4 Replies Latest reply on Apr 4, 2006 7:49 AM by Milen Angelov

    EJB Client does not provide SECURITY_PRINCIPAL correctly

    Milen Angelov Newbie

      Hullo there,
      It is obviuos for me that I'm missing something while I'm trying to make a secure invoke of EJB method but I can't see where exacly is the problem.

      Here is how a client call EJB method:
      Hashtable<String,String> props = new Hashtable<String,String>();

      props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");

      props.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");

      props.put(Context.PROVIDER_URL, "jnp://localhost:1099");

      props.put(Context.SECURITY_PRINCIPAL, "pimpf");

      props.put(Context.SECURITY_CREDENTIALS, "passwd");

      return new InitialContext(props);

      }


      /**

      * Get the home interface

      */

      protected SessionEJB getHome() throws Exception {

      Context ctx = this.getInitialContext();

      return (SessionEJB)ctx.lookup("pimpf-test/SessionEJB/remote");
      }

      I have very simple LoginModule which extends AbstractServerLoginModule, but in method initialize:

      public void initialize(Subject subject, CallbackHandler callbackHandler,
      Map sharedState, Map options)
      {
      super.initialize(subject, callbackHandler, sharedState, options);

      log.trace("Principals are: "+subject.getPrincipals());

      what the log file says is:
      Principals are: []

      Can anyone tell me what I'm missing on the client side, because the module is called, but somehow it decides that the caller is anonymous?

        • 1. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
          Thomas Busch Newbie

          I am having a similar problem -- My client sets the properties almost identically to what you have shown but for some reason once I'm in the EJB tier, Jboss is telling my session bean that the anonymous "guest" user is signed in ( context.getCallerPrincipal() ).

          I've been scouring the web all morning looking for a solution and I can't figure out what I'm missing.

          Here is my setup for the JNDI Context:

           public Context getJNDIContext() throws NamingException {
           Hashtable<String, String> h = new Hashtable<String, String>();
           h.put(Context.INITIAL_CONTEXT_FACTORY, GIMGlobalConstants.INITIAL_CONTEXT_FACTORY);
           h.put(Context.PROVIDER_URL, url);
           if (principalName != null)
           h.put(Context.SECURITY_PRINCIPAL, principalName);
           if (principalPassword != null)
           h.put(Context.SECURITY_CREDENTIALS, principalPassword);
           h.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
           System.out.println("user: " + principalName + " && pass: " + principalPassword);
           return new InitialContext(h);
           }
          


          I believe the solution to my problem will be nearly identical to the solution to the originator's problem, so hopefully this will also bump the thread to get visibility to someone who has some answers!

          • 3. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
            Thomas Busch Newbie

            Thank you, the FAQ has solved my problem I appreciate the time you've given me!

            • 4. Re: EJB Client does not provide SECURITY_PRINCIPAL correctly
              Milen Angelov Newbie

              That also worked for me. Almost

              Now what I recieved is something very odd:

              13:39:59,755 INFO [STDOUT] DatabaseServerLoginModule, dsJndiName=java:/PimpfOracleDS
              13:39:59,756 INFO [STDOUT] principalsQuery=select passphrase from users where username = ?
              13:39:59,756 INFO [STDOUT] rolesQuery=SELECT ROLENAME, 'ROLES' FROM ROLES WHERE ROLEID = (SELECT ROLEID FROM USERS WHERE USERNAME = ?)
              13:39:59,922 INFO [STDOUT] Going to get roles for user pimpf
              13:39:59,927 INFO [STDOUT] Assign user to role user
              13:39:59,965 ERROR [RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=pimpf, requiredRoles=[user], principalRoles=null


              Obviously it takes user passphrase and rolename correctly. It tries to assign user to rolename 'user' and then it says: principalRoles = null?

              Here is the result of the rolesQuery:
              SELECT ROLENAME, 'ROLES' FROM ROLES WHERE ROLEID = (SELECT ROLEID FROM USERS WHERE USERNAME = 'pimpf')

              ROLENAME ROLES
              ----------- --------
              user ROLES


              Any ideas?! Please help