1 2 Previous Next 19 Replies Latest reply on Apr 24, 2008 1:14 PM by Scott Stark

    Security EJB2 and dependencies

    Adrian Brock Master

      If you run the pooled tests in JBoss5

      ./build.sh test -Dtest=pooled -Dnojars=t
      


      you will see it fails with

      16:20:26,857 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:366)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:563)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:497)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
       at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:76)
       at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:301)
       at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:238)
       at org.jboss.ejb.plugins.SSLSessionInterceptor.invokeHome(SSLSessionInterceptor.java:53)
       at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
       at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:640)
       at org.jboss.ejb.Container.invoke(Container.java:1031)
       at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
       at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
       at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
       at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
       at org.jboss.invocation.pooled.server.PooledInvoker$MBeanServerAction.invoke(PooledInvoker.java:896)
       at org.jboss.invocation.pooled.server.PooledInvoker.invoke(PooledInvoker.java:383)
       at org.jboss.invocation.pooled.server.ServerThread.processInvocation(ServerThread.java:233)
       at org.jboss.invocation.pooled.server.ServerThread.dorun(ServerThread.java:275)
       at org.jboss.invocation.pooled.server.ServerThread.run(ServerThread.java:156)
      


      This is because it has been configured to use the ssl-pooled domain which is hot
      deployed with the ejbs, but it is actually using the "other" domain.

      I'd guess this is because org.jboss.ejb.plugins.SecurityInterceptor
      is not respecting the jmx dependency rules.
      i.e. it is trying to retrieve the SecurityDomain in setContainer() instead of start()
      setContainer() is invoked from EJB.create()

       public void setContainer(Container container)
       {
      ...
      
      // HERE This is invoked from EJB.create() which is too early since
      the SecurityDomain is not deployed until start()
      
       if(securityManager != null)
       {
       appSecurityDomain = securityManager.getSecurityDomain();
       appSecurityDomain = SecurityUtil.unprefixSecurityDomain(appSecurityDomain);
       }
       }
       }
      


      From the debug logging

      
      This is where it tries to retrieve the security domain:
      
      2008-04-22 16:20:25,185 DEBUG [org.jboss.ejb.StatelessSessionContainer] (RMI TCP Connection(6)-127.0.0.1) Creating jboss.j2ee:jndiName=StatelessSessionWithPooledSSL,se
      rvice=EJB
      
      This is where the security domain is actually deployed
      
      2008-04-22 16:20:25,198 DEBUG [org.jboss.security.plugins.JaasSecurityDomain] (RMI TCP Connection(6)-127.0.0.1) Starting jboss.security:service=JaasSecurityDomain,doma
      in=pooled-ssl
      2008-04-22 16:20:25,201 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] (RMI TCP Connection(6)-127.0.0.1) Added pooled-ssl, org.jboss.security.plugins.Ja
      asSecurityDomain@18441c1 to map
      2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.pooled-ssl] (RMI TCP Connection(6)-127.0.0.1) CachePolicy set to: org.jboss.util
      .TimedCachePolicy@1f90a95
      2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] (RMI TCP Connection(6)-127.0.0.1) setCachePolicy, c=org.jboss.util.TimedCachePoli
      cy@1f90a95
      2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.JaasSecurityDomain] (RMI TCP Connection(6)-127.0.0.1) Started jboss.security:service=JaasSecurityDomain,domai
      n=pooled-ssl
      
      This is where it should be retrieved
      
      2008-04-22 16:20:25,269 DEBUG [org.jboss.ejb.StatelessSessionContainer] (RMI TCP Connection(6)-127.0.0.1) Started jboss.j2ee:jndiName=StatelessSessionWithPooledSSL,ser
      vice=EJB
      


        1 2 Previous Next