1 Reply Latest reply on Jul 19, 2016 7:03 AM by imen barouni

    Wildfly - Ejb - RMI over Http - Jaas

    imen barouni Newbie

      Hello,

      I developped a web application and configured it to connect to an ejb application using JAAS.

      I want to do the same with a java client.

      The java client invokes an EJB threw JNDI (RMI over Http).

      I want to make my java client authenticate using JAAS and to store the credentials on a database.

      I'm using wildly 9 as a server.

      I searched the net to find a tutorial but i couldn't find any.

      Could you please help me?

      Thank you

        • 1. Re: Wildfly - Ejb - RMI over Http - Jaas
          imen barouni Newbie

          Here is what i did until now: In the ejb application i created the following files to secure my ejbs:

          1- jboss-ejb3.xml:

          <?xml version="1.0" encoding="UTF-8"?>

          <jboss:ejb-jar xmlns="http://java.sun.com/xml/ns/javaee" *

          xmlns:jboss="http://www.jboss.com/xml/ns/javaee"

          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

          xmlns:s="urn:security:1.1" version="3.1" impl-version="2.0">

          <assembly-descriptor>

          <s:security>

          <ejb-name>*</ejb-name>

          <s:security-domain>JaasAppRealm</s:security-domain>

          <s:run-as-principal>Teacher</s:run-as-principal>

          <s:missing-method-permissions-deny-access>false</s:missing-method-permissions-deny-access>

          </s:security>

          </assembly-descriptor>

          </jboss:ejb-jar>

          2-ejb-jar.xml

          <ejb-jar>

          <assembly-descriptor>

          <method-permission>

          <role-name>Teacher</role-name>

          <method>

          <ejb-name>*</ejb-name>

            <method-name>*</method-name>

          </method>

            </method-permission>

          </assembly-descriptor>

          </ejb-jar>

          At the standalone.xml file i added the following:

          <management>

          <security-realms>

          ............

          <security-realm name="MyRealm">

          <authentication>

            <jaas name="JaasAppRealm"/>

          </authentication>

          </security-realm>

          </security-realms>

          ....................

          <datasource jta="true" jndi-name="java:/espritacademy" pool-name="java:/espritacademy" enabled="true" use-ccm="true">

          <connection-url>jdbc:mysql://localhost:3306/espritacademy</connection-url>

          <driver-class>com.mysql.jdbc.Driver</driver-class>

          <driver>mysql</driver>

          <security>

          <user-name>root</user-name>

          <password>root</password>

          </security> <validation>

          <valid-connection-checker class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLValidConnectionChecker"/> <background-validation>true</background-validation> <exception-sorter class-name="org.jboss.jca.adapters.jdbc.extensions.mysql.MySQLExceptionSorter"/>

          </validation> </datasource> .........................

          <security-domain name="JaasAppRealm" cache-type="default"> <authentication>

          <login-module name="authentication" code="Database" flag="required">

          <module-option name="dsJndiName" value="java:/espritacademy"/>

          <module-option name="principalsQuery" value="select password from user where login=?"/>

          <module-option name="rolesQuery" value="select DTYPE, 'Roles' from user where login=?"/>

          </login-module>

          </authentication>

          </security-domain>

          </security-domains>

          At the java client i created the following files: 1-jndi.properties

          java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory java.naming.provider.url=http-remoting://localhost:18080 jboss.naming.client.ejb.context=true

          2-jboss-ejb-client.properties:

          remote.connection.default.username=login remote.connection.default.password=pass

          This is the main method i'm executing to test the connection:

          public static void main(String[] args) throws NamingException { 

          Context context = new InitialContext();

          IManageTeachersRemote iManageTeachersRemote = (IManageTeachersRemote) context.lookup("esprit-academy-ear/esprit-academy-ejb/ManageTeachers!sessionbeans.IManageTeachersRemote");

          Teacher teacher = new Teacher("ali", "ben salah", "lon", "pass", "m", Grade.AD); iManageTeachersRemote.saveTeacher(teacher);

          }

          I get the following error:

          Exception in thread "main" javax.ejb.EJBAccessException: WFLYSEC0027: Invalid User