6 Replies Latest reply on Mar 15, 2006 4:18 PM by delkant

@SecurityDomain in JBoss4.0.4RC1

yantriki Feb 28, 2006 3:35 PM

I don't see any security/roles etc level message during the the deployment . My EJB seems to be defaulting to UserPasswordLoginModule, although I have another login module configured for the domain that I am using.

I used to get the adding authorization privileges messages in 4.0.3SP1, and it was working fine.

I would appreciate any pointers and help.

15:29:43,171 INFO [EARDeployer] Init J2EE application: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/deploy/corview.ear
15:29:45,625 INFO [Ejb3AnnotationHandler] found EJB3: ejbName=SecurityManagerBean, class=org.vss.ejb3.sb.SecurityManagerBean, type=STATELESS
15:29:45,765 INFO [Ejb3Deployment] EJB3 deployment time took: 531
15:29:45,875 FATAL [PersistenceXmlLoader] ccor JTA
15:29:45,890 INFO [Ejb3Deployment] EJB3 deployment time took: 109
15:29:46,062 INFO [JmxKernelAbstraction] installing MBean: jboss.j2ee:service=EJB3,ear=corview.ear,jar=corview.ejb3,name=SecurityManagerBean with dependencies:
15:29:46,062 INFO [JmxKernelAbstraction] persistence.units:ear=corview.ear.ear,unitName=ccor
15:29:46,078 INFO [EJB3Deployer] Deployed: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/tmp/deploy/tmp6733corview.ear-contents/corview.ejb3
15:29:46,078 INFO [JmxKernelAbstraction] installing MBean: persistence.units:ear=corview.ear.ear,unitName=ccor with dependencies:
15:29:46,078 INFO [JmxKernelAbstraction] jboss.jca:name=DefaultDS,service=ManagedConnectionFactory
15:29:46,218 INFO [Environment] Hibernate 3.1.2
15:29:46,234 INFO [Environment] hibernate.properties not found
15:29:46,250 INFO [Environment] using CGLIB reflection optimizer
15:29:46,250 INFO [Environment] using JDK 1.4 java.sql.Timestamp handling
15:29:46,546 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Audit
15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ConnectionPort
15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ElementProperty
15:29:46,562 INFO [Ejb3Configuration] found EJB3 @Embeddable: org.vss.ejb3.eb.ElementPropertyPK
15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ElementType
15:29:46,562 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Module
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.ModuleType
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.NetworkElement
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Role
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Service
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.Trap
15:29:46,578 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.TrapsDetail
15:29:46,578 INFO [Ejb3Configuration] found EJB3 @Embeddable: org.vss.ejb3.eb.TrapsDetailPK
15:29:46,593 INFO [Ejb3Configuration] found EJB3 Entity bean: org.vss.ejb3.eb.User
15:29:46,828 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ElementType
15:29:46,984 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ElementType on table ElementType
15:29:47,171 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ModuleType
15:29:47,171 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ModuleType on table ModuleType
15:29:47,296 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.NetworkElement
15:29:47,296 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.NetworkElement on table NetworkElement
15:29:47,343 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ElementProperty
15:29:47,359 WARN [AnnotationBinder] Root entity should not hold an PrimaryKeyJoinColum(s), will be ignored
15:29:47,359 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ElementProperty on table ElementProperties
15:29:47,375 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Module
15:29:47,375 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Module on table Module
15:29:47,375 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.ConnectionPort
15:29:47,375 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.ConnectionPort on table ConnectionPort
15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Service
15:29:47,421 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Service on table Service
15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Trap
15:29:47,421 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Trap on table Trap
15:29:47,421 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.TrapsDetail
15:29:47,437 WARN [AnnotationBinder] Root entity should not hold an PrimaryKeyJoinColum(s), will be ignored
15:29:47,437 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.TrapsDetail on table TrapsDetail
15:29:47,437 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Role
15:29:47,437 INFO [QueryBinder] Binding Named query: getRole => select Object(r) from Role r where roleID = :roleID
15:29:47,437 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Role on table Roles
15:29:47,453 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.User
15:29:47,453 INFO [QueryBinder] Binding Named query: loginQuery => select Object(u) from User u where loginID = :loginID
15:29:47,453 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.User on table Users
15:29:47,484 INFO [AnnotationBinder] Binding entity from annotated class: org.vss.ejb3.eb.Audit
