1 Reply Latest reply on Jul 19, 2016 7:03 AM by imen

    Wildfly - Ejb - RMI over Http - Jaas

    imen
    imen Jul 15, 2016 5:00 AM

      Hello,

      I developped a web application and configured it to connect to an ejb application using JAAS.

      I want to do the same with a java client.

      The java client invokes an EJB threw JNDI (RMI over Http).

      I want to make my java client authenticate using JAAS and to store the credentials on a database.

      I'm using wildly 9 as a server.

      I searched the net to find a tutorial but i couldn't find any.

      Could you please help me?

      Thank you

      • 466 Views
      • Tags:
        • 1. Re: Wildfly - Ejb - RMI over Http - Jaas
          imen
          imen Jul 19, 2016 7:03 AM (in response to imen)

          Here is what i did until now: In the ejb application i created the following files to secure my ejbs:

          1- jboss-ejb3.xml:

          <?xml version="1.0" encoding="UTF-8"?>
          

           <jboss:ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" *
          

          xmlns:jboss="http://www.jboss.com/xml/ns/javaee" 
          

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          

           xmlns:s="urn:security:1.1" version="3.1" impl-version="2.0">
          

           <assembly-descriptor>
          

           <s:security>
          

           <ejb-name>*</ejb-name> 
          

          <s:security-domain>JaasAppRealm</s:security-domain>
          

           <s:run-as-principal>Teacher</s:run-as-principal>
          

           <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
          

           </s:security> 
          

          </assembly-descriptor>
          

           </jboss:ejb-jar>

          2-ejb-jar.xml

          <ejb-jar> 
          

           <assembly-descriptor> 
          

           <method-permission> 
          

           <role-name>Teacher</role-name> 
          

           <method> 
          

           <ejb-name>*</ejb-name>
          

            <method-name>*</method-name> 
          

           </method>
          

            </method-permission> 
          

           </assembly-descriptor>
          

          </ejb-jar>

          At the standalone.xml file i added the following:

          <management>
          

           <security-realms>
          

           ............
          

           <security-realm name="MyRealm">
          

           <authentication>
          

            <jaas name="JaasAppRealm"/>
          

           </authentication>
          

           </security-realm>
          

           </security-realms>
          

           ....................
          

           <datasource jta="true" jndi-name="java:/espritacademy" pool-name="java:/espritacademy" enabled="true" use-ccm="true">
          

           <connection-url>jdbc:mysql://localhost:3306/espritacademy</connection-url>
          

           <driver-class>com.mysql.jdbc.Driver</driver-class>
          

           <driver>mysql</driver>
          

           <security>
          

           <user-name>root</user-name>
          

           <password>root</password>
          

           </security> <validation>
          

           <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> <background-validation>true</background-validation> <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
          

           </validation> </datasource> .........................
          

           <security-domain name="JaasAppRealm" cache-type="default"> <authentication>
          

           <login-module name="authentication" code="Database" flag="required">
          

           <module-option name="dsJndiName" value="java:/espritacademy"/>
          

           <module-option name="principalsQuery" value="select password from user where login=?"/>
          

           <module-option name="rolesQuery" value="select DTYPE, 'Roles' from user where login=?"/>
          

           </login-module>
          

           </authentication>
          

           </security-domain>
          

           </security-domains>

          At the java client i created the following files: 1-jndi.properties

          java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory java.naming.provider.url=http-remoting://localhost:18080 jboss.naming.client.ejb.context=true

          2-jboss-ejb-client.properties:

          remote.connection.default.username=login remote.connection.default.password=pass

          This is the main method i'm executing to test the connection:

          public static void main(String[] args) throws NamingException {  
          

          Context context = new InitialContext(); 
          

          IManageTeachersRemote iManageTeachersRemote = (IManageTeachersRemote) context.lookup("esprit-academy-ear/esprit-academy-ejb/ManageTeachers!sessionbeans.IManageTeachersRemote");
          

           Teacher teacher = new Teacher("ali", "ben salah", "lon", "pass", "m", Grade.AD); iManageTeachersRemote.saveTeacher(teacher);
          

           }

          I get the following error:

          Exception in thread "main" javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User
            • Actions