4 Replies Latest reply on Nov 10, 2003 10:46 AM by Scott Parmley

    JBoss 3.2.1, Applets and Security

    Scott Parmley Newbie

      Hello everyone.

      I am trying to incorporate use of an EntityBean into a Java Applet I am writing. I've been able to get a handle on the remote interface for my EJB, but when I try to execute a method in that bean, I get the following exception:

      java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

      at java.security.AccessControlContext.checkPermission(Unknown Source)

      at java.security.AccessController.checkPermission(Unknown Source)

      at java.lang.SecurityManager.checkPermission(Unknown Source)

      at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:112)

      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:39)

      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)

      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)

      at $Proxy0.getAAData(Unknown Source)

      at com.paradigm.applet.MVGrid$5.run(Unknown Source)





      I have three questions here:

      1. The section of code that grabs a handle on the EJB and excecutes some logic is within a new thread. Could this cause my problem at all?
      2. The obvious, what am I missing here?
      3. Do I need to have a signed applet to utilize EJBs from JBoss?

      Thanks in advance,
      -Scott

        • 1. Re: JBoss 3.2.1, Applets and Security
          Alexey Borschenko Newbie

          let me see your jboss.xml, ejb-jar.xml & login-config.xml

          • 2. Re: JBoss 3.2.1, Applets and Security
            Scott Parmley Newbie

            LoginConfig:


            <?xml version='1.0'?>
            <!DOCTYPE policy PUBLIC
            "-//JBoss//DTD JBOSS Security Config 3.0//EN"
            "http://www.jboss.org/j2ee/dtd/security_config.dtd">

            <!-- The XML based JAAS login configuration read by the
            org.jboss.security.auth.login.XMLLoginConfig mbean. Add
            an application-policy element for each security domain.

            The outline of the application-policy is:
            <application-policy name="security-domain-name">

            <login-module code="login.module1.class.name" flag="control_flag">
            <module-option name = "option1-name">option1-value</module-option>
            <module-option name = "option2-name">option2-value</module-option>
            ...
            </login-module>

            <login-module code="login.module2.class.name" flag="control_flag">
            ...
            </login-module>
            ...

            </application-policy>

            $Revision: 1.6.2.1 $
            -->


            <!-- Used by clients within the application server VM such as
            mbeans and servlets that access EJBs.
            -->
            <application-policy name = "client-login">

            <login-module code = "org.jboss.security.ClientLoginModule"
            flag = "required">
            </login-module>

            </application-policy>

            <!-- Security domain for JBossMQ -->
            <application-policy name = "jbossmq">

            <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
            flag = "required">
            <module-option name = "unauthenticatedIdentity">guest</module-option>
            <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
            </login-module>

            </application-policy>

            <!-- Security domains for testing new jca framework -->
            <application-policy name = "HsqlDbRealm">

            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
            flag = "required">
            <module-option name = "principal">sa</module-option>
            <module-option name = "userName">sa</module-option>
            <module-option name = "password"></module-option>
            <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
            </login-module>

            </application-policy>

            <application-policy name = "FirebirdDBRealm">

            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
            flag = "required">
            <module-option name = "principal">sysdba</module-option>
            <module-option name = "userName">sysdba</module-option>
            <module-option name = "password">masterkey</module-option>
            <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
            </login-module>

            </application-policy>

            <application-policy name = "JmsXARealm">

            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
            flag = "required">
            <module-option name = "principal">guest</module-option>
            <module-option name = "userName">guest</module-option>
            <module-option name = "password">guest</module-option>
            <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
            </login-module>

            </application-policy>

            <!-- A template configuration for the jmx-console web application. This
            defaults to the UsersRolesLoginModule the same as other and should be
            changed to a stronger authentication mechanism as required.
            -->
            <application-policy name = "jmx-console">

            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required" />

            </application-policy>

            <!-- The default login configuration used by any security domain that
            does not have a application-policy entry with a matching name
            -->
            <application-policy name = "other">
            <!-- A simple server login module, which can be used when the number
            of users is relatively small. It uses two properties files:
            users.properties, which holds users (key) and their password (value).
            roles.properties, which holds users (key) and a comma-separated list of
            their roles (value).
            The unauthenticatedIdentity property defines the name of the principal
            that will be used when a null username and password are presented as is
            the case for an unuathenticated web client or MDB. If you want to
            allow such users to be authenticated add the property, e.g.,
            unauthenticatedIdentity="nobody"
            -->

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required" />

            </application-policy>





            EJB-JAR:

            <?xml version="1.0" encoding="UTF-8"?>
            <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">
            <ejb-jar>
            <enterprise-beans>

