[EJB/JBoss] - javax.ejb.EJBAccessException: Authentication failure
by Usul
Hi,
Im trying to do authentication (ejb 3.0, jboss-4.2.2.GA).
Im getting this error:
anonymous wrote :
| Exception in thread "main" javax.ejb.EJBAccessException: Authentication failure
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
| at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:573)
| at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:373)
| at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
| at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:163)
| at org.jboss.remoting.Client.invoke(Client.java:1634)
| at org.jboss.remoting.Client.invoke(Client.java:548)
| at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
| at $Proxy0.sub(Unknown Source)
| at myclient.Client.main(Client.java:44)
| at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
| at $Proxy0.sub(Unknown Source)
| at myclient.Client.main(Client.java:44)
|
That is my Client:
| package myclient;
|
| import java.rmi.RMISecurityManager;
| import java.util.Properties;
|
| import javax.naming.InitialContext;
| import javax.security.auth.login.LoginContext;
| import javax.security.auth.login.LoginException;
|
| import myserv.IDoSomethingBean;
|
| import org.jboss.security.auth.callback.UsernamePasswordHandler;
|
| public class Client
| {
|
| public static void main(String[] args) throws Exception
| {
| System.setProperty("java.security.policy", "F:\\rmi.policy");
| System.setProperty("java.security.auth.login.config", "F:\\jaas.config");
| if (System.getSecurityManager() == null) {
| System.setSecurityManager(new RMISecurityManager());
| }
|
| Properties properties = new Properties();
| properties.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
| properties.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
| properties.put("java.naming.provider.url","localhost:1099");
|
| UsernamePasswordHandler handler = null;
| handler = new UsernamePasswordHandler("kermit", "thefrog");
| LoginContext lc = new LoginContext("steffendom", handler);
|
| try {
| lc.login();
| } catch(LoginException e) {
| System.out.println("authentication failed");
| e.printStackTrace();
| }
|
| InitialContext ctx = new InitialContext(properties);
| IDoSomethingBean calculator = (IDoSomethingBean) ctx.lookup("DoSomethingBean/remote");
|
| System.out.println("9 - 5 = " + calculator.sub(9, 5));
|
| // Scope of work complete, logout to remove authentication info
| try {
| lc.logout();
| } catch(LoginException e) {
| System.out.println("logout failed");
| e.printStackTrace();
| }
|
| }
| }
|
Im starting jboss with "run -c all".
This is my \server\all\conf\login-config.xml
anonymous wrote :
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <!-- The XML based JAAS login configuration read by the
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add
| an application-policy element for each security domain.
|
| The outline of the application-policy is:
| <application-policy name="security-domain-name">
|
| <login-module code="login.module1.class.name" flag="control_flag">
| <module-option name = "option1-name">option1-value</module-option>
| <module-option name = "option2-name">option2-value</module-option>
| ...
| </login-module>
|
| <login-module code="login.module2.class.name" flag="control_flag">
| ...
| </login-module>
| ...
|
| </application-policy>
|
| $Revision: 64598 $
| -->
|
|
| <!-- Used by clients within the application server VM such as
| mbeans and servlets that access EJBs.
| -->
| <application-policy name = "client-login">
|
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| <!-- Any existing security context will be restored on logout -->
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- Security domain for JBossMQ -->
| <application-policy name = "jbossmq">
|
| <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- Security domain for JBossMQ when using file-state-service.xml
| <application-policy name = "jbossmq">
|
| <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
| </login-module>
|
| </application-policy>
| -->
|
| <!-- Security domains for testing new jca framework -->
| <application-policy name = "HsqlDbRealm">
|
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">sa</module-option>
| <module-option name = "userName">sa</module-option>
| <module-option name = "password"></module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| </login-module>
|
| </application-policy>
|
| <application-policy name = "JmsXARealm">
|
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">guest</module-option>
| <module-option name = "userName">guest</module-option>
| <module-option name = "password">guest</module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- A template configuration for the jmx-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "jmx-console">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
| <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- A template configuration for the web-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "web-console">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">web-console-users.properties</module-option>
| <module-option name="rolesProperties">web-console-roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
| <!--
| A template configuration for the JBossWS security domain.
