4 Replies Latest reply on Sep 21, 2009 2:00 PM by Michal Bartyzel

    A lot off @SecurityDomain annotations...

    Michal Bartyzel Newbie

      Hi,

      I wanna to configure security for my ejb and I have some problems :)
      I use Eclipse Galileo for JEE Developers + JBoss 5.0.1.GA

      1. There are tree @SecurityDomain annotations:
      @org.jboss.ejb3.annotation.SecurityDomain
      @org.jboss.aspects.security.SecurityDomain
      @org.jboss.security.annotation.SecurityDomain

      Which of them I should use? Only @org.jboss.ejb3.annotation.SecurityDomain forces applying security because I have EJBAccessException, but...

      Below my steps with configuring security
      1. Define domain in /server/default/conf/login-config.xml
      <application-policy name="Sandbox">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
      <module-option name="usersProperties">users.properties</module-option>
      <module-option name="rolesProperties">roles.properties</module-option>
      </login-module>

      </application-policy>

      2. Then I put properties to source folder of EJB project
      user.properties
      guest=pass
      admin=admin

      roles.properties
      guest=LOGGED
      admin=SUPER,LOGGED

      3. I added security domain to my ejb
      import @org.jboss.ejb3.annotation.SecurityDomain;

      @Stateless(name="Service")
      @SecurityDomain("Sandbox",)
      @PermitAll
      public class ServiceBean implements ServiceRemote {
      public String getDescription() {...}
      ...
      }

      4. And now we have client code:
      Properties prop = new Properties();
      prop.put(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
      prop.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
      prop.put(Context.PROVIDER_URL, "jnp://localhost:1099");
      prop.put(Context.SECURITY_PRINCIPAL, "guest");
      prop.put(Context.SECURITY_CREDENTIALS, "pass");

      InitialContext ctx = new InitialContext(prop);

      //obtaining remote reference goes here...

      System.out.println( service.getDescription() );

      And, every time EJBAccessException is being throwed.

      Anyone knows what i did wrong?

      Thanks for help

        • 1. Re: A lot off @SecurityDomain annotations...
          Michal Bartyzel Newbie

          One more. I turned security package into DEUG mode and I have:

          2009-09-19 12:14:54,015 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (WorkerThread#0[127.0.0.1:3413]) Loaded properties, users=[admin, guest]
          2009-09-19 12:14:54,015 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (WorkerThread#0[127.0.0.1:3413]) Loaded properties, users=[admin, guest]
          2009-09-19 12:14:54,015 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (WorkerThread#0[127.0.0.1:3413]) Bad password for username=null
          2009-09-19 12:14:54,046 DEBUG [org.jboss.remoting.transport.socket.ServerSocketWrapper] (WorkerThread#0[127.0.0.1:3413]) ServerSocketWrapper[Socket[addr=/127.0.0.1,port=3413,localport=3873].7321aa] wrote CLOSING
          2009-09-19 12:14:54,046 DEBUG [org.jboss.remoting.transport.socket.SocketWrapper] (WorkerThread#0[127.0.0.1:3413]) ServerSocketWrapper[Socket[addr=/127.0.0.1,port=3413,localport=3873].7321aa] closing socket
          2009-09-19 12:14:54,046 DEBUG [org.jboss.remoting.transport.socket.SocketWrapper] (WorkerThread#0[127.0.0.1:3413]) ServerSocketWrapper[Socket[addr=/127.0.0.1,port=3413,localport=3873].7321aa] closed socket
          2009-09-19 12:14:54,046 DEBUG [org.jboss.remoting.transport.socket.ServerThread] (WorkerThread#0[127.0.0.1:3413]) WorkerThread#0[127.0.0.1:3413] closed socketWrapper: ServerSocketWrapper[Socket[addr=/127.0.0.1,port=3413,localport=3873].7321aa]
          2

          I guess JBoss didn't receive user name and password, but why? Look on my jndi connection, please

          • 2. Re: A lot off @SecurityDomain annotations...
            Wolfgang Knauf Master

            Hi,

            "JndiLoginInitialContextFactory" should be no longer used in JBoss 5.

            See the Security FAQ ( http://www.jboss.org/community/wiki/SecurityFAQ ), question 10 for more information.

            Hope this helps

            Wolfgang

            • 3. Re: A lot off @SecurityDomain annotations...
              Wolfgang Knauf Master

              And for the annotation question: you need "@org.jboss.ejb3.annotation.SecurityDomain".

              Best regards

              Wolfgang