            <display-name>AADataBean</display-name>
            <ejb-name>AADataBean</ejb-name>
            com.paradigm.ejb.AADataRemoteHome
            com.paradigm.ejb.AADataRemote
            <ejb-class>com.paradigm.ejb.AADataBean</ejb-class>
            <persistence-type>Bean</persistence-type>
            <prim-key-class>com.paradigm.base.ValueObject</prim-key-class>
            False
            <env-entry>

            <env-entry-name>uni-username</env-entry-name>
            <env-entry-type>java.lang.String</env-entry-type>
            <env-entry-value>unidata</env-entry-value>
            </env-entry>
            <env-entry>

            <env-entry-name>uni-password</env-entry-name>
            <env-entry-type>java.lang.String</env-entry-type>
            <env-entry-value>query1</env-entry-value>
            </env-entry>

            </enterprise-beans>
            <assembly-descriptor>
            <container-transaction>

            <ejb-name>AADataBean</ejb-name>
            <method-name>*</method-name>

            <trans-attribute>Required</trans-attribute>
            </container-transaction>
            </assembly-descriptor>
            </ejb-jar>


            JBoss.xml:

            Not sure where this file would be. If you are referring to another deployment descriptor, I didn't define one.


            -Scott

            • 3. Re: JBoss 3.2.1, Applets and Security
              Alexey Borschenko Newbie

              looks like your problem resides in another place - probably it's a block of code where you'r getting remote reference to your entity?
              Anyway xml's you show me are ok, and should not produce such exceptions.
              Are u using some security in your application? ;)

              • 4. Re: JBoss 3.2.1, Applets and Security
                Scott Parmley Newbie

                Unless there is a level of security by default in JBoss 3.2.1, I am not using any security. Also, I will enclose my applet code for you to see. I decided to try and use a SessionBean instance which in turn utilizes the desired EntityBean. I am getting the same result. The exception I recieved in the plugin is also below. It seems to occur in the validate() method once I try to invoke a bean method.

                Thanks,
                -Scott

                Pardon the ugly code:

                /*
                 * MVGrid.java
                 *
                 * Created on October 27, 2003, 3:41 PM
                 */
                
                package com.paradigm.applet;
                
                import com.paradigm.ejb.LLR295FacadeHome;
                import com.paradigm.ejb.LLR295Facade;
                import com.paradigm.valueObject.AAData;
                import com.paradigm.base.ValueObject;
                import com.paradigm.exception.*;
                import com.paradigm.base.LoginConfig;
                import com.paradigm.base.SimpleLoginConfig;
                
                import java.rmi.*;
                import javax.rmi.*;
                import javax.naming.*;
                import javax.ejb.CreateException;
                
                import java.util.StringTokenizer;
                import java.util.HashMap;
                import java.util.TreeMap;
                import java.util.TreeSet;
                import java.util.ArrayList;
                import java.util.Iterator;
                import java.util.Enumeration;
                import java.util.Vector;
                import java.util.Set;
                import java.util.Properties;
                
                import javax.swing.JApplet;
                import javax.swing.JTable;
                import javax.swing.table.TableCellEditor;
                import javax.swing.table.DefaultTableModel;
                import javax.swing.table.TableColumn;
                import javax.swing.table.DefaultTableColumnModel;
                import javax.swing.event.TableModelEvent;
                import javax.swing.event.TableModelListener;
                import javax.swing.event.ListSelectionListener;
                import javax.swing.event.ListSelectionEvent;
                import javax.swing.event.CellEditorListener;
                import javax.swing.event.ChangeEvent;
                import javax.swing.DefaultCellEditor;
                import javax.swing.JTextField;
                
                
                import com.paradigm.applet.particle.Particle;
                import com.paradigm.applet.particle.GridParticle;
                import com.paradigm.applet.particle.ColumnParticle;
                /**
                 *
                 * @author parmley
                 */
                public class MVGrid extends JApplet {
                
                 /** Initializes the applet MVGrid */
                 public void init() {
                 initComponents();
                 setGridColumns();
                
                 mvTable.getSelectionModel().addListSelectionListener(new ListSelectionListener() {
                 public void valueChanged(ListSelectionEvent evt) {
                 int col = mvTable.getSelectedColumn();
                 int row = mvTable.getSelectedRow();
                 if(columns[col].isEditable()) {
                 mvTable.editCellAt(row,col);
                 }
                 }
                 });
                
                 }
                
                 /** This method is called from within the init() method to
                 * initialize the form.
                 * WARNING: Do NOT modify this code. The content of this method is
                 * always regenerated by the Form Editor.
                 */
                 private void initComponents() {
                 scrollPane = new javax.swing.JScrollPane();
                 mvTable = new javax.swing.JTable();
                
                 mvTable.setFont(new java.awt.Font("Dialog", 0, 10));
                 mvTable.setModel(new javax.swing.table.DefaultTableModel(
                 new Object [][] {
                
