8 Replies Latest reply on Oct 30, 2009 9:21 AM by Wolfgang Knauf

    JAAS: using sessionbean's home interface method "create" fro

    Chopper Read Newbie

      Hi friends:)

      i have 2 jboss instances:
      jboss A (4.2.3) running on interface 127.0.0.1 and deploying some session beans
      jboss B (5.0) running remotely on other network interface and deploying a MDB

      The MDB can read message from remote topic on A

      If i try to use the create method of a session bean on jboss A, i have a SecurityException:

      java.rmi.AccessException: SecurityException; nested exception is:
      java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=SourceServiceBean, method=create, interface=HOME, requiredRoles=[ENABLED, SUPEROWNER, INITIALIZER, INDEXER], principalRoles=[]

      There is something to add about JAAS, maybe in a jboss config file, but i don't know where.
      Can you help me please?

      Bye and thanks;)

        • 1. Re: JAAS: using sessionbean's home interface method
          Wolfgang Knauf Master

          Hi,

          first of all: are there security declarations on the EJBs on JBoss A? If yes: post them please.
          Did you declare a Security Domain, and did you modify "login-config.xml" (or for JBoss 5.0: a "-jboss-beans.xml" file)?

          Best regards

          Wolfgang

          • 2. Re: JAAS: using sessionbean's home interface method
            Chopper Read Newbie

            This is the login-config.xml of JBOSS A:

            <?xml version='1.0'?>
            <!DOCTYPE policy PUBLIC
             "-//JBoss//DTD JBOSS Security Config 3.0//EN"
             "http://www.jboss.org/j2ee/dtd/security_config.dtd">
            <policy>
             <!-- Used by clients within the application server VM such as
             mbeans and servlets that access EJBs.
             -->
             <application-policy name = "client-login">
             <authentication>
             <login-module code = "org.jboss.security.ClientLoginModule"
             flag = "required">
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- Security domain for JBoss Messaging -->
             <application-policy name = "messaging">
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/PY_DS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <application-policy name = "ProtectivityRealm">
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
             <module-option name="dsJndiName">java:/PY_DS</module-option>
             <module-option name="principalsQuery">SELECT password FROM HumanResourceBean WHERE username = ? AND (status = 'ENABLED' OR status = 'SUPEROWNER')</module-option>
             <module-option name="rolesQuery">SELECT status AS Roles, 'Roles' AS RoleGroup FROM HumanResourceBean WHERE username = ? AND (status = 'ENABLED' OR status = 'SUPEROWNER')</module-option>
             <module-option name="unauthenticatedIdentity">ANONYMOUS</module-option>
             <module-option name="hashAlgorithm">SHA</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
            </policy>
            


            jboss.xml in the project on JBOSS A contains this element:

            <security-domain>java:/jaas/ProtectivityRealm</security-domain>
             <enterprise-beans>
             <session>
             <ejb-name>ScopeServiceBean</ejb-name>.........
            


            and ejb-jar.xml something like


            <assembly-descriptor>
             <!-- layer 1 secuirty constraints -->
             <!-- ################################################## -->
             <security-role>
             <description>normal users with a valid license</description>
             <role-name>ENABLED</role-name>
             </security-role>
             <security-role>
             <description>the SUPEROWNER can do everything</description>
             <role-name>SUPEROWNER</role-name>
             </security-role>
             <security-role>
             <description>the INITIALIZER initializes the system</description>
             <role-name>INITIALIZER</role-name>
             </security-role>
             <security-role>
             <description>INDEXER message driven bean</description>
             <role-name>INDEXER</role-name>
             </security-role>
             <method-permission>
             <description>just the superowner can perform the following</description>
             <role-name>SUPEROWNER</role-name>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>createResource</method-name>
             <!-- void createDefinition(AbstractTemplateDTO template) -->
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>removeResource</method-name>
             <!-- void removeResource(ResourceDTO data) -->
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>createDefinition</method-name>
             <!-- void createDefinition(AbstractTemplateDTO template) -->
             </method>
             <method>
             <ejb-name>DataSourceServiceBean</ejb-name>
             <method-name>deleteDS</method-name>
             </method>
             <method>
             <ejb-name>DataSourceServiceBean</ejb-name>
             <method-name>updateDS</method-name>
             </method>
             <method>
             <ejb-name>DataSourceServiceBean</ejb-name>
             <method-name>createDS</method-name>
             </method>
             </method-permission>
             <method-permission>
             <unchecked/>
             <method>
             <ejb-name>InitializerBean</ejb-name>
             <method-name>*</method-name>
             </method>
             </method-permission>
             <!-- ################################################## -->
             <method-permission>
             <description>just the INITIALIZER can perform the following</description>
             <role-name>INITIALIZER</role-name>
             <method>
             <ejb-name>ScopeDefinitionBean</ejb-name>
             <method-name>createRoot</method-name>
             </method>
             <method>
             <ejb-name>ScopeBean</ejb-name>
             <method-name>createRoot</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>createSuperowner</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>doesResourceExist</method-name>
             </method>
             <method>
             <ejb-name>LicenseServiceBean</ejb-name>
             <method-name>setUserLicense</method-name>
             </method>
             <method>
             <ejb-name>LicenseServiceBean</ejb-name>
             <method-name>unsetUserLicense</method-name>
             </method>
             <method>
             <ejb-name>LicenseServiceBean</ejb-name>
             <method-name>addLicense</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>createDefinition</method-name>
             <!-- void createDefinition(AbstractTemplateDTO template) -->
             </method>
            
