calls to secured ejb beans failed
alexho Mar 15, 2002 10:11 AMHi,
I am using JBoss 2.4.4 and Tomcat 4.0.1. I have recently started working on JAAS. At the moment, I am having a problem that I need help on.
I created an entity bean "CDBean" and in ejb-jar.xml, I have:
...
<method-permission>
<role-name>Admin</role-name>
<ejb-name>CDBean</ejb-name>
<method-name>*</method-name>
</method-permission>
...
specifying that a user with Admin role can access all of the methods in this "CDBean".
I am using UsersRolesLoginModule. Both users.properties and roles.properties files are also in place.
Then, for testing, I created an application client to call one of the methods in "CDBean" and the call failed with an error from JBoss:
[java] java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
[java] java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
[java] java.lang.SecurityException: Authentication exception, principal=null
The failure is due the empty username (principal).
How come it doesn't prompt for a username/password? (I get a prompt in a new window when accessing a secured servlet for the first time)
I have searched the forum for help and found that some have talked about a form-based authentication. Is this a way to get around the problem?
The ideal solution I have in mind is:
1. prompts for a username and password the first time a user enters a new session.
2. pass this info to EJB container for authentication using the info in *.properties files.
3. if the user is valid, the user can access resources in EJB beans and servlets if permissions allow him to without ever prompting for a username/password again.
4. if the same user goes into a new session, he is prompted again for username/password.
However, when I have both servlets and ejbs integrated, it works great if the first call is to a servlet: I get a new window for username/password and the login info is carried throughout the session.
I guess I don't want to wait for the automatic prompt from the container. Instead, I want to manually prompt for login info in the very beginning and have containers recognize the login info for EJB beans, jsp, and servlets.
Anyone can point me to an example?
Any help is appreciated.