4 Replies Latest reply on Mar 19, 2004 4:50 AM by Scott Stark

    j2ee.clientName in jndi.properties

    Sebastiaan Kortleven Newbie

      Hi there,

      I convinced my manager to give j2ee and jboss a try (although one of our departments is a reseller of a commercial j2ee implementation).
      I got some EJB's deployed and they are working just fine. But if I want to setup JAAS and try to login I get this error:

      javax.naming.NameNotFoundException: ProductClient not bound


      If I remove this line in my jndi.properties file I get this error:

      javax.security.auth.login.LoginException: javax.naming.NamingException: Failed to find j2ee.clientName in jndi env


      Why should the clientname be bound? And how do I get this done? I couldn't find anything in the free/commercial documentation, nor on the forum..

      Thanks in advance!

        • 1. Re: j2ee.clientName in jndi.properties
          Scott Stark Master

          You appears to be trying to use the java: context in the client without correctly setting up the j2ee app client, including the application-client.xml descriptor. Try showing some details of the jndi usage causing the problem. The java: context is not usable by clients unless there as been an app client jar deployed to the server.

          • 2. Re: j2ee.clientName in jndi.properties
            Sebastiaan Kortleven Newbie

            Hmm.. I don't think I understand..
            I'll descibe the steps i took...

            I've written some EJB's and deployed them, connecting to them went perfectly (CMP entitybeans).. I wrote a small client-application that create some beanse..

            Now I would like to add security, so I read the documentation (both commercial and free, as some other tutorials on the net) and added these lines to the corresponding xml files:


            Jboss.xml

            <security-domain>java:/jaas/pas</security-domain>


            login-config.xml
            <application-policy name="pas">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
             <module-option name="dsJndiName">java:/appsettings</module-option>
             <module-option name="principalsQuery"> Select password AS Password from users where username = ?</module-option>
             <module-option name="rolesQuery">Select rolename as Role from Roles inner join User_Role ON User_Role.roleid=Roles.row_id inner join users ON users.row_id=User_Role.userid where username = ?</module-option>
             </login-module>
             </authentication>
            </application-policy>
            


            and

            to ejb-jar.xml (in the assembly descriptor)
            in the assembly descriptor:
            
            <security-role>
            <role-name>ProductManager</role-name>
            </security-role>
            <method-permission>
            <role-name>ProductManager</role-name>
            <method>
            <ejb-name>ProductEJB</ejb-name>
            <method-name>*</method-name>
            </method>
            
            In the entity tag of ProductEJB:
            <security-role-ref>
            <role-name>ProductManager</role-name>
            <role-link>ProductManager</role-link>
            </security-role-ref>
            



            Running the client now generates an error (as expected):
            javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null

            So I add the LoginContext to the client and an auth.conf to the command line parameters
            auth.conf:
            pas {
             org.jboss.security.auth.spi.DatabaseServerLoginModule required;
            };
            other
            {
             //DEFAULT CLIENT-LOGIN MODULE
             org.jboss.security.ClientLoginModule required;
            };
            


            But now I get an
            javax.security.auth.login.LoginException: javax.naming.NamingException: Failed to find j2ee.clientName in jndi env
             at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPasswor
            d(DatabaseServerLoginModule.java:110)
             at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(Usernam
            ePasswordLoginModule.java:150)


            error while running the client..

            Could you point to some basic documentation on how to get this fixed?

            Thanks for your time, it's very much appreciated

            • 3. Re: j2ee.clientName in jndi.properties
              Sebastiaan Kortleven Newbie

              I added an application-xlient.xml and jboss-client.xml to the META-INF map of the client jar file:

              <application-client>
               <display-name>Pricelist Administration System</display-name>
               <ejb-ref>
               <ejb-ref-name>ejb/Product</ejb-ref-name>
               <ejb-ref-type>Entity</ejb-ref-type>
               <home>myPackage.ProductHome</home>
               <remote>myPackage.Product</remote>
               </ejb-ref>
              </application-client>


              and

              <jboss-client>
               <jndi-name>pas-client</jndi-name>
               <ejb-ref>
               <ejb-ref-name>ejb/ProductEJB</ejb-ref-name>
               <jndi-name>Product</jndi-name>
               </ejb-ref>
              </jboss-client>

              (changed the clientname to pas-client because it was the same name as the security domain)

              But the error keeps popping up... I must be doing something wrong but I don't see what it is...
              Do I have to specify the client-name somewhere on the server side also?


              • 4. Re: j2ee.clientName in jndi.properties
                Scott Stark Master

                You have multiple config problems:

                - The configuration for the org.jboss.security.auth.spi.DatabaseServerLoginModule is incomplete. See the JAAS howto for some examples.


                - The DatabaseServerLoginModule is not going to be usable by an external client unless you create your own DataSource binding in JNDI as the 3.2.x series does not support remote access to DataSource factories.


                - The client auth.conf you use must have the org.jboss.security.ClientLoginModule in addition to any other login modules. If your using the pas configuration it should look like:

                pas {
                 org.jboss.security.auth.spi.DatabaseServerLoginModule required
                 ... many module option settings to be added
                ;
                 //DEFAULT CLIENT-LOGIN MODULE
                 org.jboss.security.ClientLoginModule required;
                };
                



                - You don't show the jndi.properties file or env passed to the creation of the javax.naming.InitialContext. This has to include the j2ee.clientName=pas-client setting.