             </method-permission>
             <!-- ################################################## -->
             <method-permission>
             <description>all authenticated users can perform the following</description>
             <role-name>ENABLED</role-name>
             <role-name>SUPEROWNER</role-name>
             <role-name>INITIALIZER</role-name>
             <role-name>INDEXER</role-name>
             <method>
             <ejb-name>LicenseBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AssetAssociationBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AssetRetrievalServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AttachmentServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AssetServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AssetTransferServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AssetBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getDefinition</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getDefinitionName</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>create</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getInstanziableChildren</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getCardinalities</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getAllDefinitions</method-name>
             </method>
             <method>
             <ejb-name>ScopeDefinitionServiceBean</ejb-name>
             <method-name>getAllProjectsDefinitions</method-name>
             </method>
             <method>
             <ejb-name>CustomerServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResources</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResource</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getRole</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>create</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>updateResource</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>assignResource</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>unassignResource</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getUserScopes</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getOwnedRootAssets</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceProjects</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceProjectsCount</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceActivities</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceActivitiesCount</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceBusinessUnits</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceBusinessUnitsCount</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getExplicitallyAssignedResources</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getAllResourcesSortedList</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getExplicitallyAssignedResourcesSortedList</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getExplicitallyAssignedResourcesSortedListCount</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getAllResourcesSortedListCount</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourcesWorkLoads</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>setResourcesWorkLoads</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourcesTotalLoad</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceTotalWorkLoad</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getAssignableResources</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>setResourcesWorkRoles</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourcesWorkRoles</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>setResourcesActiveWorkRoles</method-name>
             </method>
             <method>
             <ejb-name>ResourceServiceBean</ejb-name>
             <method-name>getResourceWorkRoleNamesInScopes</method-name>
             </method>
             <method>
             <ejb-name>WatchServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>ScopeBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>WorkRoleServiceBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AttachmentGroupBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>AttachmentBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>NoteAttachmentBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>MetaDataAttachmentBean</ejb-name>
             <method-name>*</method-name>
             </method>
             <method>
             <ejb-name>SerialCodeValueBean</ejb-name>
            ................................


            what should i configure on JBOSS B?

            TIA;)

            • 3. Re: JAAS: using sessionbean's home interface method
              Wolfgang Knauf Master

              Hi,

              I think your beans on server B has to log in to server A before it can call methods of secured beans.
              You might take a look at the Security FAQ at http://www.jboss.org/community/wiki/SecurityFAQ question 10 to see how a java application client can log in to a server. I hope that a similar approach works for ejb layer communication.

              Best regards

              Wolfgang

              • 4. Re: JAAS: using sessionbean's home interface method
                Chopper Read Newbie

                Thank you Wolfgang. I will try and let you know the result.
                Best regards,
                dahagrachops.

                • 5. Re: JAAS: using sessionbean's home interface method
                  Chopper Read Newbie

                  Hi Wolfgang

                  I tried. Folowing strictly this guide:

                  http://jaikiran.wordpress.com/2006/07/04/accessing-a-secure-ejb-through-a-standalone-java-client/

                  i have this exception:


                  [UsersRolesLoginModule] Failed to load users/passwords/role files
                  java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
                   at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
                   at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
                   at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
                   at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)



                  The file called login-config.xml on JBOSS B is:

                  <?xml version='1.0'?>
                  
                  <!-- The XML based JAAS login configuration read by the
                  org.jboss.security.auth.login.XMLLoginConfig mbean. Add
                  an application-policy element for each security domain.
                  
