6 Replies Latest reply on Mar 15, 2006 4:18 PM by delkant

    @SecurityDomain in JBoss4.0.4RC1

    Vivek Srivastav Newbie

      I don't see any security/roles etc level message during the the deployment . My EJB seems to be defaulting to UserPasswordLoginModule, although I have another login module configured for the domain that I am using.

      I used to get the adding authorization privileges messages in 4.0.3SP1, and it was working fine.

      I would appreciate any pointers and help.


      15:29:43,171 INFO [EARDeployer] Init J2EE application: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/deploy/corview.ear
      15:29:45,625 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=SecurityManagerBean, class=org.vss.ejb3.sb.SecurityManagerBean, type=STATELESS
      15:29:45,765 INFO [Ejb3Deployment] EJB3 deployment time took: 531
      15:29:45,875 FATAL [PersistenceXmlLoader] ccor JTA
      15:29:45,890 INFO [Ejb3Deployment] EJB3 deployment time took: 109
      15:29:46,062 INFO [JmxKernelAbstraction] installing MBean: jboss.j2ee:service=EJB3,ear=corview.ear,jar=corview.ejb3,name=SecurityManagerBean with dependencies:
      15:29:46,062 INFO [JmxKernelAbstraction] persistence.units:ear=corview.ear.ear,unitName=ccor
      15:29:46,078 INFO [EJB3Deployer] Deployed: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/tmp/deploy/tmp6733corview.ear-contents/corview.ejb3
      15:29:46,078 INFO [JmxKernelAbstraction] installing MBean: persistence.units:ear=corview.ear.ear,unitName=ccor with dependencies:
      15:29:46,078 INFO [JmxKernelAbstraction] jboss.jca:name=DefaultDS,service=ManagedConnectionFactory
      15:29:46,218 INFO [Environment] Hibernate 3.1.2
      15:29:46,234 INFO [Environment] hibernate.properties not found
      15:29:46,250 INFO [Environment] using CGLIB reflection optimizer
      15:29:46,250 INFO [Environment] using JDK 1.4 java.sql.Timestamp handling
      15:29:46,546 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Audit
      15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ConnectionPort
      15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ElementProperty
      15:29:46,562 INFO [Ejb3Configuration] found EJB3 @Embeddable: org.vss.ejb3.eb.ElementPropertyPK
      15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ElementType
      15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Module
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ModuleType
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.NetworkElement
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Role
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Service
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Trap
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.TrapsDetail
      15:29:46,578 INFO [Ejb3Configuration] found EJB3 @Embeddable: org.vss.ejb3.eb.TrapsDetailPK
      15:29:46,593 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.User
      15:29:46,828 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ElementType
      15:29:46,984 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ElementType on table ElementType
      15:29:47,171 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ModuleType
      15:29:47,171 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ModuleType on table ModuleType
      15:29:47,296 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.NetworkElement
      15:29:47,296 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.NetworkElement on table NetworkElement
      15:29:47,343 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ElementProperty
      15:29:47,359 WARN [AnnotationBinder] Root entity should not hold an PrimaryKeyJoinColum(s), will be ignored
      15:29:47,359 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ElementProperty on table ElementProperties
      15:29:47,375 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Module
      15:29:47,375 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Module on table Module
      15:29:47,375 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ConnectionPort
      15:29:47,375 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ConnectionPort on table ConnectionPort
      15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Service
      15:29:47,421 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Service on table Service
      15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Trap
      15:29:47,421 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Trap on table Trap
      15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.TrapsDetail
      15:29:47,437 WARN [AnnotationBinder] Root entity should not hold an PrimaryKeyJoinColum(s), will be ignored
      15:29:47,437 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.TrapsDetail on table TrapsDetail
      15:29:47,437 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Role
      15:29:47,437 INFO [QueryBinder] Binding Named query: getRole => select Object(r) from Role r where roleID = :roleID
      15:29:47,437 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Role on table Roles
      15:29:47,453 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.User
      15:29:47,453 INFO [QueryBinder] Binding Named query: loginQuery => select Object(u) from User u where loginID = :loginID
      15:29:47,453 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.User on table Users
      15:29:47,484 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Audit
