1 Reply Latest reply on Nov 19, 2006 8:53 AM by K A

    EJBAccessException

    K A Newbie

      Hi,

      I'm trying to use JBoss with EJB3 and JAAS but I'm getting an EJBAccessException and I can't figure out why. Im using JBoss 4.0.5.GA and EJB3. When testing for isUserInRole("operator") in my webapp it returns true but the exception is thrown when trying to call a metod on an EJB.

      My config and code looks like this:

      web.xml

      <security-constraint>
       <web-resource-collection>
       <web-resource-name>My resources</web-resource-name>
       <description>Protects the application</description>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>operator</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login.html</form-login-page>
       <form-error-page>/login_error.html</form-error-page>
       </form-login-config>
       </login-config>


      jboss-web.xml
      <jboss-web>
      <security-domain>java:/jaas/my_security_domain</security-domain>
      </jboss-web>


      jboss.xml
      <jboss>
      <security-domain>java:/jaas/my_security_domain</security-domain>
      </jboss>


      login-config.xml
      <application-policy name="my_security_domain">
       <authentication>
       <login-module
       code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
      
       <module-option name="dsJndiName">java:/myDS</module-option>
       <module-option name="principalsQuery">
       select password from user where username=?
       </module-option>
       <module-option name="rolesQuery">
       select role.rolename, 'Roles' from user_role, role where (user_role.username = ?) and (role.id = user_role.role_id)
       </module-option>
       </login-module>
       </authentication>
      </application-policy>
      
      
      Code for getting EJB from web app
      InitialContext ctx = new InitialContext();
      Object result = ctc.lookup("myEJB");


      EJB code
      @Stateless
      @RolesAllowed("operator")
      public class MyManagerBean implements MyManager {
       ...
      }


      The exception I get looks like this:
      aused by: javax.ejb.EJBAccessException: Authentication failure
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
       at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
       at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:131)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
       at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
       at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
       at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
       at $Proxy166.listMSOperators(Unknown Source)
       at com.bossmedia.egs.jp.web.MSOperatorsListHandler.listMSOperators(Unknown Source)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
       ... 28 more
      aused by: javax.security.auth.login.LoginException: Inga inloggningsmoduler har konfigurerats f÷r java:
       at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
       at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
       at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
       at org.jboss.security.plugins.SubjectActions$LoginContextAction.run(SubjectActions.java:162)
       at java.security.AccessController.doPrivileged(Native Method)
       at org.jboss.security.plugins.SubjectActions.createLoginContext(SubjectActions.java:277)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:600)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
       at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
       ... 43 more
      


      Can anyone help me with this? Thanks in advance.

      /klejs

        • 1. Re: EJBAccessException
          K A Newbie

          I'll answer this one myself. It turns out that, in your jboss.xml file, when using EJB3 you shouldn't use the full JNDI path to point to your seurity domain but just to the name of the security domain.

          So instead of:

          <jboss>
           <security-domain>java:/jaas/my_security_domain</security-domain>
          </jboss>


          It should be:

          <jboss>
           <security-domain>my_security_domain</security-domain>
          </jboss>


          /klejs