8 Replies Latest reply on Oct 12, 2006 5:58 AM by rhino247365

    Problems using JAAS with EJB 3.0 on JBoss 4.0.4-GA

    Daniel Destro do Carmo Newbie

      Hello all,

      I am trying to build a very simple JavaEE application with JAAS, but I getting mad.

      I have an EAR packed with a WAR module an EJB JAR module and a JAR with other classes. Struts is the MVC framework and EJB 3.0 is been used.

      First of all, I configured the "login-config.xml" file within /conf directory in JBoss, like this:

      <application-policy name="exemplo1">
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:jdbc/Infra_Seguranca</module-option>
       <module-option name="principalsQuery">SELECT COD_USUARIO AS Password FROM USUARIO WHERE COD_USUARIO=?</module-option>
       <module-option name="rolesQuery">SELECT NOME_ROLE AS Roles, 'Roles' AS RoleGroups FROM ROLE_USUARIO WHERE COD_USUARIO=?</module-option>

      Next I configured the "web.xml" file like this:

       <description>Declarative security tests</description>
       <description>no description</description>
       <description>Role xxx</description>

      Notice that I am using the "xxx" role to protect the "*.do" URL pattern.

      The "jboss-web.xml" is like this:

      <?xml version="1.0"?>

      As it is, it works perfectly, which means, every time I try to access a "*.do" URL it verifies whether I am authenticated and have authroization or not. If not, the login page shows up.

      Now I wanna to be able to also protect my EJBs.

      My Stateless Session Bean is implemented as follow:

       public class UserManagementBean implements UserManagement {
       public void add(User user) {

      When I run all this, the container simply igoners the @RolesAllowed("yyy") annotation and allow the EJB execution.

      If I add the "jboss.xml" file, like this:

      <?xml version="1.0"?>

      I start getting this stack trace:

      ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
      at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
      at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      Am I missing something? What do I have to do to get JAAS working fine with my EJBs? Do I have to also configure and/or provide "ejb-jar.xml" ???