[Security] - Problems with authentication on EJB2
by sverker
Hi,
I'm trying to update an old EJB2-based application to be able to run on JBoss 5.1. Well, everything work except for that I keep getting java.lang.SecurityException: Authentication exception, principal=null on some operations.
I have a custom login module, it's right now deployed with the new method but I've also tried with the old DynamicLoginConfig. When I log in on the web frontend it looks like this in the log:
22:59:46,100 TRACE [LimeLoginModule] initialize
| 22:59:46,106 TRACE [LimeLoginModule] Security domain: lime
| 22:59:46,109 TRACE [LimeLoginModule] Saw unauthenticatedIdentity=unauthenticated
| 22:59:46,113 TRACE [LimeLoginModule] login
| 22:59:46,114 TRACE [LimeLoginModule] Trying to authenticate sverker
| 22:59:46,119 DEBUG [AccountServiceBean] AccountServiceBean.ejbCreate()
| 22:59:46,168 INFO [AccountServiceBean] AccountServiceBean.authenticateAccount("sverker","*******") from null successfull
| 22:59:46,170 TRACE [LimeLoginModule] LimeLoginModule.login("sverker","*******") successfull
| 22:59:46,171 TRACE [LimeLoginModule] Assign user to role admin
| 22:59:46,174 TRACE [LimeLoginModule] User 'sverker' authenticated, loginOk=true
However, on the operations that fails I see this instead:
23:02:05,078 TRACE [UsersRolesLoginModule] initialize
| 23:02:05,083 TRACE [UsersRolesLoginModule] Security domain: other
| 23:02:05,084 TRACE [UsersRolesLoginModule] findResource: null
| 23:02:05,087 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
| java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
All operations are unchecked, the app handles authorization in other ways. I can see no difference in ejb-jar.xml on method-permission fields between the operations that work and those that don't.
I have tested with setting security-domain and unauthenticated-principal in either jboss-app.xml (in the ear) or jboss.xml (in ejb-jar) + jboss-web.xml or in all but no change.
How come that for some operations it chooses security-domain other? I see the same also when calling operations on EJB's from a MBean, how can I set which security-domain it belongs to and shouldn't it be the ejb's security domain that matters?
The setting I use in jboss-app and the others are:
<security-domain>java:/jaas/lime</security-domain>
| <unauthenticated-principal>unauthenticated</unauthenticated-principal>
What is this unauthenticated-principal used for, shouldn't that prevent the exception with principal=null?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262057#4262057
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262057
16 years, 6 months
[EJB] - JAAS: using sessionbean's home interface method "create" fro
by dahagrachops
Hi friends:)
i have 2 jboss instances:
jboss A (4.2.3) running on interface 127.0.0.1 and deploying some session beans
jboss B (5.0) running remotely on other network interface and deploying a MDB
The MDB can read message from remote topic on A
If i try to use the create method of a session bean on jboss A, i have a SecurityException:
java.rmi.AccessException: SecurityException; nested exception is:
java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=SourceServiceBean, method=create, interface=HOME, requiredRoles=[ENABLED, SUPEROWNER, INITIALIZER, INDEXER], principalRoles=[]
There is something to add about JAAS, maybe in a jboss config file, but i don't know where.
Can you help me please?
Bye and thanks;)
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262050#4262050
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262050
16 years, 6 months
[Installation, Configuration & Deployment] - Migration to JBoss 5, Scheduler not working
by osnetwork
Hello everybody,
I'm trying to port my application from JBoss AS 4.x to JBoss 5.1.
The application seems to be deployed fine. In fact inside my EAR I have various jar and a WEB application
The fact that the WEB application is working fine means that also the other jar/EJBs are deployed and working correctly.
The problem is that in my application I have defined a service inside the META-INF of the EAR like that:
<?xml version="1.0" encoding="UTF-8"?>
| <server>
| <mbean code="org.jboss.varia.scheduler.Scheduler"
| name="com.os:service=Scheduler">
| <attribute name="StartAtStartup">true</attribute>
| <attribute name="SchedulableClass">com.os.schedule.LobbyScheduler</attribute>
| <attribute name="SchedulableArguments">lobbyTopic,1</attribute>
| <attribute name="SchedulableArgumentTypes">java.lang.String,long</attribute>
| <attribute name="InitialStartDate">NOW</attribute>
| <attribute name="SchedulePeriod">5000</attribute>
| <attribute name="InitialRepetitions">-1</attribute>
| <!--
| <depends>jboss.j2ee:service=EARDeployment,url='gamgamEAR.ear'</depends>
| <depends>jboss.j2ee:url='gamgamEAR.ear',service=EARDeployer</depends>
| <depends>jboss.j2ee:jndiName=gamgamEAR/LobbyManager/local,service=EJB3</depends>
| -->
| <depends>jboss.j2ee:url='gamgamEAR.ear',service=EJB3</depends>
| </mbean>
| </server>
basically it should call every 5 seconds a class LobbyScheduler that implements the org.jboss.varia.scheduler.Schedulable interface.
the problem is that I always get the same error, that comes from the tag.