15:29:47,484 INFO [EntityBinder] Bind entity org.vss.ejb3.eb.Audit on table Audit
15:29:47,718 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.Trap.details -> TrapsDetail
15:29:47,718 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.properties -> ElementProperties
15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.ModuleType.modules_of_type -> Module
15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.modules -> Module
15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.NetworkElement.audit -> Audit
15:29:47,734 INFO [CollectionBinder] Mapping collection: org.vss.ejb3.eb.Module.ports -> ConnectionPort
15:29:48,390 INFO [ConnectionProviderFactory] Initializing connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
15:29:48,421 INFO [InjectedDataSourceConnectionProvider] Using provided datasource
15:29:48,437 INFO [SettingsFactory] RDBMS: HSQL Database Engine, version: 1.8.0
15:29:48,437 INFO [SettingsFactory] JDBC driver: HSQL Database Engine Driver, version: 1.8.0
15:29:48,812 INFO [Dialect] Using dialect: org.hibernate.dialect.HSQLDialect
15:29:48,843 INFO [TransactionFactoryFactory] Using default transaction strategy (direct JDBC transactions)
15:29:48,843 INFO [TransactionManagerLookupFactory] instantiating TransactionManagerLookup: org.hibernate.transaction.JBossTransactionManagerLookup
15:29:48,859 INFO [TransactionManagerLookupFactory] instantiated TransactionManagerLookup
15:29:48,859 INFO [SettingsFactory] Automatic flush during beforeCompletion(): enabled
15:29:48,859 INFO [SettingsFactory] Automatic session close at end of transaction: disabled
15:29:48,859 INFO [SettingsFactory] JDBC batch size: 15
15:29:48,859 INFO [SettingsFactory] JDBC batch updates for versioned data: disabled
15:29:48,859 INFO [SettingsFactory] Scrollable result sets: enabled
15:29:48,859 INFO [SettingsFactory] JDBC3 getGeneratedKeys(): disabled
15:29:48,859 INFO [SettingsFactory] Connection release mode: after_statement
15:29:48,859 INFO [SettingsFactory] Default batch fetch size: 1
15:29:48,859 INFO [SettingsFactory] Generate SQL with comments: disabled
15:29:48,859 INFO [SettingsFactory] Order SQL updates by primary key: disabled
15:29:48,859 INFO [SettingsFactory] Query translator: org.hibernate.hql.ast.ASTQueryTranslatorFactory
15:29:48,875 INFO [ASTQueryTranslatorFactory] Using ASTQueryTranslatorFactory
15:29:48,875 INFO [SettingsFactory] Query language substitutions: {}
15:29:48,875 INFO [SettingsFactory] Second-level cache: enabled
15:29:48,875 INFO [SettingsFactory] Query cache: disabled
15:29:48,875 INFO [SettingsFactory] Cache provider: org.hibernate.cache.HashtableCacheProvider
15:29:48,875 INFO [SettingsFactory] Optimize cache for minimal puts: disabled
15:29:48,875 INFO [SettingsFactory] Structured second-level cache entries: disabled
15:29:48,906 INFO [SettingsFactory] Statistics: disabled
15:29:48,906 INFO [SettingsFactory] Deleted entity synthetic identifier rollback: disabled
15:29:48,906 INFO [SettingsFactory] Default entity-mode: pojo
15:29:49,015 INFO [SessionFactoryImpl] building session factory
15:29:50,562 INFO [SessionFactoryObjectFactory] Not binding factory to JNDI, no JNDI name configured
15:29:50,609 INFO [SchemaExport] Running hbm2ddl schema export
15:29:50,625 INFO [SchemaExport] exporting generated schema to database
15:29:50,687 INFO [SchemaExport] schema export complete
15:29:50,718 INFO [NamingHelper] JNDI InitialContext properties:{java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces}
15:29:53,703 INFO [EJB3Deployer] Deployed: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/tmp/deploy/tmp6733corview.ear-contents/corview.par
15:29:53,703 INFO [TomcatDeployer] deploy, ctxPath=/corview, warUrl=.../tmp/deploy/tmp6733corview.ear-contents/corview-exp.war/
15:29:53,953 INFO [SecurityContextFilter] The Login module is set to: corview-client
15:29:53,968 INFO [LoggedInFilter] Context Root of the application is: /corview
15:29:55,609 INFO [TilesPlugin] Tiles definition factory loaded for module ''.
15:29:55,625 INFO [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validator-rules.xml'
15:29:55,625 INFO [ValidatorPlugIn] Loading validation rules file from '/WEB-INF/validation.xml'
15:29:56,140 INFO [JBossCacheManager] init(): replicationGranularity_ is 0 and invaldateSessionPolicy is 2
15:29:56,171 ERROR [JBossCacheService] jboss.cache:service=TomcatClusteringCache service to Tomcat clustering not found
15:29:56,171 ERROR [JBossCacheManager] JBossCacheService to Tomcat clustering not found
15:29:56,171 ERROR [TomcatDeployer] Failed to setup clustering, clustering disabled
15:29:56,281 INFO [EARDeployer] Started J2EE application: file:/F:/java/jboss/jboss-4.0.4RC1/server/default/deploy/corview.ear
15:29:56,640 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
15:29:57,062 INFO [ChannelSocket] JK: ajp13 listening on /0.0.0.0:8009
15:29:57,093 INFO [JkMain] Jk running ID=0 time=0/93 config=null
15:29:57,140 INFO [Http11BaseProtocol] Starting Coyote HTTP/1.1 on http-0.0.0.0-8443
15:29:57,218 INFO [Server] JBoss (MX MicroKernel) [4.0.4RC1 (build: CVSTag=JBoss_4_0_4_RC1 date=200602071519)] Started in 1m:12s:984ms

