[jboss-user] [Security] - Re: Caller unauthorized on using a ejb3 statetlesssessionbea
praenti
do-not-reply at jboss.com
Wed Oct 14 08:07:38 EDT 2009
ok. WebAuthentication is working. I had to create the jboss-web.xml and added there the security-domain. Now my Login module is running.
But the original error is still present. Using a Servlet which does WebAuthentication.
The error:
| 13:59:50,370 INFO [SpiiderLoginModule] LdapLoginModule, dsJndiName=cancardviewe
| rDS
| 13:59:50,370 INFO [SpiiderLoginModule] rolesQuery=SELECT u.userid, r."role" FRO
| M "security".application_user u, "security".application_role r, "security".user_
| role ur WHERE u.userid = ? AND u.userid = ur.user_id AND ur.role_id = r."role"
| 13:59:50,370 INFO [SpiiderLoginModule] defaultRole=RegularUser
| 13:59:50,370 INFO [SpiiderLoginModule] trying dn: uid=extern.michael.obster, ou
| =xxx,ou=People,ou=Access
| 13:59:50,370 INFO [SpiiderLoginModule] Logging into LDAP server, env={java.nami
| ng.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, dsJndiName=cancardviewerDS,
| rolesQuery=SELECT u.userid, r."role" FROM "security".application_user u, "secur
| ity".application_role r, "security".user_role ur WHERE u.userid = ? AND u.userid
| = ur.user_id AND ur.role_id = r."role", java.naming.security.principal=uid=exte
| rn.michael.obster, ou=xxx,ou=People,ou=Access, jboss.security.security_domai
| n=cancardDomain, java.naming.provider.url=ldap://xxxxxxx, java.namin
| g.security.authentication=simple, java.naming.security.credentials=***, principa
| l.dn.groups=ou=xxxxxx
| ,ou=People,ou=Access:ou=External,ou=People,ou=Access}
| 13:59:50,401 INFO [SpiiderLoginModule] Failed to log into LDAP server. [LDAP: e
| rror code 32 - No Such Object]
| 13:59:50,401 INFO [SpiiderLoginModule] trying dn: uid=extern.michael.obster, ou
| =External,ou=People,ou=Access
| 13:59:50,401 INFO [SpiiderLoginModule] Logging into LDAP server, env={java.nami
| ng.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, dsJndiName=cancardviewerDS,
| rolesQuery=SELECT u.userid, r."role" FROM "security".application_user u, "secur
| ity".application_role r, "security".user_role ur WHERE u.userid = ? AND u.userid
| = ur.user_id AND ur.role_id = r."role", java.naming.security.principal=uid=exte
| rn.michael.obster, ou=External,ou=People,ou=Access, jboss.security.security_doma
| in=cancardDomain, java.naming.provider.url=ldap://xxxxxxxx, java.nami
| ng.security.authentication=simple, java.naming.security.credentials=***, princip
| al.dn.groups=ou=xxxxxx
| ,ou=People,ou=Access:ou=External,ou=People,ou=Access}
| 13:59:50,417 INFO [SpiiderLoginModule] Logged into LDAP server, javax.naming.ld
| ap.InitialLdapContext at 1a21699
| 13:59:50,480 INFO [SpiiderLoginModule] getRoleSets using rolesQuery: SELECT u.u
| serid, r."role" FROM "security".application_user u, "security".application_role
| r, "security".user_role ur WHERE u.userid = ? AND u.userid = ur.user_id AND ur.r
| ole_id = r."role", gid: 99A44E672EA8C49B
| 13:59:50,511 DEBUG [SpiiderLoginModule] Principal: AdminUser
| 13:59:50,542 INFO [LoginServlet] Login sucessfull
| 13:59:51,011 ERROR [[LoginServlet]] Servlet.service() for servlet LoginServlet t
| hrew exception
| javax.ejb.EJBAccessException: Caller unauthorized
| at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(Ro
| leBasedAuthorizationInterceptorv2.java:199)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3Au
| thenticationInterceptorv2.java:186)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterce
| ptor.java:41)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContaine
| rShutdownInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invo
| ke(CurrentInvocationInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessCo
| ntainer.java:421)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invokeLocal(IsLocalInterce
| ptor.java:85)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.
| java:72)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.
| java:102)
| at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62)
| at $Proxy344.invoke(Unknown Source)
| at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
| erBase.invoke(SessionProxyInvocationHandlerBase.java:207)
| at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandl
| erBase.invoke(SessionProxyInvocationHandlerBase.java:164)
| at $Proxy343.getAllRoles(Unknown Source)
| at vwg.audi.cancard.webservlet.LoginServlet.serveRequest(LoginServlet.ja
| va:61)
| at vwg.audi.cancard.webservlet.LoginServlet.doGet(LoginServlet.java:29)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
| lter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
| icationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
| ilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
| alve.java:235)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
| alve.java:191)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
| yAssociationValve.java:190)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
| e.java:92)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.proce
| ss(SecurityContextEstablishmentValve.java:126)
| at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invok
| e(SecurityContextEstablishmentValve.java:70)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
| ava:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
| ava:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
| onnectionValve.java:158)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
| ve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
| a:330)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java
| :829)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce
| ss(Http11Protocol.java:598)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:44
| 7)
| at java.lang.Thread.run(Thread.java:619)
|
The used servlet LoginServlet:
| package vwg.audi.cancard.webservlet;
|
| import java.io.IOException;
|
| import javax.ejb.EJBAccessException;
| import javax.servlet.ServletException;
| import javax.servlet.http.HttpServlet;
| import javax.servlet.http.HttpServletRequest;
| import javax.servlet.http.HttpServletResponse;
|
| import org.apache.log4j.Logger;
| import org.jboss.web.tomcat.security.login.WebAuthentication;
|
| public class LoginServlet extends HttpServlet
| {
| private Logger log = Logger.getLogger(LoginServlet.class);
|
| /**
| *
| */
| private static final long serialVersionUID = -5539909157863711284L;
|
| /**
| * Process the HTTP Get request
| */
| public void doGet(HttpServletRequest request, HttpServletResponse response)
| throws ServletException, IOException
| {
| serveRequest(request, response);
| }
|
| /**
| * Process the HTTP Post request
| */
| public void doPost(HttpServletRequest request, HttpServletResponse response)
| throws ServletException, IOException
| {
| serveRequest(request, response);
| } // doPost
|
| /**
| * In dieser Methode findet die eigentliche Verarbeitung des
| * HTTPServletRequests statt. Sie wird von den beiden public Methoden doPost
| * und doGet aufgerufen.
| */
| public void serveRequest(HttpServletRequest request,
| HttpServletResponse response) throws ServletException, IOException
| {
| String username = "extern.michael.obster";
| String pass = "myPassword";
| WebAuthentication webAuthentication = new WebAuthentication();
|
| if (webAuthentication.login(username, pass)) {
| log.info("Login sucessfull");
| }
| else {
| log.info("Login failed");
| }
|
| try {
| ServiceLocator.getInstance().getUserService().getAllRoles();
| } catch (ServiceLocatorException e) {
| e.printStackTrace();
| }
|
| webAuthentication.logout();
|
|
| }
|
|
|
| }
|
Any idea what the problem is?
Best regards,
Michael
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4260283#4260283
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4260283
More information about the jboss-user
mailing list