1 Reply Latest reply on Dec 7, 2008 11:15 AM by Anil Saldanha

    Urgent: Authentication Exception while accessing an none Sec

    Puneet Jain Newbie

      Hello,

      I have an application deployed in JBoss Server. I have secured web module and ejb module using JAAS security. One EJB is secured by JAAS while other one is not secured.

      Problem:
      When non secured EJB is called from action class, AuthenticationException is thrown.

      Steps Performed:
      I have defined two security domains DOMAIN1 and DOMAIN2 in /conf/login-config.xml.
      1. DOMAIN1 is configured for web module in /WEB-INF/jboss-web.xml.

      <jboss-web>
       <security-domain>java:/jaas/DOMAIN1</security-domain>
       <replication-config>
       <replication-trigger>SET_AND_NON_PRIMITIVE_GET</replication-trigger>
       <replication-granularity>SESSION</replication-granularity>
       <replication-field-batch-mode>true</replication-field-batch-mode>
       </replication-config>
      </jboss-web>


      2. DOMAIN2 is configure on EJB module in <ejb jar>/META-INF/jboss.xml

      <jboss>
       <security-domain>java:/jaas/DOMAIN2</security-domain>
      </jboss>


      3. ejb module is having 2 session beans: EJB1 and EJB2. Roles for EJB1 is defined in <ejb module>/META-INF/ejb-jar.xml file. EJB2 is non secured and doesn't require any security.
      4. Deployed the ear file in JBoss.
      5. Opened Login page and entered credentials.
      6. After successful login, navigate to the page which has call to non secured ejb's method i.e. EJB2's method.

      Result:
      Authentication Exception is thrown and action class is not able to access the ejb.

      If I access this ejb by writing a standalone java client then it is successful but using the Web module, it is not allowing to access.


      Any reply is appreciated as this is a bottle neck problem for me. I am stuck with this and I am having a very tight dead line to finish this.

      Exception:

      12:13:28,828 ERROR [[default]] Servlet.service() for servlet default threw exception
      javax.ejb.EJBAccessException: Authentication failure
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
      at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)
      at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)
      at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)

      Thanks in advance.
      Puneet