1. Re: @SecurityDomain in JBoss4.0.4RC1

j2ee_junkie Mar 1, 2006 9:06 AM (in response to yantriki)

Yantriki,

If you have security-domain set in your jboss-app.xml file that is not found in the $SERVER/conf/login-config.xml then the "other" domain is used as default. Is this what is happing? If so, check that your domain names match.

cgriffith
Actions

2. Re: @SecurityDomain in JBoss4.0.4RC1

yantriki Mar 1, 2006 10:40 AM (in response to yantriki)

I can see the security domain loaded in the JBoss in the XMLLoginConfig MBean's displayAppConfig method and I am not using the jboss-app.xml file.
Here's how my code defined

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import javax.annotation.security.RolesAllowed;
import javax.ejb.Remote;
import javax.ejb.Stateless;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import javax.persistence.Query;

import org.jboss.annotation.security.SecurityDomain;
import org.jboss.aspects.security.Unchecked;
import org.jboss.logging.Logger;
import org.vss.ejb3.eb.Role;
import org.vss.ejb3.eb.User;
import org.vss.ejb3.sb.SecurityManager;
import org.vss.utils.HashUtils;

@Stateless
@Remote(SecurityManager.class)
@SecurityDomain("corview-server")
public class SecurityManagerBean implements SecurityManager {
 @Unchecked
 public User login(java.lang.String loginID,
 java.lang.String password) throws Exception {
 //....implementation
 }

 @RolesAllowed( { "admin" })
 public User getUser(int userID){
 //.....implementation
 }
 @RolesAllowed( { "admin", "manager" })
 public Collection<User> getAllUsers();
 // implementation
 }

 // other methods implementation etc.
}

3. Re: @SecurityDomain in JBoss4.0.4RC1

yantriki Mar 1, 2006 12:42 PM (in response to yantriki)

cgriffith,
Your idea about the META-INF file helped me point in the right direction. Removing the META-INF/jboss.xml file from ejb3 jar seems to fix the problem.
vivek
Actions

4. Re: @SecurityDomain in JBoss4.0.4RC1 (please help!!)

delkant Mar 15, 2006 11:16 AM (in response to yantriki)

hi,
i have a similar problem, i don't know what descriptors are needed here(do i need the ejb-jar.xml, what this have to contain?).