                  The outline of the application-policy is:
                  <application-policy name="security-domain-name">
                   <authentication>
                   <login-module code="login.module1.class.name" flag="control_flag">
                   <module-option name = "option1-name">option1-value</module-option>
                   <module-option name = "option2-name">option2-value</module-option>
                   ...
                   </login-module>
                  
                   <login-module code="login.module2.class.name" flag="control_flag">
                   ...
                   </login-module>
                   ...
                   </authentication>
                  </application-policy>
                  
                  $Id: login-config.xml 76444 2008-07-29 23:50:53Z sguilhen@redhat.com $
                  $Revision: 76444 $
                  -->
                  
                  <policy>
                   <!-- Used by clients within the application server VM such as
                   mbeans and servlets that access EJBs.
                   -->
                   <application-policy name="client-login">
                   <authentication>
                   <login-module code="org.jboss.security.ClientLoginModule"
                   flag="required">
                   <!-- Any existing security context will be restored on logout -->
                   <module-option name="restore-login-identity">true</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <!-- Security domains for testing new jca framework -->
                   <application-policy name="HsqlDbRealm">
                   <authentication>
                   <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
                   flag="required">
                   <module-option name="principal">sa</module-option>
                   <module-option name="userName">sa</module-option>
                   <module-option name="password"></module-option>
                   <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <application-policy name="JmsXARealm">
                   <authentication>
                   <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
                   flag="required">
                   <module-option name="principal">guest</module-option>
                   <module-option name="userName">guest</module-option>
                   <module-option name="password">guest</module-option>
                   <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <!-- A template configuration for the jmx-console web application. This
                   defaults to the UsersRolesLoginModule the same as other and should be
                   changed to a stronger authentication mechanism as required.
                   -->
                   <application-policy name="jmx-console">
                   <authentication>
                   <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag="required">
                   <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
                   <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <!-- A template configuration for the web-console web application. This
                   defaults to the UsersRolesLoginModule the same as other and should be
                   changed to a stronger authentication mechanism as required.
                   -->
                   <application-policy name="web-console">
                   <authentication>
                   <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag="required">
                   <module-option name="usersProperties">web-console-users.properties</module-option>
                   <module-option name="rolesProperties">web-console-roles.properties</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <!--
                   A template configuration for the JBossWS security domain.
                   This defaults to the UsersRolesLoginModule the same as other and should be
                   changed to a stronger authentication mechanism as required.
                   -->
                   <application-policy name="JBossWS">
                   <authentication>
                   <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag="required">
                   <module-option name="usersProperties">props/jbossws-users.properties</module-option>
                   <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
                   <module-option name="unauthenticatedIdentity">anonymous</module-option>
                   </login-module>
                   </authentication>
                   </application-policy>
                  
                   <!-- The default login configuration used by any security domain that
                   does not have a application-policy entry with a matching name
                   -->
                   <application-policy name="other">
                   <!-- A simple server login module, which can be used when the number
                   of users is relatively small. It uses two properties files:
                   users.properties, which holds users (key) and their password (value).
                   roles.properties, which holds users (key) and a comma-separated list of
                   their roles (value).
                   The unauthenticatedIdentity property defines the name of the principal
                   that will be used when a null username and password are presented as is
                   the case for an unuathenticated web client or MDB. If you want to
                   allow such users to be authenticated add the property, e.g.,
                   unauthenticatedIdentity="nobody"
                   -->
                   <authentication>
                   <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                   flag="required"/>
                   </authentication>
                   </application-policy>
                  
                  </policy>


                  Maybe something's wrong in a configuration file??

                  TIA

                  • 6. Re: JAAS: using sessionbean's home interface method
                    Wolfgang Knauf Master

                    Hi,

                    how does your bean on server B log in to server A? Please post the code snippet.

                    You don't need to modify "login-config.xml" on server B, if there is no secured EJB on it.

                    Best regards

                    Wolfgang

                    • 7. Re: JAAS: using sessionbean's home interface method
                      Chopper Read Newbie

                      On server A i have secured bean and a topic.
                      On server B i have an MDB that reads messages from JMS topic deployed in A.

                      I use workflows and jBPM to invoke a client who needs to use secure bean's methods in A.

