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

1. Re: EJB to EJB call

wdfink Mar 15, 2013 12:41 PM (in response to sunil_dixit)

Are both EJBs within the same app or server?
I think in this case it is not possible as for AS7.1 the authentication is bound to the connection and can not be changed on the fly.

You might have a look to this quickstart, but it is for EAP6.1.Alpha which is near AS7.2 (see https://community.jboss.org/thread/204717)
Actions
2. Re: EJB to EJB call

rodakr Mar 16, 2013 6:06 AM (in response to sunil_dixit)

... not shure what you try to do, but it looks quite wrong to me.
The right place for custom authentication would be custom login modul.
Take a look on picketbox...
Actions
3. Re: EJB to EJB call

sunil_dixit Mar 18, 2013 12:42 AM (in response to rodakr)

Hi,

What is my requirement is , I have EJBs which are deployed as "Secured EJBs ( i.e. Roll Based access)", These EJBs has both clients (i.e. thin & thick) and thick clients (swing based) need to consume these EJBs.

I have already configured JAAS in jboss and it works fine with thin clients ( as it uses servlet auth features) but fails on thick client as they can't access JAAS module configured on Server. I did gone through so many blogs and found that calling configured JAAS module outside of server ihas no standard and most of the app server provides there custom classes to do the same.

I can't make "<subsystem xmlns="urn:jboss:domain:remoting:1.1">" to use my configured JAAS module as It will enforce all callers to supply "User Name and password" when they do lookup of session bean.

So I thought, let me expose on ejb which will return "Subject" to me as part of authentication (i.e. using JAAS). Once I got that, I can use "Subject..doXXXX(_)" method on client side to pass security related information to server and server will allow EJB's method calling. But this does work ( I did tried JBOSS server specific utility classes also like ClientSecurityAssociation etc).

On second thought , I tried to call secured EJB inside EJB so that authenticated subject will automatically passed but again that does not work.

In both calling, I was getting the same exception.

I hope this explains my problem.

Thanks
Actions
4. Re: EJB to EJB call

rodakr Mar 18, 2013 2:45 PM (in response to sunil_dixit)

Mabe something like this:

https://community.jboss.org/message/801976?tstart=0
Actions
5. Re: EJB to EJB call

sunil_dixit Mar 19, 2013 6:34 AM (in response to rodakr)

No, they talk different things. I do not want to use any interceptor at server side as it will execute every time whenever that ejb (i.e. secured ejbs) were called. From thin client prospective, it will be overkill as client is already authenticated.
Actions
6. Re: EJB to EJB call

jaikiran Mar 19, 2013 8:42 AM (in response to sunil_dixit)

Take a look at this quickstart https://github.com/jboss-jdf/jboss-as-quickstart/tree/master/ejb-security-interceptors
Actions
7. Re: EJB to EJB call

rodakr Mar 19, 2013 2:43 PM (in response to jaikiran)

really nice!
Actions
8. Re: EJB to EJB call

sunil_dixit Mar 28, 2013 2:28 AM (in response to jaikiran)

Hi,

Thanks for reply, but I am using EAP 6.0 ( i.e. AS 7.0.0) and I tried given solution on EAP 6.0 but no luck.
Actions
9. Re: EJB to EJB call

wdfink Apr 8, 2013 3:47 PM (in response to sunil_dixit)

To use that solution (ejb-security-interceptors) you need to migrate to EAP6.1.Alpha.
With EAP6 or AS7 you did not have this option.
Actions

Go to original post