| This defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name="JBossWS">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">props/jbossws-users.properties</module-option>
| <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
| <module-option name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- The default login configuration used by any security domain that
| does not have a application-policy entry with a matching name
| -->
| <application-policy name = "other">
| <!-- A simple server login module, which can be used when the number
| of users is relatively small. It uses two properties files:
| users.properties, which holds users (key) and their password (value).
| roles.properties, which holds users (key) and a comma-separated list of
| their roles (value).
| The unauthenticatedIdentity property defines the name of the principal
| that will be used when a null username and password are presented as is
| the case for an unuathenticated web client or MDB. If you want to
| allow such users to be authenticated add the property, e.g.,
| unauthenticatedIdentity="nobody"
| -->
|
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
|
| </application-policy>
|
| <application-policy name="steffendom">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">users.properties</module-option>
| <module-option name="rolesProperties">roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
|
|
My users.properties:
anonymous wrote :
| # A sample users.properties file for use with the UsersRolesLoginModule
| kermit=thefrog
|
My roles.properties:
anonymous wrote :
| # A sample roles.properties file for use with the UsersRolesLoginModule
| kermit=friend
|
I placed these two files in \server\all\conf and in \server\all\conf\props and in the jar where my (ejb 3.0) bean is located, just to be sure.
My rmi.policy:
anonymous wrote :
| grant
| {
| permission java.security.AllPermission;
| };
|
My jaas.config:
anonymous wrote :
| steffendom { org.jboss.security.auth.spi.UsersRolesLoginModule required;};
|
And just to be complete, my two Bean-Classes:
| package myserv;
|
| import javax.ejb.Stateless;
| import org.jboss.annotation.security.SecurityDomain;
| import javax.annotation.security.PermitAll;
| import javax.annotation.security.RolesAllowed;
|
| @Stateless
| @SecurityDomain("steffendom")
| public class DoSomethingBean implements IDoSomethingBean
| {
| @RolesAllowed({"friend"})
| public int add(int a, int b)
| {
| return a+b;
| }
|
| @PermitAll
| public int sub(int a, int b)
| {
| return a-b;
| }
| }
|
| package myserv;
|
|
| import javax.ejb.*;
|
| @Remote
| public interface IDoSomethingBean {
| public int add(int a, int b);
| public int sub(int a, int b);
| }
|
Please help, I googeld every site there is. I dont know what more I can do.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158845#4158845
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158845
17 years, 10 months
[JBoss Tools (users)] - Error in new Seam Web Project
by fabricio.lemos
Hello,
I just tried nightly build 200806161806 (could not get 2.1.1 GA to work) but the wizard to create a new Seam project is broken. When I click File->New->Seam Web Project, nothing happens and in the log I have
|
| !ENTRY org.eclipse.ui 4 0 2008-06-17 19:23:45.838
| !MESSAGE Unhandled event loop exception
| !STACK 0
| java.lang.NoSuchMethodError: org.jboss.tools.seam.ui.wizard.SeamProjectWizard$SeamWebProjectFirstPage.createPrimaryFacetComposite(Lorg/eclipse/swt/widgets/Composite;)V
| at org.jboss.tools.seam.ui.wizard.SeamProjectWizard$SeamWebProjectFirstPage.createTopLevelComposite(SeamProjectWizard.java:154)
| at org.eclipse.wst.common.frameworks.internal.datamodel.ui.DataModelWizardPage.createControl(DataModelWizardPage.java:101)
| at org.eclipse.jface.wizard.Wizard.createPageControls(Wizard.java:170)
| at org.eclipse.wst.common.project.facet.ui.ModifyFacetedProjectWizard.createPageControls(ModifyFacetedProjectWizard.java:238)
| at org.eclipse.wst.web.ui.internal.wizards.NewProjectDataModelFacetWizard.createPageControls(NewProjectDataModelFacetWizard.java:135)
| at org.jboss.tools.seam.ui.wizard.SeamProjectWizard.createPageControls(SeamProjectWizard.java:84)
