[jboss-as7-dev] newbie question about secured remote ejb invoke

Jaikiran Pai jpai at redhat.com
Thu Mar 1 05:01:21 EST 2012 

Let's continue in the user forums where we are already discussing this 
https://community.jboss.org/thread/196169?tstart=0

-Jaikiran
On Thursday 01 March 2012 03:28 PM, Joseph wrote:
> Hi all,
> I have tried many days but failed finding where my problem is.  The 
> scenario is to invoke remote secured ejb on JBAS 7.1 final
> =====================server side stuff below ===================
> modification to "standalone-full-ha.xml"
> <security-realm name="ApplicationRealm">
> <authentication>
> <properties path="application-users.properties" 
> relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
> ....
> <subsystem xmlns="urn:jboss:domain:remoting:1.1">
> <connector name="remoting-connector" socket-binding="remoting" 
> security-realm="ApplicationRealm">
> <sasl>
> <policy>
> <no-anonymous value="true"/>
> <no-plain-text value="false"/>
> <pass-credentials value="true"/>
> </policy>
> </sasl>
> </connector>
> </subsystem>
> ....
> <security-domain name="my-security-domain" cache-type="default">
> <authentication>
> <login-module code="Remoting" flag="optional">
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> <login-module code="RealmUsersRoles" flag="required">
> <module-option name="usersProperties" 
> value="${jboss.server.config.dir}/application-users.properties"/>
> <module-option name="rolesProperties" 
> value="${jboss.server.config.dir}/application-roles.properties"/>
> <module-option name="realm" value="ApplicationRealm"/>
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> </authentication>
> </security-domain>
> -------------------------------------------------------------------------------------------------------------
> application-roles.properties:
>
> test123=aabdd69afca03e09fc05b7539c62818d
> -------------------------------------------------------------------------------------------------------------
> application-users.properties:
> test123=testrole
> ------------------------------------------------------------------------------------------------------------
> @Stateless(name = "wutong_test_hello")
> @Clustered
> @Remote(HellowWorldRemote.class)
> @Local(HellowWorldLocal.class)
> @SecurityDomain(value = "my-security-domain")
> public class HellowWorldImpl implements HellowWorldRemote, 
> HellowWorldLocal {
> @RolesAllowed(value = { "testrole" })
> public String hello(String name) {
> String ret = "hello: " + name +" , "+ctx.getCallerPrincipal().getName();
> log.info <http://log.info> (ret + ",hashcode:" + hashCode());
> return ret;
> }
> }
> ----------------------------------------------------------------------------------------------------------------------------
> public interface HellowWorldRemote {
> String hello(String name);
> }
> ----------------------------------------------------------------------------------------------------------------------------
> public interface HellowWorldLocal {
> String hello(String name);
> }
> =========================client side stuff 
> below=================================
> jboss-ejb-client.properties:
> endpoint.name <http://endpoint.name>=my_end_point
> remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
> remote.connections=default
> remote.connection.default.host=127.0.0.1
> remote.connection.default.port=4447
> remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
> remote.connection.default.username=test123
> remote.connection.default.password=test
>
> remote.clusters=ejb
> remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
> remote.cluster.ejb.username=test123
> remote.cluster.ejb.password=test
> ------------------------------------------------------------------------------------------------
>   Properties props = new Properties();
>   props.put(Context.URL_PKG_PREFIXES,"org.jboss.ejb.client.naming");
>   context = new InitialContext(props);
>
>    HellowWorldRemote 
> remo=(HellowWorldRemote)context.lookup("ejb:/testEJB//wutong_test_hello!com.biz.ejb.face.HellowWorldRemote", 
> HellowWorldRemote.class);
> log.info 
> <http://log.info>(remo.hello(Long.toString(System.currentTimeMillis())));
> ------------------------------------------------------------------------------------------------
> I always get the following exception stacks bath on server side and 
> client side :
> 16:58:53,157 ERROR [org.jboss.ejb3.invocation] (EJB default - 2) 
> JBAS014134: EJB Invocation failed on component wutong_test_hello for 
> method public abstract java.lang.String 
> com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String): 
> javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public 
> abstract java.lang.String 
> com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String) of bean: 
> wutong_test_hello is not allowed
>  at 
> org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) 
> [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) 
> [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) 
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at 
> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:300) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:194) 
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at 
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_25]
>  at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) 
> [rt.jar:1.6.0_25]
>  at java.util.concurrent.FutureTask.run(FutureTask.java:138) 
> [rt.jar:1.6.0_25]
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) 
> [rt.jar:1.6.0_25]
>  at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) 
> [rt.jar:1.6.0_25]
>  at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_25]
>  at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>
>  the principal name from 
> org.jboss.as.security.service.SimpleSecurityManager.getCallerPrincipal() 
> is "$local" ,so that I doubt I did not pass username "test123" to 
> remote server successfully....
> any idea what is wrong ? or what configuration files did I miss ?
> thank you very much
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

More information about the jboss-as7-dev mailing list