                 },
                 new String [] {
                 "-"
                 }
                 ) {
                 boolean[] canEdit = new boolean [] {
                 false
                 };
                
                 public boolean isCellEditable(int rowIndex, int columnIndex) {
                 return canEdit [columnIndex];
                 }
                 });
                 mvTable.setAutoResizeMode(javax.swing.JTable.AUTO_RESIZE_OFF);
                 mvTable.setDoubleBuffered(true);
                 mvTable.setEditingColumn(0);
                 scrollPane.setViewportView(mvTable);
                
                 getContentPane().add(scrollPane, java.awt.BorderLayout.CENTER);
                
                 }
                
                
                 public void setGridColumns() {
                 // Not ideal. This is temporary.//
                 StringTokenizer stNames = new StringTokenizer(this.getParameter("label"), ",");
                 StringTokenizer stEdit = new StringTokenizer(this.getParameter("writeable"), ",");
                 StringTokenizer stKey = new StringTokenizer(this.getParameter("key"), ",");
                 StringTokenizer stSize = new StringTokenizer(this.getParameter("size"), ",");
                
                 if(tcol == null) {
                 tcol = new DefaultTableColumnModel();
                 }
                
                 if(tmodel == null) {
                 tmodel = new DefaultTableModel();
                 tmodel.setColumnCount(stNames.countTokens());
                 mvTable.setModel(tmodel);
                 }
                
                
                 System.out.println("Setting "+stNames.countTokens()+" columns.");
                
                 columns = new ColumnParticle[stNames.countTokens()];
                 titles = new String[stNames.countTokens()];
                 colWriteable = new boolean[stNames.countTokens()];
                 mvGrid = new Object[0][stNames.countTokens()];
                
                 int x=0;
                 while(stNames.hasMoreTokens()) {
                
                 String rname = stNames.nextToken();
                 String redit = stEdit.nextToken();
                 String rkey = stKey.nextToken();
                 String rsize = stSize.nextToken();
                
                 columns[x] = new ColumnParticle();
                 columns[x].setLabel(rname);
                 columns[x].setEditable(Boolean.valueOf(redit).booleanValue());
                 columns[x].setKey(Boolean.valueOf(rkey).booleanValue());
                 System.out.println("Column "+x+" key? "+columns[x].isKey());
                 columns[x].setSize(Integer.parseInt(rsize));
                 columns[x].setIndex(x);
                 titles[x] = columns[x].getLabel();
                 colWriteable[x] = columns[x].isEditable();
                 TableColumn col = columns[x].toColumn();
                
                 if(columns[x].isKey()) {
                 System.out.println("Setting editor for column "+x);
                 DefaultCellEditor editor = new DefaultCellEditor(new JTextField());
                
                 editor.addCellEditorListener(new CellEditorListener() {
                 public void editingCanceled(ChangeEvent evt) {
                
                 }
                 public void editingStopped(ChangeEvent evt) {
                 validate();
                 }
                 });
                
                 col.setCellEditor(editor);
                 }
                
                 tcol.addColumn(col);
                 x++;
                 }
                 mvTable.setColumnModel(tcol);
                
                 stNames = null;
                 stEdit = null;
                 stKey = null;
                 stSize = null;
                 }
                
                 public void finalize() {
                 try {
                 super.finalize();
                 }
                 catch(Throwable e) {
                 e.printStackTrace();
                 }
                 mvGrid = null;
                 titles = null;
                 this.destroy();
                 }
                
                 public void addRow() {
                 new Thread() {
                 public void run() {
                 synchronized(tmodel) {
                 tmodel.addRow(new Object[columns.length]);
                 }
                 }
                 }.start();
                 }
                
                 public void deleteRow() {
                 int[] i = mvTable.getSelectedRows();
                 if( i.length > 0) {
                 for(int x=0; x<i.length; x++) {
                 tmodel.removeRow(i[x]-x);
                 }
                 }
                 mvTable.repaint();
                 }
                
                 public void debugJSObject(Object obj) {
                 System.out.println("OBJECT: "+obj+" TYPE: "+obj.getClass().getName());
                 }
                
                 public void insertRow() {
                 tmodel.insertRow(mvTable.getSelectedRow(), new Object[columns.length]);
                 }
                
                 public String getKeys() {
                 int keyCol = 0;
                 int rows = tmodel.getRowCount();
                 StringBuffer sbuff = new StringBuffer();
                