      15:29:47,484 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Audit on table Audit
      15:29:47,718 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.Trap.details -> TrapsDetail
      15:29:47,718 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.properties -> ElementProperties
      15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.ModuleType.modules_of_type -> Module
      15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.modules -> Module
      15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.audit -> Audit
      15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.Module.ports -> ConnectionPort
      15:29:48,390 INFO [ConnectionProviderFactory] Initializing connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
      15:29:48,421 INFO [InjectedDataSourceConnectionProvider] Using provided datasource
      15:29:48,437 INFO [SettingsFactory] RDBMS: HSQL Database Engine, version: 1.8.0
      15:29:48,437 INFO [SettingsFactory] JDBC driver: HSQL Database Engine Driver, version: 1.8.0
      15:29:48,812 INFO [Dialect] Using dialect: org.hibernate.dialect.HSQLDialect
      15:29:48,843 INFO [TransactionFactoryFactory] Using default transaction strategy (direct JDBC transactions)
      15:29:48,843 INFO [TransactionManagerLookupFactory] instantiating TransactionManagerLookup: org.hibernate.transaction.JBossTransactionManagerLookup
      15:29:48,859 INFO [TransactionManagerLookupFactory] instantiated TransactionManagerLookup
      15:29:48,859 INFO [SettingsFactory] Automatic flush during beforeCompletion(): enabled
      15:29:48,859 INFO [SettingsFactory] Automatic session close at end of transaction: disabled
      15:29:48,859 INFO [SettingsFactory] JDBC batch size: 15
      15:29:48,859 INFO [SettingsFactory] JDBC batch updates for versioned data: disabled
      15:29:48,859 INFO [SettingsFactory] Scrollable result sets: enabled
      15:29:48,859 INFO [SettingsFactory] JDBC3 getGeneratedKeys(): disabled
      15:29:48,859 INFO [SettingsFactory] Connection release mode: after_statement
      15:29:48,859 INFO [SettingsFactory] Default batch fetch size: 1
      15:29:48,859 INFO [SettingsFactory] Generate SQL with comments: disabled
      15:29:48,859 INFO [SettingsFactory] Order SQL updates by primary key: disabled
      15:29:48,859 INFO [SettingsFactory] Query translator: org.hibernate.hql.ast.ASTQueryTranslatorFactory
      15:29:48,875 INFO [ASTQueryTranslatorFactory] Using ASTQueryTranslatorFactory
      15:29:48,875 INFO [SettingsFactory] Query language substitutions: {}
      15:29:48,875 INFO [SettingsFactory] Second-level cache: enabled
      15:29:48,875 INFO [SettingsFactory] Query cache: disabled
      15:29:48,875 INFO [SettingsFactory] Cache provider: org.hibernate.cache.HashtableCacheProvider
      15:29:48,875 INFO [SettingsFactory] Optimize cache for minimal puts: disabled
      15:29:48,875 INFO [SettingsFactory] Structured second-level cache entries: disabled
      15:29:48,906 INFO [SettingsFactory] Statistics: disabled
      15:29:48,906 INFO [SettingsFactory] Deleted entity synthetic identifier rollback: disabled
      15:29:48,906 INFO [SettingsFactory] Default entity-mode: pojo
      15:29:49,015 INFO [SessionFactoryImpl] building session factory
      15:29:50,562 INFO [SessionFactoryObjectFactory] Not binding factory to JNDI, no JNDI name configured
      15:29:50,609 INFO [SchemaExport] Running hbm2ddl schema export
      15:29:50,625 INFO [SchemaExport] exporting generated schema to database
      15:29:50,687 INFO [SchemaExport] schema export complete
      15:29:50,718 INFO [NamingHelper] JNDI InitialContext properties:{java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces}
      15:29:53,703 INFO [EJB3Deployer] Deployed: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/tmp/deploy/tmp6733corview.ear-contents/corview.par
      15:29:53,703 INFO [TomcatDeployer] deploy, ctxPath=/corview, warUrl=.../tmp/deploy/tmp6733corview.ear-contents/corview-exp.war/
      15:29:53,953 INFO [SecurityContextFilter] The Login module is set to: corview-client
      15:29:53,968 INFO [LoggedInFilter] Context Root of the application is: /corview
      15:29:55,609 INFO [TilesPlugin] Tiles definition factory loaded for module ''.
      15:29:55,625 INFO [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validator-rules.xml'
      15:29:55,625 INFO [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validation.xml'
      15:29:56,140 INFO [JBossCacheManager] init(): replicationGranularity_ is 0 and invaldateSessionPolicy is 2
      15:29:56,171 ERROR [JBossCacheService] jboss.cache:service=TomcatClusteringCache service to Tomcat clustering not found
      15:29:56,171 ERROR [JBossCacheManager] JBossCacheService to Tomcat clustering not found
      15:29:56,171 ERROR [TomcatDeployer] Failed to setup clustering, clustering disabled
      15:29:56,281 INFO [EARDeployer] Started J2EE application: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/deploy/corview.ear
      15:29:56,640 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
      15:29:57,062 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
      15:29:57,093 INFO [JkMain] Jk running ID=0 time=0/93 config=null
      15:29:57,140 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8443
      15:29:57,218 INFO [Server] JBoss (MX MicroKernel) [4.0.4RC1 (build: CVSTag=JBoss_4_0_4_RC1 date=200602071519)] Started in 1m:12s:984ms
      


