[jboss-as7-dev] newbie question about secured remote ejb invoke
Joseph
wutongjoe at gmail.com
Thu Mar 1 04:58:26 EST 2012
Hi all,
I have tried many days but failed finding where my problem is. The
scenario is to invoke remote secured ejb on JBAS 7.1 final
=====================server side stuff below ===================
modification to "standalone-full-ha.xml"
<security-realm name="ApplicationRealm">
<authentication>
<properties path="application-users.properties"
relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
....
<subsystem xmlns="urn:jboss:domain:remoting:1.1">
<connector name="remoting-connector" socket-binding="remoting"
security-realm="ApplicationRealm">
<sasl>
<policy>
<no-anonymous value="true"/>
<no-plain-text value="false"/>
<pass-credentials value="true"/>
</policy>
</sasl>
</connector>
</subsystem>
....
<security-domain name="my-security-domain"
cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles"
flag="required">
<module-option name="usersProperties"
value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties"
value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm"
value="ApplicationRealm"/>
<module-option name="password-stacking"
value="useFirstPass"/>
</login-module>
</authentication>
</security-domain>
-------------------------------------------------------------------------------------------------------------
application-roles.properties:
test123=aabdd69afca03e09fc05b7539c62818d
-------------------------------------------------------------------------------------------------------------
application-users.properties:
test123=testrole
------------------------------------------------------------------------------------------------------------
@Stateless(name = "wutong_test_hello")
@Clustered
@Remote(HellowWorldRemote.class)
@Local(HellowWorldLocal.class)
@SecurityDomain(value = "my-security-domain")
public class HellowWorldImpl implements HellowWorldRemote, HellowWorldLocal
{
@RolesAllowed(value = { "testrole" })
public String hello(String name) {
String ret = "hello: " + name +" , "+ctx.getCallerPrincipal().getName();
log.info(ret + ",hashcode:" + hashCode());
return ret;
}
}
----------------------------------------------------------------------------------------------------------------------------
public interface HellowWorldRemote {
String hello(String name);
}
----------------------------------------------------------------------------------------------------------------------------
public interface HellowWorldLocal {
String hello(String name);
}
=========================client side stuff
below=================================
jboss-ejb-client.properties:
endpoint.name=my_end_point
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=127.0.0.1
remote.connection.default.port=4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
remote.connection.default.username=test123
remote.connection.default.password=test
remote.clusters=ejb
remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
remote.cluster.ejb.username=test123
remote.cluster.ejb.password=test
------------------------------------------------------------------------------------------------
Properties props = new Properties();
props.put(Context.URL_PKG_PREFIXES,"org.jboss.ejb.client.naming");
context = new InitialContext(props);
HellowWorldRemote
remo=(HellowWorldRemote)context.lookup("ejb:/testEJB//wutong_test_hello!com.biz.ejb.face.HellowWorldRemote",
HellowWorldRemote.class);
log.info(remo.hello(Long.toString(System.currentTimeMillis())));
------------------------------------------------------------------------------------------------
I always get the following exception stacks bath on server side and client
side :
16:58:53,157 ERROR [org.jboss.ejb3.invocation] (EJB default - 2)
JBAS014134: EJB Invocation failed on component wutong_test_hello for method
public abstract java.lang.String
com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String):
javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public
abstract java.lang.String
com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String) of bean:
wutong_test_hello is not allowed
at
org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
[jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
[jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at
org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
[jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165)
[jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:300)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at
org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:194)
[jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
[rt.jar:1.6.0_25]
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
[rt.jar:1.6.0_25]
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
[rt.jar:1.6.0_25]
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
[rt.jar:1.6.0_25]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
[rt.jar:1.6.0_25]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_25]
at org.jboss.threads.JBossThread.run(JBossThread.java:122)
the principal name from
org.jboss.as.security.service.SimpleSecurityManager.getCallerPrincipal() is
"$local" ,so that I doubt I did not pass username "test123" to remote
server successfully....
any idea what is wrong ? or what configuration files did I miss ?
thank you very much
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-as7-dev/attachments/20120301/bed5711b/attachment.html
More information about the jboss-as7-dev
mailing list