[jboss-jira] [JBoss JIRA] Commented: (EJBTHREE-491) @RunAs + @Management/Service not working - @SecurityDomain ignored?
Manuel Duran Aguete (JIRA)
jira-events at lists.jboss.org
Fri Mar 9 07:50:31 EST 2007
[ http://jira.jboss.com/jira/browse/EJBTHREE-491?page=comments#action_12355607 ]
Manuel Duran Aguete commented on EJBTHREE-491:
----------------------------------------------
The same issue here with Jboss-4.0.5.GA jems installer with ejb3.
Resolved using:
@Service(objectName="myservice")
@SecurityDomain("MySecurityDomain")
//@RunAs("service") <--Doesn't work's
public class MyService implements MyServiceMBean {
...
...
}
jboss.xml:
<jboss>
<!-- <security-domain>java:/jaas/MySecurityDomain</security-domain> -->
<unauthenticated-principal>anonymous</unauthenticated-principal>
...
...
</jboss>
> @RunAs + @Management/Service not working - @SecurityDomain ignored?
> -------------------------------------------------------------------
>
> Key: EJBTHREE-491
> URL: http://jira.jboss.com/jira/browse/EJBTHREE-491
> Project: EJB 3.0
> Issue Type: Bug
> Components: EJB3 Extensions
> Affects Versions: EJB 3.0 RC5 - PFD
> Environment: JBoss AS 4.0.4RC1 vanilla
> Reporter: Jens Elkner
> Fix For: EJB 3.0 RC6 - PFD
>
>
> I'm trying to run a @Service with a special role, so that it is able to access other beans, but @SecurityDomain seems to be ignored and thus the service is not started.
> E.g.:
> @Service
> @SecurityDomain("shared")
> @RunAs("staff")
> public class UpdateService
> implements UpdateServiceM
> {
> ...
> }
> @Local
> @Management
> public interface UpdateServiceM {
> ... // defines e.g. start() and stop(), but not create() and destroy()
> }
> @Stateless
> @SecurityDomain("shared")
> @RolesAllowed("staff")
> public class UpdateServiceSB implements UpdateServiceDaoL {
> ...
> }
> @Local
> public interface UpdateServiceDaoL extends UpdateServiceDao {
> ...
> }
> All SBs/IFs are part of the same foo.ear .
> Deployment Exception:
> 2006-03-28 23:43:26,263 WARN [ScannerThread:org.jboss.system.ServiceController:424] - Problem starting service jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
> javax.ejb.EJBAccessException: Authentication failure
> at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:46)
> at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
> at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
> at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
> at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
> at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:174)
> at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:142)
> at org.jboss.ejb3.service.ServiceMBeanDelegate.invoke(ServiceMBeanDelegate.java:166)
> at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
> at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
> at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:991)
> at $Proxy0.start(Unknown Source)
> ...
> Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
> at org.jboss.security.Util.createPasswordHash(Util.java:407)
> at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:367)
> at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:195)
> ...
> 2006-03-28 23:53:25,969 ERROR [main:org.jboss.deployment.scanner.URLDeploymentScanner:548] - Incomplete Deployment listing:
> --- MBeans waiting for other MBeans ---
> ObjectName: jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
> State: FAILED
> Reason: javax.ejb.EJBAccessException: Authentication failure
> --- MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM ---
> ObjectName: jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
> State: FAILED
> Reason: javax.ejb.EJBAccessException: Authentication failure
> ...
> Actually I'm wondering, why the UsernamePasswordLoginModule appears in the stack trace, because @SecurityDomain("shared") is defined as:
> ...
> <application-policy name="@security.domain@">
> <authentication>
> <login-module
> code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
> flag="required">
> <module-option name="dsJndiName">java:/@security.ds@</module-option>
> <module-option name="principalsQuery"
> >SELECT passwd FROM users WHERE login=? AND (ISNULL(expire) OR (UNIX_TIMESTAMP() - (expire/1000) < 0))</module-option>
> <module-option name="rolesQuery"
> >SELECT r.name, 'Roles' FROM users u, roles r, user2role m WHERE u.login=? AND u.uid=m.users_uid AND m.roles_gid=r.gid</module-option>
> <module-option name="hashAlgorithm">MD5</module-option>
> <module-option name="hashEncoding">base64</module-option>
> </login-module>
> </authentication>
> </application-policy>
> ...
> So no UsernamePasswordLoginModule at all. Finally my guess is, that @SecurityDomain is completely ignored during deployment and that's why the start fails....
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list