[jboss-user] [Beginner's Corner] - Re: Secure access to an EJB3.0
Pablo Fraga
do-not-reply at jboss.com
Wed Feb 23 09:40:35 EST 2011
Pablo Fraga [http://community.jboss.org/people/pablo.fraga1975] created the discussion
"Re: Secure access to an EJB3.0"
To view the discussion, visit: http://community.jboss.org/message/589282#589282
--------------------------------------------------------------
Wolfgang,
Thanks for your reply!
I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what?
I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5:
*SecurityClient securityClient = SecurityClientFactory.getSecurityClient();*
*securityClient.setSimple("caja", "password");*
*securityClient.login();*
*InitialContext ctx = new InitialContext();*
Maybe i mess up myself, but i will try to explain my problem with an example:
First i have an EJB3, annotated with security annotations:
@Stateless(name = "ProxyIMMEJB")
*@SecurityDomain("other")*
*@RolesAllowed("architect")*
@Local(value = ProxyIMMLocal.class)
public class ProxyIMMEJBImpl implements ProxyIMMLocal {
@Resource SessionContext ctx;
*@RolesAllowed("architect")*
public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... {
Principal cp = ctx.getCallerPrincipal();
log.debug("Principal's name: " + cp.getName());
...
}
}
As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents:
login-config.xml
<application-policy name = "other">
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/users.properties</module-option>
<module-option name="rolesProperties">props/roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
users.properties
caja=password
roles.properties
caja=architect
In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code:
Properties env = new Properties();
*env.setProperty(Context.SECURITY_PRINCIPAL, "caja");*
*env.setProperty(Context.SECURITY_CREDENTIALS, "password");*
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "localhost:1099");
InitialContext ctx = new InitialContext();
try {
ctx = new InitialContext(env);
proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local");
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @*RolesAllowed("architect")* with *@PermitAll* and debugging principal's name.
Principal cp = ctx.getCallerPrincipal();
log.debug("Principal's name: " + cp.getName());
This gave me anonymous.
In my scenario, the complete example that you wrote applies? or there is a easiest way?
Thank you very much for your patience!
Pablo.
--------------------------------------------------------------
Reply to this message by going to Community
[http://community.jboss.org/message/589282#589282]
Start a new discussion in Beginner's Corner at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110223/57b70fc8/attachment.html
More information about the jboss-user
mailing list