1 Reply Latest reply on Sep 20, 2005 6:48 PM by andy abendschein

    unable to access secured ejb from resource adapter

    andy abendschein Newbie

      We have an EJB application that makes use of a resource adapter to handle bidirectional socket communications with a number of external clients. This application also communicates to a remote console application using the traditional EJB home/remote interfaces.

      I am now in the process of adding security to the application using an LDAP repository. While I have been successful in getting the console to access the EJBs via use of the org.jboss.security.auth.spi.LdapLoginModule (after user login), I have so far not been able to get the resource adapter to access the 'secured' ejbs.

      Regardless of what configuration changes I have made to the deployment descriptor (for example <security-domain-and-application>, <security-domain>, <security-identity>), the result is always 'Bad password for username=null'.

      I suppose that there is some configuration that I need that I simply don't understand. Any thoughts?

      I would be most grateful for any help.

      Thanks,

      Andy

      Pertinent information:
      JBoss version: 4.0.2(build: CVSTag=JBoss_4_0_2
      OS: windows XP Professional

      -ds.xml contents:

      <?xml version="1.0" encoding="UTF-8"?>
      <connection-factories>
      
      <!-- JMS XA Resource adapter, use this to get transacted JMS in beans -->
      <no-tx-connection-factory>
      <jndi-name>CMAConnectionFactory</jndi-name>
      
      
      <!-- JBoss 4.0.x -->
      <rar-name>03-cma-message.rar</rar-name>
      <connection-definition>com.cox.cma.server.message.ra.intf.CMAConnectionFactory</connection-definition>
      
      <!--ALA begin -->
      <security-domain-and-application>cma</security-domain-and-application>
      <security-identity>
       <run-as>
       <roll-name>user</roll-name>
       </run-as>
      </security-identity>
      <!-- ALA end -->
      
      </no-tx-connection-factory>
      
      </connection-factories>
      



      Stack trace:
      2005-09-02 16:20:37,459 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Resource adapter is starting.
      2005-09-02 16:20:37,459 DEBUG [com.cox.cma.server.message.ra.ResourceAdapterImpl] Resource adapter loading properties from XML.
      2005-09-02 16:20:37,469 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting Acceptor.
      2005-09-02 16:20:37,469 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Local socket address: 0.0.0.0/0.0.0.0:6565
      2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.Acceptor] Acceptor configured to listen for incoming connections on 0.0.0.0/0.0.0.0:6565
      2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Acceptor starting work thread to accept incoming connections.
      2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting SecureAcceptor.
      2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.SecureAcceptor] Local socket address: 0.0.0.0/0.0.0.0:6566
      2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.Acceptor] Run method called to accept incoming connections.
      2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.Acceptor] Starting the isRunning loop!
      2005-09-02 16:20:37,970 INFO [com.cox.cma.server.message.ra.inbound.SecureAcceptor] SecureAcceptor configured to listen for incoming (temporarily non-)secure connections on 0.0.0.0/0.0.0.0:6566
      2005-09-02 16:20:37,970 DEBUG [com.cox.cma.server.message.ra.inbound.SecureAcceptor] SecureAcceptor starting work thread to accept incoming connections.
      2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.ResourceAdapterImpl] Creating and starting ReplyReceiver...
      2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.outbound.ReplyReceiver] Creating AsyncTimer session bean to trigger periodic cleanup.
      2005-09-02 16:20:37,980 INFO [com.cox.cma.server.message.ra.inbound.SecureAcceptor] Run method called to accept incoming secure connections.
      2005-09-02 16:20:38,000 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=null
      2005-09-02 16:20:38,010 DEBUG [org.jboss.ejb.plugins.LogInterceptor] SecurityException in method: public abstract com.cox.cma.server.message.ra.ejb.AsyncTimerLocal com.cox.cma.server.message.ra.ejb.AsyncTimerLocalHome.create() throws javax.ejb.CreateException:
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:166)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:483)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:425)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:251)
       at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:180)
       at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:106)
       at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:121)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
       at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
       at org.jboss.ejb.Container.invoke(Container.java:894)
       at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:342)
       at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
       at $Proxy67.create(Unknown Source)
       at com.cox.cma.server.message.ra.outbound.ReplyReceiver.<init>(ReplyReceiver.java:145)
       at com.cox.cma.server.message.ra.outbound.ReplyReceiver.getInstance(ReplyReceiver.java:179)
       at com.cox.cma.server.message.ra.ResourceAdapterImpl.start(ResourceAdapterImpl.java:151)
       at org.jboss.resource.deployment.RARDeployment.startService(RARDeployment.java:102)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
       at org.jboss.system.ServiceDynamicMBeanSupport.invoke(ServiceDynamicMBeanSupport.java:110)
       at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:150)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:418)
       at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy32.start(Unknown Source)
       at org.jboss.deployment.SimpleSubDeployerSupport.startService(SimpleSubDeployerSupport.java:378)
       at org.jboss.deployment.SimpleSubDeployerSupport.start(SimpleSubDeployerSupport.java:141)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
       at sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy8.deploy(Unknown Source)
       at org.jboss.deployment.scanner.URLDeploymentScanner.deploy(URLDeploymentScanner.java:325)
       at org.jboss.deployment.scanner.URLDeploymentScanner.scan(URLDeploymentScanner.java:501)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner$ScannerThread.doScan(AbstractDeploymentScanner.java:204)
       at org.jboss.deployment.scanner.AbstractDeploymentScanner.startService(AbstractDeploymentScanner.java:277)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:272)
       at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:222)
       at sun.reflect.GeneratedMethodAccessor2.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:897)
       at $Proxy0.start(Unknown Source)
       at org.jboss.system.ServiceController.start(ServiceController.java:418)
       at sun.reflect.GeneratedMethodAccessor9.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy4.start(Unknown Source)
       at org.jboss.deployment.SARDeployer.start(SARDeployer.java:273)
       at org.jboss.deployment.MainDeployer.start(MainDeployer.java:964)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:775)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:738)
       at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:722)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
       at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:121)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:127)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:74)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:249)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
       at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:177)
       at $Proxy5.deploy(Unknown Source)
       at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:434)
       at org.jboss.system.server.ServerImpl.start(ServerImpl.java:315)
       at org.jboss.Main.boot(Main.java:195)
       at org.jboss.Main$1.run(Main.java:463)
       at java.lang.Thread.run(Thread.java:595)


        • 1. Re: unable to access secured ejb from resource adapter
          andy abendschein Newbie

          After a lot of digging, I eventually found that the magic that I was looling for was a mechanism of establishing the credentials that the resource adapter needed to access the other, protected EJBs.

          The relevant code is shown here:

          String systemName = System.getProperty("systemName");
          String systemPassword = System.getProperty("systemPassword");

          org.jboss.security.SecurityAssociation.setPrincipal(new org.jboss.security.SimplePrincipal(systemName));
          org.jboss.security.SecurityAssociation.setCredential(systemPassword.toCharArray());

          where the systemName and systemPassword are read as system properties.