<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
<table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td>
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
<tbody>
<tr>
<td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
<h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
<!-- To have a header image/logo replace the name below with your img tag -->
<!-- Email clients will render the images when the message is read so any image -->
<!-- must be made available on a public server, so that all recipients can load the image. -->
<a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
</td>
</tr>
<tr>
<td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Re: Secure access to an EJB3.0
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/pablo.fraga1975">Pablo Fraga</a> in <i>Beginner's Corner</i> - <a href="http://community.jboss.org/message/589282#589282">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p>Wolfgang,</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thanks for your reply!</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p><strong>SecurityClient securityClient = SecurityClientFactory.getSecurityClient(); </strong></p><p><strong>securityClient.setSimple("caja", "password"); </strong></p><p><strong>securityClient.login(); </strong></p><p><strong>InitialContext ctx = new InitialContext();</strong></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Maybe i mess up myself, but i will try to explain my problem with an example:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>First i have an EJB3, annotated with security annotations:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>@Stateless(name = "ProxyIMMEJB")</p><p><strong>@SecurityDomain("other")</strong></p><p><strong>@RolesAllowed("architect")</strong></p><p>@Local(value = ProxyIMMLocal.class)</p><p>public class ProxyIMMEJBImpl implements ProxyIMMLocal {</p><p>    </p><p>    @Resource SessionContext ctx;</p><p>    </p><p>    <strong>@RolesAllowed("architect")</strong></p><p>    public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... {</p><p>        Principal cp = ctx.getCallerPrincipal(); </p><p>        log.debug("Principal's name: " + cp.getName());</p><p>        ...</p><p>    }</p><p>}</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>login-config.xml</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>   <application-policy name = "other"></p><p>      <authentication></p><p>          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"</p><p>             flag = "required"></p><p>              <module-option name="usersProperties">props/users.properties</module-option></p><p>              <module-option name="rolesProperties">props/roles.properties</module-option></p><p>              <module-option name="unauthenticatedIdentity">anonymous</module-option></p><p>          </login-module></p><p>       </authentication></p><p>   </application-policy></p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>users.properties</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>caja=password</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>roles.properties</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>caja=architect</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Properties env = new Properties();</p><p><strong>env.setProperty(Context.SECURITY_PRINCIPAL, "caja");</strong></p><p><strong>env.setProperty(Context.SECURITY_CREDENTIALS, "password");</strong></p><p>env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");</p><p>env.setProperty(Context.PROVIDER_URL, "localhost:1099");</p><p>InitialContext ctx = new InitialContext();</p><p>try {</p><p>   ctx = new InitialContext(env);</p><p>   proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local");</p><p>} catch (NamingException e) {</p><p>   // TODO Auto-generated catch block</p><p>   e.printStackTrace();</p><p>}</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @<strong>RolesAllowed("architect")</strong> with <strong>@PermitAll </strong>and debugging principal's name.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>        Principal cp = ctx.getCallerPrincipal(); </p><p>        log.debug("Principal's name: " + cp.getName());</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>This gave me anonymous.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>In my scenario, the complete example that you wrote applies? or there is a easiest way?</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Thank you very much for your patience!</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Pablo.</p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/589282#589282">going to Community</a></p>
<p style="margin: 0;">Start a new discussion in Beginner's Corner at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>