[Security & JAAS/JBoss] - Need help to configure security with Seam and EJB3
by chawax
Hi,
I desperately try to enable security on EJB3 session beans called from Seam components, but I can't find how to do this. When I try to call EJB3 session bean, I have a "Authentication failure" error. It's hard to find clear documentations about this on the web, so I hope someone will help me here ... Note I just want to authenticate for the moment, I don't want to use roles based authorization because it won't be enough for my needs.
My app is an EAR with two jars :
- one with EJB3 session beans
- one with Seam components (EJB3, not pojos)
The problem appears when I call secured EJB3 session beans from a Seam component.
Here is what I did for the moment :
In my EJB3 session beans jar :
One example of a EJB3 session bean ...
META-INF/jboss.xml :
<session>
| <ejb-name>ServiceBaseEmployeBean</ejb-name>
| <security-domain>t4Seam</security-domain>
| </session>
META-INF/ejb-jar.xml :
<session>
| <description>
| <![CDATA[
|
| ]]>
| </description>
| <ejb-name>ServiceBaseEmployeBean</ejb-name>
| <remote>t4.core.employe.facade.ServiceBaseEmployeRemote</remote>
| <local>t4.core.employe.facade.ServiceBaseEmployeLocal</local>
| <ejb-class>t4.core.employe.facade.ServiceBaseEmployeBean</ejb-class>
| <session-type>Stateless</session-type>
| <transaction-type>Container</transaction-type>
| </session>
In the EAR :
META-INF/jboss-app.xml :
<?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE jboss-app
| PUBLIC "-//JBoss//DTD J2EE Application 1.4//EN"
| "http://www.jboss.org/j2ee/dtd/jboss-app_4_0.dtd">
| <jboss-app>
| <module>
| <service>META-INF/t4Seam-login-service.xml</service>
| </module>
| </jboss-app>
META-INF/t4Seam-login-service.xml :
<?xml version="1.0" encoding="UTF-8"?>
| <server>
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="t4Seam:service=DynamicLoginConfig">
| <attribute name="AuthConfig">META-INF/t4Seam-login-config.xml</attribute>
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
| </server>
META-INF/t4Seam-login-config.xml :
<?xml version="1.0" encoding="UTF-8"?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
| <policy>
| <application-policy name="t4Seam">
| <authentication>
| <login-module code="org.jboss.seam.security.jaas.SeamLoginModule" flag="required">
| </login-module>
| <login-module code="org.jboss.security.ClientLoginModule" flag="required">
| <module-option name="restore-login-identity">true</module-option>
| <module-option name="multi-threaded">false</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
In Seam components JAR :
META-INF/components.xml :
<security:identity
| authenticate-method="#{authenticator.authenticate}"
| jaas-config-name="t4Seam" />
|
My Seam authenticate method (there is no security on compteUtilisateurDao EJB) :
@javax.ejb.EJB
| private CompteUtilisateurDao compteUtilisateurDao;
|
| public boolean authenticate()
| throws java.lang.Exception
| {
| String username = Identity.instance().getUsername();
| String password = Identity.instance().getPassword();
| CompteUtilisateur utilisateur = compteUtilisateurDao.findByUsernameAndPassword(username, password);
| return (utilisateur != null);
| }
And the code calling the EJB3 session bean from a Seam component :
@javax.ejb.EJB protected ServiceBaseEmployeLocal serviceEmploye;
|
| @javax.ejb.TransactionAttribute(javax.ejb.TransactionAttributeType.REQUIRES_NEW)
| @org.jboss.seam.annotations.Factory(value = "employes")
| @org.jboss.seam.annotations.Observer("employeUpdated")
| public void getEmployes() throws java.lang.Exception
| {
| this.employes = this.serviceEmploye.loadAllEmployes();
| }
What I saw in traces is that both SeamLoginModule and ClientLoginModule are called and run OK. But it looks like the JAAS subject is not propagated to EJB layer, while it is (for what I understood) the goal of ClientLoginModule.
Anyone has an idea what I do wrong ? Maybe I forgot some config files or misunderstood something with JBoss Security ?
Thanks in advance,
Olivier
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149149#4149149
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149149
17 years, 11 months
[Installation, Configuration & DEPLOYMENT] - Re: shared class for two webapps
by stourwalk
"lcurros" wrote : Solved.
| The way I used works fine. I had a packaging error and I have put the class inside one of the app content so this was the reason way It didnt work
Hi,
could you be more specific about the problem that you had?
We have a very similar situation where we have a single EAR file which contains APPEJB.jar - this .jar uses struts.jar which is referenced in a seperate project.
Inside this .EAR file we also have the webcontent.war - this .war naturally also references struts.jar - (we've tried both by having struts.jar in the WEB-INF/libs and by referencing the same external project as APPEJB.jar) - when we try and pass a LabelValueBean from the EJB to the webApp we get a ClassCastException.
I'm assuming this is because it's getting confused as to which class to use (even if they both reference the same .jar) - how should we package struts.jar in this case (or pass objects between the two sides).
I've checked the JMX console for org.apache.struts.util.LabelValueBean and it only shows 1 instance being loaded (from the .war file if packaged in there or from the ear if packaged in the common 3rd project)
We are trying to migrate a legacy application away from Websphere and onto jBoss and this is the last issues that we are struggling with. Any pointers would be gratefully received.
Thanks
Chris
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4149147#4149147
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4149147
17 years, 11 months