0 Replies Latest reply on Nov 7, 2006 11:47 AM by TY

    Credentials propagation to a remote jboss server

    TY Newbie

      Hello,

      I'm trying to authenticate the accesses to a jboss-4.0.4 server through an EJB session facade with a unique "generic" user account.
      This server is remotely acceded from a jboss-portal-2.4 server.
      I used to authenticate this way from a simple tomcat5.0 server, but I can't succeed in doing the same from the jboss portal server.
      Following is the description of my current configuration.

      on jboss portal side:
      --------------------
      1- Added an SSOValve as described just like in page http://www.simongbrown.com/blog/2004/11/04/1099588633312.html
      This valve does something like:

      request.setUserPrincipal(new SSOPrincipal(request.getContext()
       .getRealm(), username, password, roles));

      where SSOPrincipal extends org.apache.catalina.realm.GenericPrincipal

      2- An extract of my jboss-web.xml file:
      <security-domain>java:/jaas/client-login</security-domain>

      This should help propagating my credentials to my session facade on a remote jboss server

      on the remote jboss server side:
      -------------------------------
      I have the following settings that used to work when I had a simple tomcat server in the front side. Now I try to do the same with jboss portal in front, but the remote jboss server settings remain the same:
      1- I defined in jboss-login file:
      <application-policy name="gubpm">
       <authentication>
       <login-module
       code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag="required">
       <module-option name="usersProperties">
       props/gubpm-users.properties
       </module-option>
       <module-option name="rolesProperties">
       props/gubpm-roles.properties
       </module-option>
       </login-module>
       <login-module code="org.jboss.security.ClientLoginModule"
       flag="required">
       <!-- Any existing security context will be restored on logout -->
       <module-option name="restore-login-identity">
       true
       </module-option>
       </login-module>
       </authentication>
       </application-policy>


      3- From jboss portal, I do a lookup of the remote facade:
      Hashtable props = new Hashtable();
       props.put(Context.INITIAL_CONTEXT_FACTORY,
       "org.jnp.interfaces.NamingContextFactory");
       String providerUrl = Constants.PROVIDER_URL;
       props.put(Context.PROVIDER_URL, providerUrl);
      
       Object reference = (new InitialContext(props)).lookup("SessionFacade");
      
       SessionFacadeHome home = (SessionFacadeHome) PortableRemoteObject
       .narrow(reference, SessionFacadeHome.class);
      
       return home.create();



      2- I also added the following line to my jboss.xml file:
      <security-domain>java:/jaas/gubpm</security-domain>


      3- My ejb is configured to authorize accesses to the methods to role 'Authenticated'

      The result is that this fail on the lookup line:
      Object reference = (new InitialContext(props)).lookup("SessionFacade");


      with the following error:
      Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)


      Of course I checked that the given username and password are the same that the remote jboss server expect to find in files props/gubpm-users.properties and props/gubpm-roles.properties. I cannot find what is wrong in my settings...

      Please help!
      Thanks,

      Tanguy