        • 1. Re: @SecurityDomain in JBoss4.0.4RC1
          chris griffith Expert

          Yantriki,

          If you have security-domain set in your jboss-app.xml file that is not found in the $SERVER/conf/login-config.xml then the "other" domain is used as default. Is this what is happing? If so, check that your domain names match.

          cgriffith

          • 2. Re: @SecurityDomain in JBoss4.0.4RC1
            Vivek Srivastav Newbie

            I can see the security domain loaded in the JBoss in the XMLLoginConfig MBean's displayAppConfig method and I am not using the jboss-app.xml file.
            Here's how my code defined

            import java.util.HashSet;
            import java.util.List;
            import java.util.Set;
            
            import javax.annotation.security.RolesAllowed;
            import javax.ejb.Remote;
            import javax.ejb.Stateless;
            import javax.persistence.EntityManager;
            import javax.persistence.PersistenceContext;
            import javax.persistence.Query;
            
            import org.jboss.annotation.security.SecurityDomain;
            import org.jboss.aspects.security.Unchecked;
            import org.jboss.logging.Logger;
            import org.vss.ejb3.eb.Role;
            import org.vss.ejb3.eb.User;
            import org.vss.ejb3.sb.SecurityManager;
            import org.vss.utils.HashUtils;
            
            @Stateless
            @Remote(SecurityManager.class)
            @SecurityDomain("corview-server")
            public class SecurityManagerBean implements SecurityManager {
             @Unchecked
             public User login(java.lang.String loginID,
             java.lang.String password) throws Exception {
             //....implementation
             }
            
             @RolesAllowed( { "admin" })
             public User getUser(int userID){
             //.....implementation
             }
             @RolesAllowed( { "admin", "manager" })
             public Collection<User> getAllUsers();
             // implementation
             }
            
             // other methods implementation etc.
            }
            


            • 3. Re: @SecurityDomain in JBoss4.0.4RC1
              Vivek Srivastav Newbie

              cgriffith,
              Your idea about the META-INF file helped me point in the right direction. Removing the META-INF/jboss.xml file from ejb3 jar seems to fix the problem.
              vivek

              • 4. Re: @SecurityDomain in JBoss4.0.4RC1 (please help!!)
                delkant Newbie

                hi,
                i have a similar problem, i don't know what descriptors are needed here(do i need the ejb-jar.xml, what this have to contain?).

