2 Replies Latest reply on Aug 31, 2004 10:23 AM by Stephan Wolff

    adaptor/service access a secure ejb

    Stephan Wolff Newbie

      Hallo my name is stephan
      i'm student ..... and i have done some experiments with jboss.

      I have build an simple EJB and have done the Jaas configuration.
      I have edit service-login.config and add my own security-domain
      with UserRolesLoginModule.
      than I deploy my EJB with user,roles properties and add the ejb to the security-domain in jboss.xml.

      I have also build an example client wich creates a login context and calls the create method via jndi of the ejb for testing ... this works fine.

      Now I have Programm my own Service. It is also a simple Protokolladaptor for socket transmissions and deploy them on jboss.

      I access the Service via a socket connection and send some stuff. The service creates a thread to handle transaction and creates also a login context and calls the create method of the secured ejb but this doesnt work.

      i get an authentfication exception (without security the call works)
      principal = null. from the security manger

      Then i have think, ok service is not a ejb client and i have to add
      the service to the security domain but this is also not possible the Service Mbean is not an EJB (jboss.xml is not available).

      How can my adaptor access an secured ejb method ?
      What must i do ?

      Can every one explain this ?

      I have read some related documents from sun, jboss,samples book but I have no solution for this problem found.

      (if everyone have interrrest i can post some sample code, it is relativ small)

      THanks for the help
      cu
      Stephan

        • 1. Re: adaptor/service access a secure ejb
          Scott Stark Master

          Any component in the ejb server trying to access a secured ejb has to use the same procedure for establishing the security context of the call just as an external client does. Read the JAAS Howto in the forum and look at the unsecured servlet example which calls a secured ejb.

          • 2. Re: adaptor/service access a secure ejb
            Stephan Wolff Newbie

            Hallo Scott Stark,
            thanks for your reply, if have read the faq, but this solves not my problem. I think i have problem in under standing.
            I have tested some sample code in the following steps.
            ( I used eclipse with jboss-3.2.4 my package is )
            1. I haved establish a security domain in file jboss-login.xml
            <application-policy name = "ServiceSecurity">

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required" />

            </application-policy>

            2. I have deployed the EchoBean from the Book
            (my echo method has no arg and print out the echo if the method would be called)
            if have deployed user.propperties and roles.properties with the
            username=password and username=userrole
            and in the meta-inf directory i have edit the files jboss.xml and ejb-jar.xml with the entry
            <security-domain>java:/jaas/ServiceSecurity</security-domain>
            3. I have edit the auth.conf in the client directory
            ServiceSecurity {
            org.jboss.security.ClientLoginModule required;
            };
            4. I have written an example client to call the secured method echo.
            this client works i have test it with correct and incorrect password etc.

            package ServiceSecurity;
            
            import java.rmi.RemoteException;
            
            import javax.ejb.CreateException;
            import javax.naming.InitialContext;
            import javax.naming.NamingException;
            import javax.security.auth.login.LoginContext;
            import javax.security.auth.login.LoginException;
            
            import org.jboss.security.auth.callback.UsernamePasswordHandler;
            
            public class TestClientAccess {
            
            public static void main(String[] args) throws RemoteException, CreateException, LoginException, NamingException { System.out.println("testclient started");
            System.setProperty("java.security.auth.login.config",
            "d:/jboss-3.2.4/client/auth.conf");
            UsernamePasswordHandler handler =
            new UsernamePasswordHandler("username",new String("password").toCharArray());
            LoginContext lc = new LoginContext("ServiceSecurity", handler);
            try
            {
            lc.login();System.out.println("login successfull");}
            catch(LoginException le){ System.out.println("login failed");
            le.printStackTrace();
            }
            
            // call ejb method
            InitialContext ctx = new InitialContext();
            Object ref = ctx.lookup("Echo");
            EchoHome home = (EchoHome) ref;
            Echo echo = home.create();
            System.out.println("echo created");
            echo.echo();
            System.out.println("testclient end");
            }
            }
            

            This client works ....
            5. Now I have written my own Service Adaptor and deploy them in Jboss.
            The Service Adaptor listen on a socket for incomming transmission. The contents of the transmission is a username and the password for the login
            context of the EchoBean.

            import javax.naming.InitialContext;
            import javax.security.auth.login.LoginContext;
            import javax.security.auth.login.LoginException;
            import org.jboss.security.auth.callback.UsernamePasswordHandler;
            import org.jboss.system.ServiceMBeanSupport;
            import java.net.*;
            import java.io.InputStreamReader;
            import java.io.PrintWriter;
            import java.io.BufferedReader;
            
            import ServiceSecurity.Echo;
            import ServiceSecurity.EchoHome;
            
            public class ServiceAdaptor extends ServiceMBeanSupport implements ServiceAdaptorMBean, Runnable {
             private boolean stopped = false;
             private int Status = 0;
             private int port = 9050;
             private ServerSocket ss = null;
             private BufferedReader socket_in = null;
             private PrintWriter socket_out = null;
             public ServiceAdaptor() {
             }
             public void run() {
             try {
             System.out.println("open socket at port " + port);
             ss = new ServerSocket(port);
             while (!stopped) {
             Socket client = ss.accept();
             System.out.println("client accepted");
             this.socket_in = new BufferedReader(new InputStreamReader(client
             .getInputStream()));
            String username = socket_in.readLine();
            System.out.println(username);
            String password = socket_in.readLine();
            System.out.println(password);
            UsernamePasswordHandler handler = new UsernamePasswordHandler(username,password.toCharArray());
            System.setProperty("java.security.auth.login.config",
            "d:/jboss-3.2.4/client/auth.conf");
            LoginContext lc = new LoginContext("ServiceSecurity", handler);
            try
            {
            lc.login();
            System.out.println("login successfull");
            }
            catch(LoginException le)
            {
            System.out.println("login failed");
            le.printStackTrace();
            }
            // call ejb method
            InitialContext ctx = new InitialContext();
            Object ref = ctx.lookup("Echo");
            EchoHome home = (EchoHome) ref;
            Echo echo = home.create();
            System.out.println("echo created");
            echo.echo();
            this.socket_out = new PrintWriter(client.getOutputStream());
            socket_out.println("ok");
            socket_out.flush();
            socket_in.close();
            socket_out.close();
            client.close();
            System.out.println("client end");
            }
            ss.close();
            } catch (Exception e) {
            e.printStackTrace();
            stopped = true;
            }
            }
            protected void startService() throws Exception
            {
            System.out.println("Service started");
            Thread thread = new Thread(this);
            thread.start();
            stopped = false;
            }
            public void stopService() {
            System.out.println("Service stopped");
            stopped = true;
            }
            public void setPort(int port) {
            this.port = port;
            }
            public int getPort() {
            return port;
            }
            }
            

            I have also probed this, with a hardcoded username and password.
            It is the same code as in the client program (part 3).
            But now I get the error password incorrect or required from the security
            interceptor, and login failed from my adaptor.

            What is going wrong ...

            I have also tested the declarative solution and deployed the roles.prperties and user.properties in the service directory, but the
            comes the error. authentification error principal=null.

            When I disable the security in the echobean all is working fine.

            Can you say me what i doing wrong with the serviceadaptor ...
            I could also send you my Project is small and the deployment goes quick.

            Oh god i'm a noob ... i hate it, then things are not to solve.

            Goodbye
            Stephan