DEPLOYMENTS MISSING DEPENDENCIES:
| Deployment "com.os:service=Scheduler" is missing the following dependencies:
| Dependency "jboss.j2ee:service=EJB3,url='gamgamEAR.ear'" (should be in state "Create", but is actually in state "** NOT FOUND Depends on 'jboss.j2ee:service=EJB3,url='gamgamEAR.ear'' **")
|
| DEPLOYMENTS IN ERROR:
| Deployment "jboss.j2ee:service=EJB3,url='gamgamEAR.ear'" is in error due to the following reason(s): ** NOT FOUND Depends on 'jboss.j2ee:service=EJB3,url='gamgamEAR.ear'' **
In fact it seems that it doesn't find the EAR deployed or the address is wrong
In my old configuration (JBoss 4.x) I had:
<depends>jboss.j2ee:service=EARDeployment,url='gamgamEAR.ear'</depends>
and it was working fine. Probably in the AS 5, the name has been changed from EARDeployment to EARDeployer but still I'm not able to find the right sintax.
I was trying to point at the EJB used by Scheduler class that in my case is LobbyManager, but even in that case it's not working.
I was checking the JMX-Console for the name of the Bean LobbyManager. and putting that string into tag I have as result no more errors... but nothing happens... so that means that the scheduler is not called.
ear=gamgamEAR.ear,jar=gamgamEJB.jar,name=LobbyManager,service=EJB3
|
| <depends>jboss.j2ee:ear=gamgamEAR.ear,jar=gamgamEJB.jar,name=LobbyManager,service=EJB3</depends>
Do you have any advice?
PS=is that Scheduler way J2EE 5 compliant? If not how can I replace that scheduler with something portable.
Thanks in advance
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262017#4262017
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262017
16 years, 6 months
[jBPM Users] - Conditional Task Assignment with Fork
by pradeep.gulla
Is it possible to assign conditional tasks with Fork node in JBPM.
As per my requirement, workflow should allow optional Parallel tasks and a mandatory sequential task.
But I'm getting some issues while conditionally assign tasks with fork.
Process definition:
| <?xml version="1.0" encoding="UTF-8"?>
| <process name="conditional_task" version="1" xmlns="http://jbpm.org/4.0/jpdl">
| <start g="27,32,80,40">
| <transition to="Validate Approval Seqence"/>
| </start>
| <!-- Checks which sequence to initiate ie., Either Parallel or Sequential -->
| <decision expr="#{isOptionalTasksExists}" name="Validate Approval Seqence" g="257,31,80,40">
| <transition name="true" to="Assign Parallel Tasks" g="-24,2"/>
| <transition name="false" to="Sequential Task" g="564,54:-75,-21"/>
| </decision>
| <!-- Parallel Task Assignment -->
| <fork name="Assign Parallel Tasks" g="258,139,80,40">
| <transition to="validateFirstParallelTask"/>
| <transition to="validateSecondParallelTask"/>
| </fork>
| <!-- Conditional Task Assignment -->
| <decision name="validateFirstParallelTask" g="135,221,80,40">
| <transition to="First Parallel Task">
| <condition expr="#{firstParallelApprover != null}"/>
| </transition>
| </decision>
| <task assignee="#{firstParallelApprover}" name="First Parallel Task" g="71,325,169,40">
| <transition name="Approve" to="wait for other tasks" g="-45,-18"/>
| </task>
| <decision name="validateSecondParallelTask" g="384,221,80,40">
| <transition to="Second Parallel Task">
| <condition expr="#{secondParallelApprover != null}"/>
| </transition>
| </decision>
| <task assignee="#{secondParallelApprover}" name="Second Parallel Task" g="308,324,204,40">
| <transition name="Approve" to="wait for other tasks" g="-45,-18"/>
| </task>
| <join name="wait for other tasks" g="270,436,80,40">
| <transition to="Sequential Task"/>
| </join>
| <!-- Sequential Task -->
| <task assignee="#{sequentialApprover}" name="Sequential Task" g="494,437,147,40">
| <transition name="Approve" to="Finish" g="-45,-18"/>
| </task>
| <end name="Finish" state="Completed" g="778,431,80,40"/>
| </process>
This definition forces me to supply either (2 Parallel and 1 Sequential) or (0 Parallel and 1 Sequential) approvers, but not 1 Parallel and 1 Sequential.
Thanks in Advance
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4262014#4262014
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4262014
16 years, 6 months