                 // Consider firing the stop edit event here. -SCP//
                
                 colIterator: for(int x=0; x<columns.length; x++) {
                 if(columns[x].isKey()) {
                 keyCol = x;
                 break colIterator;
                 }
                 }
                
                 for(int x=0; x<rows; x++) {
                 sbuff.append(tmodel.getValueAt(x, keyCol)+",");
                 }
                
                 return sbuff.toString();
                 }
                
                 public void validate() {
                
                 final int col = mvTable.getSelectedColumn();
                 final int row = mvTable.getSelectedRow();
                 final String value = mvTable.getValueAt(row,col) != null?(String)mvTable.getValueAt(row,col):null;
                 if(value != null) {
                 new Thread() {
                 public void run() {
                 synchronized(tmodel) {
                 LLR295Facade facade = getLLR295Facade();
                 ValueObject params = new ValueObject();
                 try {
                 params.setElement(1,0,0, "COMPANY.MASTER;1");
                 params.setElement(2,0,0, "value");
                 }
                 catch(SystemException e) {
                 e.printStackTrace();
                 }
                 System.out.println("AADataRemoteHome recieved.");
                
                 try {
                 //System.setProperty("java.security.debug", "access,failure");
                 ArrayList result = facade.getAAData("123456987",params, getLoginConfig());
                 //AAData dat = (AAData)result.get(0);
                 //tmodel.setValueAt(dat.getDescription()+"", row, col+1);
                 }
                 catch(ApplicationException e) {
                 tmodel.setValueAt(e.getMessage(), row, col+1);
                 }
                 catch(RemoteException e) {
                 e.printStackTrace();
                 }
                 }
                 }
                 }.start();
                 }
                 }
                
                 private LLR295Facade getLLR295Facade() {
                 String host = this.getCodeBase().getHost ();
                
                 Properties p = new Properties();
                 //p.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
                 p.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
                 p.put("java.naming.provider.url", host);
                 //p.put(Context.PROVIDER_URL, host);
                 p.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
                 //p.put(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces");
                
                 // Need JNDI Setup Params for this Applet! -SCP//
                 try {
                 if(llrFacade == null) {
                 InitialContext context = new InitialContext(p);
                 Object ref = null;
                 LLR295FacadeHome home = null;
                
                
                 //DEBUG//
                 System.out.println("Looking up context: LLR295FacadeBean");
                 ref = context.lookup("LLR295FacadeBean");
                
                 home = (LLR295FacadeHome)PortableRemoteObject.narrow(ref, LLR295FacadeHome.class);
                
                 //DEBUG//
                 System.out.println("Home interface recieved.");
                 llrFacade = (LLR295Facade)home.create();
                 }
                 return llrFacade;
                 }
                 catch(NamingException e) {
                 System.out.println("LLR295Facade[NamingException]: Failed to load facade bean. msg="+e.getMessage());
                 e.printStackTrace();
                 return null;
                 }
                 catch(CreateException e) {
                 System.out.println("LLR295Facade[CreateException]: Failed to load facade bean. msg="+e.getMessage());
                 e.printStackTrace();
                 return null;
                 }
                 catch(RemoteException e) {
                 System.out.println("LLR295Facade[RemoteException]: Failed to load facade bean. msg="+e.getMessage());
                 e.printStackTrace();
                 return null;
                 }
                 }
                
                 private LoginConfig getLoginConfig() {
                 if(config == null) {
                 config = new SimpleLoginConfig();
                 config.setAcctPath("uojSB.DEMO");
                 config.setHostIP("helios");
                 config.setSysUserId("unidata");
                 config.setSysPassword("query1");
                 config.setAppUserId("bqt1");
                 config.setAppPassword("XXXX");
                 }
                 return config;
                 }
                 private LoginConfig config;
                 private LLR295Facade llrFacade;
                 private DefaultTableColumnModel tcol;
                 private DefaultTableModel tmodel;
                 private ColumnParticle[] columns;
                 private volatile String currentCell;
                 private ArrayList rows;
                 private Object[][] mvGrid;
                 private String[] titles;
                 private boolean[] colWriteable;
                
                 // Variables declaration - do not modify
                 private javax.swing.JTable mvTable;
                 private javax.swing.JScrollPane scrollPane;
                 // End of variables declaration
                
                }
                


                [exception]
                Looking up context: LLR295FacadeBean

                Home interface recieved.

                java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)

                at java.security.AccessControlContext.checkPermission(Unknown Source)

                at java.security.AccessController.checkPermission(Unknown Source)

                at java.lang.SecurityManager.checkPermission(Unknown Source)

                at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.java:112)

                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:39)

                at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)

                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)

                at $Proxy0.create(Unknown Source)

                at com.paradigm.applet.MVGrid.getLLR295Facade(Unknown Source)

                at com.paradigm.applet.MVGrid.access$300(Unknown Source)

                at com.paradigm.applet.MVGrid$5.run(Unknown Source)
                [/exception]