9 Replies Latest reply on Apr 8, 2013 3:47 PM by Wolf-Dieter Fink

    EJB to EJB call

    Sunil Dixit Newbie

      Hi,

       

      I am trying to call secured ejb from non secured ejb but I am not able to propagate security information. Here is business case

       

      Client supply user name & password to EJB_A (i.e. remote call) and  EJB_A do authentication (using jaas) and if authentication is done then it tries to call EJB_B ( secured) using it's remote interface.

       

      I am using following env.

       

      JBOSS 7.1

      JDK 1.6

       

      Here are changes I have made

       

      Added following xml in "Standalone.xml

       

        <security-realm name="TestRealm">

                      <authentication>

                          <jaas name="TestJAAS"/>

                      </authentication>

      </security-realm>

       

         <security-domain name="TestJAAS" cache-type="default">

                          <authentication>

                              <login-module code="UsersRoles" flag="required">

                                  <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>

                                  <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>

                                  <module-option name="debug" value="true"/>

                              </login-module>

                          </authentication>

           </security-domain>

       

       

      Here is code of EJB_A

       

      @Stateless

      public class AuthEJB implements AuthEJBRemote, AuthEJBLocal {

       

          public  void authenticate(Principal p, String password){       

              boolean valid = false;       

              Subject activeSubject = new Subject();

              try {

                  AuthenticationManager authenticationManager = new JBossSecurityContext(SecurityConstants.JAAS_CONTEXT_ROOT + "TestJAAS").getAuthenticationManager();

                  activeSubject.getPrincipals().add(p);

                  valid = authenticationManager.isValid(p, password, activeSubject);

              } catch (Exception e1) {

                  e1.printStackTrace();

              }

              if(valid){

                   PrivilegedAction<Void > acc  = new PrivilegedAction<Void>() {

                      @Override

                      public Void run() {

                          try{

                              InitialContext context = new InitialContext();

                              HelloWorldRemote remote = (HelloWorldRemote) context.lookup("java:app/SecuredEJB/HelloWorld!com.test.HelloWorldRemote");

                              remote.sayHello();

                          }catch(Exception exception)

                          {

                              exception.printStackTrace();

                          }

                          return null;

                      }

                  };

                  activeSubject.doAsPrivileged(activeSubject, acc, null);

                  System.out.println("DONE");

              }

          }

      }

       

       

      Here is code of EJB_B

       

      @Stateless(name="HelloWorld")

      @SecurityDomain("TestJAAS")

      public class HelloWorld implements HelloWorldRemote, HelloWorldLocal {

       

          @RolesAllowed({"Manager"})

          public void sayHello()

          {

              System.out.println("########################## HELOO JEEE #######################");

          }

      }

       

       

      Here is client code

       

      Hashtable<String, Object> env = new Hashtable();

      env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.naming.remote.client.InitialContextFactory");

      env.put(Context.PROVIDER_URL, "remote://localhost:4447");

      env.put("jboss.naming.client.ejb.context",true);

      env.put("jboss.naming.client.connect.options.org.xnio.Options.SASL_POLICY_NOPLAINTEXT","false");

      env.put(Context.URL_PKG_PREFIXES, "org.jboss.ejb.client.naming");

      InitialContext context = new InitialContext(env);

      AuthEJBRemote remote = (AuthEJBRemote) context.lookup("SecuredEJB/AuthEJB!com.test.AuthEJBRemote");

      Principal principal1 = new SimplePrincipal("admin");

      remote.authenticate(principal1 , "admin");

       

       

      I am getiing following exception when EJB_A invoke method in EJB_B

       

      12:57:05,086 INFO  [org.jboss.ejb.client] (pool-3-thread-1) JBoss EJB Client version 1.0.11.Final-redhat-1

      12:57:14,227 WARN  [org.jboss.security] (EJB default - 1) PBOX000234: Invalid or misspelled module option: debug

      12:57:14,274 ERROR [org.jboss.security] (EJB default - 1) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required

              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:283) [picketbox-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:171) [picketbox-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]

              at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]

              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) [rt.jar:1.6.0_37]

              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_37]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_37]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_37]

              at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_37]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.14.Final-redhat-2.jar:4.0.14.Final-redhat-2]

              at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:388) [jboss-as-security-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:326) [jboss-as-security-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

              at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.remote.LocalEjbReceiver.processInvocation(LocalEjbReceiver.java:221) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:181) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.TransactionInterceptor.handleInvocation(TransactionInterceptor.java:42) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.ReceiverInterceptor.handleInvocation(ReceiverInterceptor.java:125) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.EJBClientInvocationContext.sendRequest(EJBClientInvocationContext.java:183) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:136) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.EJBInvocationHandler.doInvoke(EJBInvocationHandler.java:121) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at org.jboss.ejb.client.EJBInvocationHandler.invoke(EJBInvocationHandler.java:104) [jboss-ejb-client-1.0.11.Final-redhat-1.jar:1.0.11.Final-redhat-1]

              at $Proxy13.sayHello(Unknown Source)    at com.test.AuthEJB$1.run(AuthEJB.java:43) [SecuredEJB.jar:]

              at com.test.AuthEJB$1.run(AuthEJB.java:1) [SecuredEJB.jar:]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

              at javax.security.auth.Subject.doAsPrivileged(Subject.java:454) [rt.jar:1.6.0_37]

              at com.test.AuthEJB.authenticate(AuthEJB.java:51) [SecuredEJB.jar:]

              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_37]

              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_37]

              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_37]

              at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_37]

              at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:36) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:226) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:302) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:188) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:42) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:43) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final-redhat-2.jar:1.1.1.Final-redhat-2]

              at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:321) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:69) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:202) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:439) [rt.jar:1.6.0_37]

              at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_37]

              at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_37]

              at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_37]

              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_37]

              at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_37]

              at org.jboss.threads.JBossThread.run(JBossThread.java:122)

       

      12:57:14,352 ERROR [org.jboss.as.ejb3.invocation] (EJB default - 1) JBAS014134: EJB Invocation failed on component HelloWorld for method public abstract void com.test.HelloWorldRemote.sayHello(): javax.ejb.EJBAccessException: JBAS013323: Invalid User

              at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]

              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_37]

              at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.3.Final-redhat-4.jar:7.1.3.Final-redhat-4]