6:50 a.m.
[ http://jira.jboss.com/jira/browse/EJBTHREE-491?page=comments#action_12355607 ]
Manuel Duran Aguete commented on EJBTHREE-491:
----------------------------------------------
The same issue here with Jboss-4.0.5.GA jems installer with ejb3.
Resolved using:
@Service(objectName="myservice")
@SecurityDomain("MySecurityDomain")
//@RunAs("service") <--Doesn't work's
public class MyService implements MyServiceMBean {
...
...
}
jboss.xml:
<jboss>
<!-- <security-domain>java:/jaas/MySecurityDomain</security-domain>
-->
<unauthenticated-principal>anonymous</unauthenticated-principal>
...
...
</jboss>
@RunAs + @Management/Service not working - @SecurityDomain ignored?
-------------------------------------------------------------------
Key: EJBTHREE-491
URL: http://jira.jboss.com/jira/browse/EJBTHREE-491
Project: EJB 3.0
Issue Type: Bug
Components: EJB3 Extensions
Affects Versions: EJB 3.0 RC5 - PFD
Environment: JBoss AS 4.0.4RC1 vanilla
Reporter: Jens Elkner
Fix For: EJB 3.0 RC6 - PFD
I'm trying to run a @Service with a special role, so that it is able to access other
beans, but @SecurityDomain seems to be ignored and thus the service is not started.
E.g.:
@Service
@SecurityDomain("shared")
@RunAs("staff")
public class UpdateService
implements UpdateServiceM
{
...
}
@Local
@Management
public interface UpdateServiceM {
... // defines e.g. start() and stop(), but not create() and destroy()
}
@Stateless
@SecurityDomain("shared")
@RolesAllowed("staff")
public class UpdateServiceSB implements UpdateServiceDaoL {
...
}
@Local
public interface UpdateServiceDaoL extends UpdateServiceDao {
...
}
All SBs/IFs are part of the same foo.ear .
Deployment Exception:
2006-03-28 23:43:26,263 WARN [ScannerThread:org.jboss.system.ServiceController:424] -
Problem starting service
jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
javax.ejb.EJBAccessException: Authentication failure
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:46)
at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:98)
at
org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:174)
at
org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:142)
at
org.jboss.ejb3.service.ServiceMBeanDelegate.invoke(ServiceMBeanDelegate.java:166)
at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDynamicInvoker.java:164)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
at
org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:991)
at $Proxy0.start(Unknown Source)
...
Caused by: javax.security.auth.login.LoginException: java.lang.NullPointerException
at org.jboss.security.Util.createPasswordHash(Util.java:407)
at
org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:367)
at
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:195)
...
2006-03-28 23:53:25,969 ERROR
[main:org.jboss.deployment.scanner.URLDeploymentScanner:548] - Incomplete Deployment
listing:
--- MBeans waiting for other MBeans ---
ObjectName:
jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
State: FAILED
Reason: javax.ejb.EJBAccessException: Authentication failure
--- MBEANS THAT ARE THE ROOT CAUSE OF THE PROBLEM ---
ObjectName:
jboss.j2ee:ear=foo.ear,jar=foo-ejb-0.0.9a.jar,name=UpdateService,service=EJB3,type=ManagementInterface
State: FAILED
Reason: javax.ejb.EJBAccessException: Authentication failure
...
Actually I'm wondering, why the UsernamePasswordLoginModule appears in the stack
trace, because @SecurityDomain("shared") is defined as:
...
<application-policy name="@security.domain(a)">
<authentication>
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag="required">
<module-option
name="dsJndiName">java:/@security.ds@</module-option>
<module-option name="principalsQuery"
>SELECT passwd FROM users WHERE login=? AND
(ISNULL(expire) OR (UNIX_TIMESTAMP() - (expire/1000) < 0))</module-option>
<module-option name="rolesQuery"
>SELECT r.name, 'Roles' FROM users u,
roles r, user2role m WHERE u.login=? AND u.uid=m.users_uid AND
m.roles_gid=r.gid</module-option>
<module-option
name="hashAlgorithm">MD5</module-option>
<module-option
name="hashEncoding">base64</module-option>
</login-module>
</authentication>
</application-policy>
...
So no UsernamePasswordLoginModule at all. Finally my guess is, that @SecurityDomain is
completely ignored during deployment and that's why the start fails....
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira