[Security & JAAS/JBoss] - HTTP Auth & callerPrincipal
by joshd
I am quite new to jboss at all, and facing a problem with a login part of an app using ejb3 with SOA and a js-ajax web-client).
I have to use http-authentication and my LoginModule (extends UserNamePasswordModule) is working pretty fine so far. My LoginModule uses a session bean - my SecurityManager, to retrieve a User-Object for the name/password provided by the user through the http-auth-dialog. The name provided looks like "client/username". In my SecurityManager I split and process these infos and do my db-authenticaton (for this user an this client). And it works fine - for both LDAP and DB.
The problem for me now is, the the sessionContext.callerPrincipal gives me the user-provided string ("client/username") whereas I would need the name of user (Userobject.getname).
So how can I reach that? Do I have to set the caller somehow, when I changed the name after entering by the user?
thanks a lot,
regards,
josh
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4134530#4134530
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4134530
18 years, 1 month
[Beginners Corner] - application clients in JBOSS 4.2.2
by sajhak
Hi all ,
Im new to j2ee development..
in order to execute an application client in JBOSS 4.2.2 do i have to make any configurations additionally ?
im asking this is , i am working with EJBs , so i developed a session Bean ( EJB 3.0 ) which searches for wine types <an example of an ebook> .
(for the testing purpoes , i just hard coded the values without using a database).
That EJB is invoked by an application client (.jar) , and i packaged those two (EJB and app client) into an .ear and deployed to JBOSS. ( im using Netbeans 6.0 )
but , when the application is run in Netbeans , it gives a Nullpointer exception ... :( ...
But when i deploed into the Glassfish server , it doesnot give any exception and works fine ...
so that s why im asking whether JBOSS support running application clients ?? ...
One more question ... is it a must to package EJB(.jar) and application client(.jar) into an .ear archive ? or cant i deploy those two seperately and then invoke the EJB from the application client ?? if so how can i do that ? are there any commands for that. ?
I wud b much pleased if anybosy can help me on this..
Thanks and Regards..
Sajith
PS : the code is attached with this..
package searchfacadejboss;
import saji.dev.ejb.jboss.stateless.SearchFacade;
import java.util.List;
import javax.ejb.EJB;
public class Main {
@EJB
private static SearchFacade searchFacade;
public Main() {
}
public static void main(String[] args) {
Main searchFacadeTest = new Main();
searchFacadeTest.doTest();
}
void doTest() {
try {
System.out.println("Search Facade Lookup");
System.out.println("Searching wines");
List winesList = searchFacade.wineSearch("Red");
System.out.println("Printing wines list");
for (String wine:(List)winesList ){
System.out.println(wine);
}
}catch(Exception ex) {
ex.printStackTrace();
}
}
}
The output
==========
Search Facade Lookup
Searching wines
java.lang.NullPointerException
at searchfacadejboss.Main.doTest(Main.java:46)
at searchfacadejboss.Main.main(Main.java:31)
run-searchFacadeJboss-app-client:
run:
BUILD SUCCESSFUL (total time: 3 seconds)
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4134525#4134525
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4134525
18 years, 1 month
Re: Overriding the Identity component.. (like lacewiki does) fa
by samk@twinix.com
See Thread at: http://www.techienuggets.com/Detail?tx=15106 Posted on behalf of a User
Seam appears to be expecting an instance of RuleBasedIdentity versus Identity. RuleBasedIdentity is an extension of identity that deals with Drools. Extending RuleBasedIdentity instead Idendity will make it to work.
Rafa.
In Response To:
For some reason seam wants an securityRules-setter on my inherited Identity component. I can't find any securityRules, any idea why?
this simeple case:
| @Name("org.jboss.seam.security.identity")
| @Scope(SESSION)
| @BypassInterceptors
| @Install(precedence = APPLICATION)
| @AutoCreate
| public class YSIdentity extends Identity {
|
| private static final long serialVersionUID = -1573888046524276986L;
| private UserAccount userAccount;
| private ContentProviderAccount contentProviderAccount;
|
| // We don't care if a user is logged in, just check it...
| @Override
| public void checkRestriction(String expr) {
| if (!evaluateExpression(expr)) {
| Events.instance().raiseEvent("org.jboss.seam.notAuthorized");
| throw new AuthorizationException(String.format("Authorization check failed for expression [%s]",
| expr));
| }
| }
|
| @Override
| public boolean hasPermission(String name, String action, Object... args) {
|
| userAccount = (UserAccount) Component.getInstance("contentProviderAccount");
| contentProviderAccount = (ContentProviderAccount) Component.getInstance("contentProviderAccount");
|
| if (args == null || args.length == 0) {
| // All the security checks currently need arguments...
| return false;
| }
|
|
| return false;
| }
|
| }
|
|
results in this:
| ...
| at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
| at org.jboss.Main.boot(Main.java:200)
| at org.jboss.Main$1.run(Main.java:508)
| at java.lang.Thread.run(Thread.java:595)
| Caused by: java.lang.IllegalArgumentException: no such setter method: com.yourstardom.middle.support.YSIdentity.securityRules
| at org.jboss.seam.util.Reflections.getSetterMethod(Reflections.java:236)
| at org.jboss.seam.Component.initInitializers(Component.java:486)
| at org.jboss.seam.Component.<init>(Component.java:264)
| at org.jboss.seam.Component.<init>(Component.java:217)
| at org.jboss.seam.init.Initialization.addComponent(Initialization.java:949)
| ...
|
18 years, 1 month
Re: EJB3: How to access @Stateless EJBs from custom LoginModule?
by samk@twinix.com
See Thread at: http://www.techienuggets.com/Detail?tx=21643 Posted on behalf of a User
I am having the same problem. were you able to solve it? thanks a lot.
In Response To:
Hi,
I have a JBoss 4.2.2.GA WebService application, where the WebServices should be secured.
So I wrote a custom LoginModule for JBoss 4.2.2.GA which extends the org.jboss.security.auth.spi.UsernamePasswordLoginModule. I defined an <application-policy> in the login-config.xml and I use the @SecurityDomain annotation for the secured @WebService beans
So far so good: My LoginModule is called correctly.
Inside the LoginModule I want to call a local @Stateless bean which provides methods to retrieve the user/roles via Hibernate from the database.
But how to access this bean?
I tried the @EJB annotation => no success
I tried a lookup via JNDI => no success (NameNotFoundException)
MyLoginModule:
| public class MyLoginModule extends UsernamePasswordLoginModule
| {
| private MyAuthenticationService myAuthenticationService;
|
| @Override
| public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
| {
| super.initialize(subject, callbackHandler, sharedState, options);
| try {
| Context jndiContext = new InitialContext();
| this.myAuthenticationService = (MyAuthenticationService) jndiContext.lookup("java:comp/env/ejb/MyAuthenticationServiceImpl"); // does not work (ejb not bound)
| // does not work: I tried all name combinations
| // jndiContext.lookup("java:comp.ejb3/env/ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound)
| // jndiContext.lookup("ejb/MyAuthenticationServiceImpl") => does not work (ejb not bound)
| // jndiContext.lookup("MyAuthenticationServiceImpl") => does not work (MyAuthenticationServiceImpl not bound)
| }
| catch (NamingException ex) {
| // TODO Auto-generated catch block
| ex.printStackTrace();
| }
| }
|
| @Override
| protected Principal createIdentity(String username) throws Exception
| {
| MyUser user = this.myAuthenticationService.retrieveUserByLoginName(username);
| return user;
| }
|
| @Override
| protected String getUsersPassword() throws LoginException
| {
| MyUser myUser = (MyUser) this.getIdentity();
| return myUser.getPassword();
| }
|
| @Override
| protected Group[] getRoleSets() throws LoginException
| {
| Group roles = new SimpleGroup("Roles"); // "Roles" is the expected GroupName for the roles
|
| for (Principal role : ((MyUser) this.getIdentity()).getRoles()) {
| roles.addMember(role);
| }
|
| return new Group[] { roles };
| }
|
| @EJB // has no effect
| public void setMyAuthenticationService(MyAuthenticationService myAuthenticationService)
| {
| this.myAuthenticationService = myAuthenticationService;
| }
|
| }
|
|
MyAuthenticationServiceImpl:
| @Stateless
| public class MyAuthenticationServiceImpl implements MyAuthenticationService
| {
|
| // ...
|
| public MyUser retrieveUserByLoginName(String loginName) throws LoginException
| {
| // here the DAO is called which uses the EntityManager
| }
|
| // ...
|
| }
|
MyAuthenticationService:
| public interface JaasService
| {
| // ...
| public MyUser retrieveUserByLoginName(String loginName) throws LoginException;
| // ...
| }
|
What is wrong?
18 years, 1 month