[jboss-user] [EJB/JBoss] - javax.ejb.EJBAccessException: Authentication failure

Usul do-not-reply at jboss.com
Tue Jun 17 18:53:28 EDT 2008


Hi,

Im trying to do authentication (ejb 3.0, jboss-4.2.2.GA).

Im getting this error:
anonymous wrote : 
  | Exception in thread "main" javax.ejb.EJBAccessException: Authentication failure
  | 	at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
  | 	at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
  | 	at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
  | 	at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
  | 	at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
  | 	at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
  | 	at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:573)
  | 	at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:373)
  | 	at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
  | 	at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:163)
  | 	at org.jboss.remoting.Client.invoke(Client.java:1634)
  | 	at org.jboss.remoting.Client.invoke(Client.java:548)
  | 	at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
  | 	at $Proxy0.sub(Unknown Source)
  | 	at myclient.Client.main(Client.java:44)
  | 	at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:74)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
  | 	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  | 	at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
  | 	at $Proxy0.sub(Unknown Source)
  | 	at myclient.Client.main(Client.java:44)
  | 

That is my Client:


  | package myclient;
  | 
  | import java.rmi.RMISecurityManager;
  | import java.util.Properties;
  | 
  | import javax.naming.InitialContext;
  | import javax.security.auth.login.LoginContext;
  | import javax.security.auth.login.LoginException;
  | 
  | import myserv.IDoSomethingBean;
  | 
  | import org.jboss.security.auth.callback.UsernamePasswordHandler;
  | 
  | public class Client
  | {
  | 
  | 	   public static void main(String[] args) throws Exception
  | 	   {	
  | 		   System.setProperty("java.security.policy", "F:\\rmi.policy");
  | 		   System.setProperty("java.security.auth.login.config", "F:\\jaas.config");
  | 		   if (System.getSecurityManager() == null) {
  | 			   System.setSecurityManager(new RMISecurityManager());
  | 			 }
  | 
  | 		   Properties properties = new Properties();		
  | 		   properties.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");			
  | 		   properties.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");		
  | 		   properties.put("java.naming.provider.url","localhost:1099");
  | 		      
  | 		   UsernamePasswordHandler handler = null;
  | 	       handler = new UsernamePasswordHandler("kermit", "thefrog");
  | 		   LoginContext lc = new LoginContext("steffendom", handler);
  | 
  | 		   try {
  | 		       lc.login();
  | 		   } catch(LoginException e) {
  | 		       System.out.println("authentication failed");
  | 		       e.printStackTrace();
  | 		   }
  | 		   
  | 	      InitialContext ctx = new InitialContext(properties);
  | 	      IDoSomethingBean calculator = (IDoSomethingBean) ctx.lookup("DoSomethingBean/remote");
  | 
  | 	      System.out.println("9 - 5 = " + calculator.sub(9, 5));
  | 	      
  | 	   // Scope of work complete, logout to remove authentication info
  | 	      try {
  | 	          lc.logout();
  | 	      } catch(LoginException e) {
  | 	          System.out.println("logout failed");
  | 	          e.printStackTrace();
  | 	      }
  | 
  | 	   }
  | }
  | 

Im starting jboss with "run -c all".

This is my \server\all\conf\login-config.xml

anonymous wrote : 
  | <?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | 
  | <!-- The XML based JAAS login configuration read by the
  | org.jboss.security.auth.login.XMLLoginConfig mbean. Add
  | an application-policy element for each security domain.
  | 
  | The outline of the application-policy is:
  | <application-policy name="security-domain-name">
  |   
  |     <login-module code="login.module1.class.name" flag="control_flag">
  |       <module-option name = "option1-name">option1-value</module-option>
  |       <module-option name = "option2-name">option2-value</module-option>
  |       ...
  |     </login-module>
  | 
  |     <login-module code="login.module2.class.name" flag="control_flag">
  |       ...
  |     </login-module>
  |     ...
  |   
  | </application-policy>
  | 
  | $Revision: 64598 $
  | -->
  | 
  | 
  |     <!-- Used by clients within the application server VM such as
  |     mbeans and servlets that access EJBs.
  |     -->
  |     <application-policy name = "client-login">
  |        
  |           <login-module code = "org.jboss.security.ClientLoginModule"
  |              flag = "required">
  |              <!-- Any existing security context will be restored on logout -->
  |              <module-option name="restore-login-identity">true</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <!-- Security domain for JBossMQ -->
  |     <application-policy name = "jbossmq">
  |        
  |           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "dsJndiName">java:/DefaultDS</module-option>
  |              <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
  |              <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <!-- Security domain for JBossMQ when using file-state-service.xml
  |     <application-policy name = "jbossmq">
  |        
  |           <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  |     -->
  | 
  |     <!-- Security domains for testing new jca framework -->
  |     <application-policy name = "HsqlDbRealm">
  |        
  |           <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
  |              flag = "required">
  |              <module-option name = "principal">sa</module-option>
  |              <module-option name = "userName">sa</module-option>
  |              <module-option name = "password"></module-option>
  |              <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <application-policy name = "JmsXARealm">
  |        
  |           <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
  |              flag = "required">
  |              <module-option name = "principal">guest</module-option>
  |              <module-option name = "userName">guest</module-option>
  |              <module-option name = "password">guest</module-option>
  |              <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <!-- A template configuration for the jmx-console web application. This
  |       defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  |     <application-policy name = "jmx-console">
  |        
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required">
  |            <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
  |            <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <!-- A template configuration for the web-console web application. This
  |       defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  |     <application-policy name = "web-console">
  |        
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required">
  |              <module-option name="usersProperties">web-console-users.properties</module-option>
  |              <module-option name="rolesProperties">web-console-roles.properties</module-option>
  |           </login-module>
  |        
  |     </application-policy>
  | 
  |     <!--
  |       A template configuration for the JBossWS security domain.
  |       This defaults to the UsersRolesLoginModule the same as other and should be
  |       changed to a stronger authentication mechanism as required.
  |     -->
  |     <application-policy name="JBossWS">
  |       
  |         <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |           flag="required">
  |           <module-option name="usersProperties">props/jbossws-users.properties</module-option>
  |           <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
  |           <module-option name="unauthenticatedIdentity">anonymous</module-option>
  |         </login-module>
  |       
  |     </application-policy>
  | 
  |     <!-- The default login configuration used by any security domain that
  |     does not have a application-policy entry with a matching name
  |     -->
  |     <application-policy name = "other">
  |        <!-- A simple server login module, which can be used when the number
  |        of users is relatively small. It uses two properties files:
  |        users.properties, which holds users (key) and their password (value).
  |        roles.properties, which holds users (key) and a comma-separated list of
  |        their roles (value).
  |        The unauthenticatedIdentity property defines the name of the principal
  |        that will be used when a null username and password are presented as is
  |        the case for an unuathenticated web client or MDB. If you want to
  |        allow such users to be authenticated add the property, e.g.,
  |        unauthenticatedIdentity="nobody"
  |        -->
  |        
  |           <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required" />
  |        
  |     </application-policy>
  |     
  | 	<application-policy name="steffendom">
  | 	  
  | 	    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  | 	      flag="required">
  | 	      <module-option name="usersProperties">users.properties</module-option>
  | 	      <module-option name="rolesProperties">roles.properties</module-option>
  | 	    </login-module>
  | 	  
  |     	</application-policy>
  | 
  | 
  | 

My users.properties:
anonymous wrote : 
  | # A sample users.properties file for use with the UsersRolesLoginModule
  | kermit=thefrog
  | 

My roles.properties:
anonymous wrote : 
  | # A sample roles.properties file for use with the UsersRolesLoginModule
  | kermit=friend
  | 

I placed these two files in \server\all\conf and in \server\all\conf\props and in the jar where my (ejb 3.0) bean is located, just to be sure.

My rmi.policy:
anonymous wrote : 
  | grant
  | {
  |   permission java.security.AllPermission;
  | };
  | 

My jaas.config:
anonymous wrote : 
  | steffendom {  org.jboss.security.auth.spi.UsersRolesLoginModule required;};
  | 

And just to be complete, my two Bean-Classes:


  | package myserv;
  | 
  | import javax.ejb.Stateless;
  | import org.jboss.annotation.security.SecurityDomain;
  | import javax.annotation.security.PermitAll;
  | import javax.annotation.security.RolesAllowed;
  | 
  | @Stateless
  | @SecurityDomain("steffendom")
  | public class DoSomethingBean implements IDoSomethingBean
  | {
  | 	   @RolesAllowed({"friend"})
  |        public int add(int a, int b)
  |        {
  |                return a+b;
  |        }
  | 
  |        @PermitAll
  |        public int sub(int a, int b)
  |        {
  |                return a-b;
  |        }
  | }
  | 


  | package myserv;
  | 
  | 
  | import javax.ejb.*;
  | 
  | @Remote
  | public interface IDoSomethingBean {
  | 	public int add(int a, int b);
  | 	public int sub(int a, int b);
  | }
  | 


Please help, I googeld every site there is.  I dont know what more I can do.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158845#4158845

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158845



More information about the jboss-user mailing list