i have this:

ear
---------META-INF/application.xml
---------ejb3.jar------META-INF/jboss.xml (just with the security-domain line)
---------ejb3.jar----------AuthenticationTest.class(without the @SecurityDomain, but with the @PermitAll annotation)

i'm trying to acces with a remote swing client, but always i get the same error:
users.properties not found.
the server always is searching the plains files and not my login-config.xml policy

login-config.xml

 <!-- OpenCrx Standard Servlet policy -->
 <application-policy name="opencrx-core-CRX">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
 <module-option name="dsJndiName">java:/jdbc_opencrx_CRX</module-option>
 <module-option name="principalsQuery">
 SELECT c.passwd FROM security_Principal p, security_Credential c
 WHERE (p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND
 "c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default'
AND
 "c$7"='principal' AND n=8)) AND (p."p$$credential__rid" = c.object_rid) AND (p."p$$credential__oid" = c.obje
ct_oid) AND
 (p.object_idx = 0) AND (p.object_oid = ?)
 </module-option>
 <module-option name="rolesQuery">SELECT pg."p$$granted_role__oid", 'Roles' FROM security_Principal pg,
 security_Principal p WHERE (pg.object_rid = p."p$$is_member_of__rid") AND (pg.object_oid = p."p$$is_member_of__oid")
 AND
 (p.object_rid IN (SELECT object_rid FROM security_REF WHERE "c$0"='org:openmdx:security:realm1' AND
 "c$1"='provider' AND "c$2"='CRX' AND "c$3"='segment' AND "c$4"='Root' AND "c$5"='realm' AND "c$6"='Default' AND
 "c$7"='principal' AND n=8)) AND (p.object_oid = ?)
 </module-option>
 <module-option name="ignorePasswordCase">true</module-option>
 <module-option name="hashCharset">UTF-8</module-option>
 <module-option name="hashEncoding">base64</module-option>
 <module-option name="hashAlgorithm">MD5</module-option>
 </login-module>
 </authentication>
 </application-policy>

jboss.xml

<jboss>
 <security-domain>java:/jaas/opencrx-core-CRX</security-domain>
</jboss>

jndi call from the client

public static final String JNDI_FACTORY = "org.jnp.interfaces.NamingContextFactory";
public static final String JNDI_URL_PKG_PREFIXES="org.jboss.naming:org.jnp.interfaces";
 public static String JNDI_PROVIDER_URL = "localhost";
 public static String JNDI_PROVIDER_PORT = "1099";

 Properties prop = new Properties();
 prop.put( Context.INITIAL_CONTEXT_FACTORY, JNDI_FACTORY );
 prop.put( Context.URL_PKG_PREFIXES, JNDI_URL_PKG_PREFIXES );
 prop.put( Context.PROVIDER_URL, JNDI_PROVIDER_URL + ":"
 + JNDI_PROVIDER_PORT );
 prop.put( Context.SECURITY_PRINCIPAL, "tester01");
 prop.put( Context.SECURITY_CREDENTIALS, "tester01");
 ictxt = new InitialContext( prop );

do i need a empty ejb-jar.xml in somewhere?
do i need an special annotation in my remote interface in the SessionBean?

5. Re: @SecurityDomain in JBoss4.0.4RC1

delkant Mar 15, 2006 2:30 PM (in response to yantriki)

I solve my problem in part deleting all the jboss.xml and the unnecessary descriptors.
now i have a annotated authentication, but what i really want is to past all the @securityDomain annotation to a descriptor and just leave the @permitall and @rolesAllowed part in my class.

can anyone tell me how to do that? and what descriptors i have to use?
Actions
6. Re: @SecurityDomain in JBoss4.0.4RC1

delkant Mar 15, 2006 4:18 PM (in response to yantriki)
now i know how to replace the @securityDomain annotation by <security-domain> tag in a descriptor file.

my error was that i was putting the string java:/jaas/
jboss.xml (WITH THE ERROR)
<jboss> <security-domain> java:/jaas/opencrx-core-CRX </security-domain> </jboss>

jboss.xml
<jboss> <security-domain> opencrx-core-CRX </security-domain> </jboss>

everythig works fine now.

i have a class without the @securitydomain annotation and just with the @Rolesallowed definitions.
//imports.. @Stateful public class MySession{ @RolesAllowed({"me"}) public String getHelloWorld(){ return "HOLA"; } }

so now i can change my securty domain in just one file.
Actions

Go to original post