                i have this:

                ear
                ---------META-INF/application.xml
                ---------ejb3.jar------META-INF/jboss.xml (just with the security-domain line)
                ---------ejb3.jar----------AuthenticationTest.class(without the @SecurityDomain, but with the @PermitAll annotation)
                


                i'm trying to acces with a remote swing client, but always i get the same error:
                users.properties not found.
                the server always is searching the plains files and not my login-config.xml policy

                login-config.xml
                 <!-- OpenCrx Standard Servlet policy -->
                 <application-policy name="opencrx-core-CRX">
                 <authentication>
                 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                 <module-option name="dsJndiName">java:/jdbc_opencrx_CRX</module-option>
                 <module-option name="principalsQuery">
                 SELECT c.passwd FROM security_Principal p, security_Credential c
                 WHERE (p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND
                 "c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default'
                AND
                 "c$7"='principal' AND n=8)) AND (p."p$$credential__rid" = c.object_rid) AND (p."p$$credential__oid" = c.obje
                ct_oid) AND
                 (p.object_idx = 0) AND (p.object_oid = ?)
                 </module-option>
                 <module-option name="rolesQuery">SELECT pg."p$$granted_role__oid", 'Roles' FROM security_Principal pg,
                 security_Principal p WHERE (pg.object_rid = p."p$$is_member_of__rid") AND (pg.object_oid = p."p$$is_member_of__oid")
                 AND
                 (p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND
                 "c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default' AND
                 "c$7"='principal' AND n=8)) AND (p.object_oid = ?)
                 </module-option>
                 <module-option name="ignorePasswordCase">true</module-option>
                 <module-option name="hashCharset">UTF-8</module-option>
                 <module-option name="hashEncoding">base64</module-option>
                 <module-option name="hashAlgorithm">MD5</module-option>
                 </login-module>
                 </authentication>
                 </application-policy>
                
                


                jboss.xml
                <jboss>
                 <security-domain>java:/jaas/opencrx-core-CRX</security-domain>
                </jboss>
                

                jndi call from the client
                public static final String JNDI_FACTORY = "org.jnp.interfaces.NamingContextFactory";
                public static final String JNDI_URL_PKG_PREFIXES="org.jboss.naming:org.jnp.interfaces";
                 public static String JNDI_PROVIDER_URL = "localhost";
                 public static String JNDI_PROVIDER_PORT = "1099";
                
                 Properties prop = new Properties();
                 prop.put( Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY );
                 prop.put( Context.URL_PKG_PREFIXES, JNDI_URL_PKG_PREFIXES );
                 prop.put( Context.PROVIDER_URL, JNDI_PROVIDER_URL + ":"
                 + JNDI_PROVIDER_PORT );
                 prop.put( Context.SECURITY_PRINCIPAL, "tester01");
                 prop.put( Context.SECURITY_CREDENTIALS, "tester01");
                 ictxt = new InitialContext( prop );
                

                do i need a empty ejb-jar.xml in somewhere?
                do i need an special annotation in my remote interface in the SessionBean?

                • 5. Re: @SecurityDomain in JBoss4.0.4RC1
                  delkant Newbie

                  I solve my problem in part deleting all the jboss.xml and the unnecessary descriptors.
                  now i have a annotated authentication, but what i really want is to past all the @securityDomain annotation to a descriptor and just leave the @permitall and @rolesAllowed part in my class.

                  can anyone tell me how to do that? and what descriptors i have to use?

                  • 6. Re: @SecurityDomain in JBoss4.0.4RC1
                    delkant Newbie

                    now i know how to replace the @securityDomain annotation by <security-domain> tag in a descriptor file.

                    my error was that i was putting the string java:/jaas/
                    jboss.xml (WITH THE ERROR)

                    <jboss>
                     <security-domain>
                     java:/jaas/opencrx-core-CRX
                     </security-domain>
                    </jboss>
                    


                    jboss.xml
                    <jboss>
                     <security-domain>
                     opencrx-core-CRX
                     </security-domain>
                    </jboss>
                    


                    everythig works fine now.

                    i have a class without the @securitydomain annotation and just with the @Rolesallowed definitions.
                    //imports..
                    @Stateful
                    public class MySession{
                     @RolesAllowed({"me"})
                     public String getHelloWorld(){
                     return "HOLA";
                     }
                    }
                    

                    so now i can change my securty domain in just one file.