                      This is what i've done:

                      String username = "admin";
                       String password = "adminadmin";
                      
                      
                       Object ass = null;
                       Object dts = null;
                      
                       Hashtable environment = new Hashtable();
                       environment.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
                       environment.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
                       environment.put(Context.PROVIDER_URL, "jnp://127.0.0.1"); // remote machine IP
                       InitialContext context;
                      
                       try {
                       context = new InitialContext(environment);
                       ass = context.lookup("ejb/Projectivity/AssetService"); //ejb-name
                       dts = context.lookup("ejb/Projectivity/DataSourceService"); //ejb-name
                       System.out.println("-->> lookup object successfully");
                       } catch (NamingException ex) {
                       Logger.getLogger(InterFaxClient.class.getName()).log(Level.SEVERE, null, ex);
                       }
                      
                      
                       final String authFile = "auth.conf";
                      
                       System.setProperty("java.security.auth.login.config", authFile);
                      
                       MyCallbackHandler handler = new MyCallbackHandler(username,password);
                       LoginContext lc = null;
                       try {
                       lc = new LoginContext("myclient", handler);
                       lc.login();
                       } catch (LoginException ex) {
                       Logger.getLogger(InterFaxClient.class.getName()).log(Level.SEVERE, null, ex);
                       System.out.println("JAAS Login failed");
                       }
                      
                      
                      
                      
                       AssetServiceRemoteHome assetSrvHome = (AssetServiceRemoteHome) PortableRemoteObject.narrow(ass, AssetServiceRemoteHome.class);
                       DataSourceServiceRemoteHome dsSrvHome = (DataSourceServiceRemoteHome) PortableRemoteObject.narrow(dts, DataSourceServiceRemoteHome.class);
                      
                       DataSourceServiceRemote dsSrv = null;
                       DataSourceDTO dsDTO = null;
                       AssetServiceRemote arSrv = null;
                       AssetDTO assetDTO = null;
                      
                       try {
                       dsSrv = dsSrvHome.create();
                       dsDTO = dsSrv.getInternalDataSource();
                       arSrv = assetSrvHome.create(dsDTO);
                       assetDTO = arSrv.getAssetDTO(_msg.getiPath());
                      
                       } catch (CreateException cex) {
                       Logger.getLogger(InterFaxClient.class.getName()).log(Level.SEVERE, null, cex);
                       } catch (RemoteException rex) {
                       Logger.getLogger(InterFaxClient.class.getName()).log(Level.SEVERE, null, rex);
                       } catch (AssetServiceException aex) {
                       Logger.getLogger(InterFaxClient.class.getName()).log(Level.SEVERE, null, aex);
                       }
                      


                      MyCallbackHandler.java
                      /*
                       * To change this template, choose Tools | Templates
                       * and open the template in the editor.
                       */
                      package main.interfax;
                      
                      import javax.security.auth.callback.CallbackHandler;
                      import javax.security.auth.callback.NameCallback;
                      import javax.security.auth.callback.PasswordCallback;
                      import javax.security.auth.callback.UnsupportedCallbackException;
                      import java.io.IOException;
                      import javax.security.auth.callback.Callback;
                      
                      /**
                       *
                       * @author chopper
                       */
                      public class MyCallbackHandler implements CallbackHandler {
                      
                       private String username;
                       private String password;
                      
                       public MyCallbackHandler(String username, String password) {
                       this.username = username;
                       this.password = password;
                       }
                      
                       public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                      
                       for (int i = 0; i < callbacks.length; i++) {
                       if (callbacks instanceof NameCallback) {
                       //if the Callback is for NameCallback, then set the name of the NameCallback to ?userName?
                       NameCallback nc = (NameCallback) callbacks;
                       nc.setName(username);
                      
                       } else if (callbacks instanceof PasswordCallback) {
                       //if the Callback is for PasswordCallback, then set the name of the PasswordCallback to ?password?
                       PasswordCallback pc = (PasswordCallback) callbacks;
                       pc.setPassword(password.toCharArray());
                      
                       } else {
                       //if Callback is NOT NameCallback or PasswordCallback then throw UnsupportedCallbackException
                       throw new UnsupportedCallbackException(callbacks, "Unrecognized Callback");
                       }
                       }
                       }
                       }
                      


                      auth.conf is in the classpath:
                      myclient
                      {
                       org.jboss.security.ClientLoginModule required;
                      };
                      


                      and this is the exception:
                      12:07:36,678 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
                      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
                       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
                       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
                       at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
                       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
                       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                      


                      I tried different configurations with no success. Thank you for your help. Best Regards.

                      • 8. Re: JAAS: using sessionbean's home interface method
                        Wolfgang Knauf Master

                        Hi,

                        I think there should be two differences in the environment properties for JNDI should be those:

                        Context.URL_PKG_PREFIXES =>I use "org.jboss.naming.client" for application clients, but I don't know if this is required, if the "client" is actually a server...

                        Context.PROVIDER_URL => you don't use a port: "jnp://127.0.0.1:1099". Is the "remote" JBoss also running on your local installation? I would assume the IP of the remote server here, otherwise you would conncet to the current JBoss instance ;-)

                        I hope this helps. If it does not: try to authenticate from a standalone java application. Hopefully this works...

                        Wolfgang