-
1. Re: Wildfly - Ejb - RMI over Http - Jaas
imen Jul 19, 2016 7:03 AM (in response to imen)Here is what i did until now: In the ejb application i created the following files to secure my ejbs:
1- jboss-ejb3.xml:
<?xml version="1.0" encoding="UTF-8"?>
<jboss:ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" *
xmlns:jboss="http://www.jboss.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:s="urn:security:1.1" version="3.1" impl-version="2.0">
<assembly-descriptor>
<s:security>
<ejb-name>*</ejb-name>
<s:security-domain>JaasAppRealm</s:security-domain>
<s:run-as-principal>Teacher</s:run-as-principal>
<s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>
</s:security>
</assembly-descriptor>
</jboss:ejb-jar>
2-ejb-jar.xml
<ejb-jar>
<assembly-descriptor>
<method-permission>
<role-name>Teacher</role-name>
<method>
<ejb-name>*</ejb-name>
<method-name>*</method-name>
</method>
</method-permission>
</assembly-descriptor>
</ejb-jar>
At the standalone.xml file i added the following:
<management>
<security-realms>
............
<security-realm name="MyRealm">
<authentication>
<jaas name="JaasAppRealm"/>
</authentication>
</security-realm>
</security-realms>
....................
<datasource jta="true" jndi-name="java:/espritacademy" pool-name="java:/espritacademy" enabled="true" use-ccm="true">
<connection-url>jdbc:mysql://localhost:3306/espritacademy</connection-url>
<driver-class>com.mysql.jdbc.Driver</driver-class>
<driver>mysql</driver>
<security>
<user-name>root</user-name>
<password>root</password>
</security> <validation>
<valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> <background-validation>true</background-validation> <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>
</validation> </datasource> .........................
<security-domain name="JaasAppRealm" cache-type="default"> <authentication>
<login-module name="authentication" code="Database" flag="required">
<module-option name="dsJndiName" value="java:/espritacademy"/>
<module-option name="principalsQuery" value="select password from user where login=?"/>
<module-option name="rolesQuery" value="select DTYPE, 'Roles' from user where login=?"/>
</login-module>
</authentication>
</security-domain>
</security-domains>
At the java client i created the following files: 1-jndi.properties
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory java.naming.provider.url=http-remoting://localhost:18080 jboss.naming.client.ejb.context=true
2-jboss-ejb-client.properties:
remote.connection.default.username=login remote.connection.default.password=pass
This is the main method i'm executing to test the connection:
public static void main(String[] args) throws NamingException {
Context context = new InitialContext();
IManageTeachersRemote iManageTeachersRemote = (IManageTeachersRemote) context.lookup("esprit-academy-ear/esprit-academy-ejb/ManageTeachers!sessionbeans.IManageTeachersRemote");
Teacher teacher = new Teacher("ali", "ben salah", "lon", "pass", "m", Grade.AD); iManageTeachersRemote.saveTeacher(teacher);
}
I get the following error:
Exception in thread "main" javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User