| at org.eclipse.jface.wizard.WizardDialog.createPageControls(WizardDialog.java:669)
| at org.eclipse.jface.wizard.WizardDialog.createContents(WizardDialog.java:543)
| at org.eclipse.jface.window.Window.create(Window.java:426)
| at org.eclipse.jface.dialogs.Dialog.create(Dialog.java:1081)
| at org.eclipse.ui.internal.actions.NewWizardShortcutAction.run(NewWizardShortcutAction.java:122)
| at org.eclipse.jface.action.Action.runWithEvent(Action.java:498)
| at org.eclipse.jface.action.ActionContributionItem.handleWidgetSelection(ActionContributionItem.java:546)
| at org.eclipse.jface.action.ActionContributionItem.access$2(ActionContributionItem.java:490)
| at org.eclipse.jface.action.ActionContributionItem$5.handleEvent(ActionContributionItem.java:402)
| at org.eclipse.swt.widgets.EventTable.sendEvent(EventTable.java:66)
| at org.eclipse.swt.widgets.Widget.sendEvent(Widget.java:938)
| at org.eclipse.swt.widgets.Display.runDeferredEvents(Display.java:3682)
| at org.eclipse.swt.widgets.Display.readAndDispatch(Display.java:3293)
| at org.eclipse.ui.internal.Workbench.runEventLoop(Workbench.java:2389)
| at org.eclipse.ui.internal.Workbench.runUI(Workbench.java:2353)
| at org.eclipse.ui.internal.Workbench.access$4(Workbench.java:2219)
| at org.eclipse.ui.internal.Workbench$4.run(Workbench.java:466)
| at org.eclipse.core.databinding.observable.Realm.runWithDefault(Realm.java:289)
| at org.eclipse.ui.internal.Workbench.createAndRunWorkbench(Workbench.java:461)
| at org.eclipse.ui.PlatformUI.createAndRunWorkbench(PlatformUI.java:149)
| at org.eclipse.ui.internal.ide.application.IDEApplication.start(IDEApplication.java:106)
| at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:169)
| at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:106)
| at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:76)
| at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:363)
| at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:176)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
| at java.lang.reflect.Method.invoke(Unknown Source)
| at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:508)
| at org.eclipse.equinox.launcher.Main.basicRun(Main.java:447)
| at org.eclipse.equinox.launcher.Main.run(Main.java:1173)
|
Is this a known bug?
Fabricio Lemos
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158843#4158843
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158843
17 years, 10 months
[Installation, Configuration & DEPLOYMENT] - 4.2.2 MBean getClientHost java.rmi.server.ServerNotActiveExc
by guy_rouillier
I found the following very old post but thought I'd start a new one after all this time.
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=20245
I'm upgrading some code that has run under 2.4.3 and 3.2.7 to run under 4.2.2. The upgrade process was fairly painless. So far, I've only run into this one runtime issue. The architecture consists of Java clients invoking a session EJB which exists merely to forward the calls to an MBean; there's a one-to-one mapping of methods in the EJB to methods in the MBean (plus the MBean has additional code.) This has worked fine in the previous JBoss versions. I'm running both 3.2.7 and 4.2.2 on JDK 1.5.
With 4.2.2, I'm getting the exception "java.rmi.server.ServerNotActiveException: not in a remote call" when the MBean invokes java.rmi.server.UnicastRemoteObject.getClientHost(). If I catch this exception and just set the client host IP address to "127.0.0.1", everything continues normally: the MBean does what it is supposed to do and returns the correct result.
What has changed in version 4 since versions 2 and 3 to produce this ServerNotActiveException? Is this happening because the session EJB is the code contacting the MBean, and not the originating client? Did this work before because EJBs were maintaining the client context and now 4.2.2 they are not? Perhaps this is an aspect of EJB3?
Unfortunately, the API implemented by the EJB and MBean consists of over 60 methods, so retrofitting a separate parameter to each of them to contain the client's IP address is not really feasible.
Thanks for all ideas.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158829#4158829
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158829
17 years, 10 months