[EJB 3.0] - @RunAs doesn't work in JBossAS 4.2.3?
by amcdowell
I'm trying to convert some our session beans to EJB 3.0 prior to an AS 5.0 upgrade, and we use JAAS heavily in our server.
When I have the code:
| public interface TestSessionBean {
| public void execute();
| }
@Stateless
| @TransactionManagement(TransactionManagementType.CONTAINER)
| @Remote(TestSessionBean.class)
| @Local(TestSessionBean.class)
| @RunAs("testRole")
| public class TestSessionBeanImpl implements TestSessionBean {
| @Resource
| private SessionContext context;
|
| public void execute() {
| System.out.println("CallerPrincipal: " + context.getCallerPrincipal().getName());
| System.out.println("CallerInRole(testRole): " + context.isCallerInRole("testRole"));
| }
| }
The bean is deployed correctly and can be invoked, but it prints "false", the caller is not in the "testRole", despite the RunAs annotation.
When I look through the 4.2.3 code, it looks like their may be a fence-post problem in org.jboss.security.SecurityAssociation$RunAsThreadLocalStack.peek() (Line 686), because the "testRole" RunAsIdentity is in the stack at the [1] position, null is at the [0] position, and it only looks at [0] and then exits because the depth is now 2.
Is this to correct behavior? Did something change about RunAs for EJB 3.0?
A similar configuration in an assembly descriptor granted the role to the bean it was defined for in the EJB 2.x version.
I also looked in JIRA and didn't see a bug directly about this problem. I may try a preemptive upgrade to 5.0 and just see if the problem is resolved there.
-Andrew
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224953#4224953
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224953
17 years
[JBoss jBPM] - No LoginModules configured for jboss.web
by javajedi
I'm trying to set up jbpm 3.2.6.sp1. I've got everything deploying fine, but I can't login to the jbpm-console. It took me a while to track down how I'm supposed to populate my JBPM_ID_USER, JBPM_ID_GROUP, and JBPM_ID_MEMBERSHIP tables with some sample data (why isn't this described in the User Manual?), but whenever I try to login as "user/user", I get the following error:
2009-04-10 13:20:08,485 ERROR [org.apache.catalina.realm.JAASRealm] Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for jboss.web
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.(LoginContext.java:403)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:344)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
I also enabled trace logging for org.jboss.security, and see this output right before the error message:
2009-04-10 13:20:05,509 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jboss.web), size=1
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(jboss.web), no entry in appConfigs, tyring parentCont: null
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(jboss.web), no entry in parentConfig, trying: other
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jboss.web), failed to find entry
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(other), size=1
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(other), no entry in appConfigs, tyring parentCont: null
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(other), no entry in parentConfig, trying: other
2009-04-10 13:20:08,484 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(other), failed to find entry
I don't have an "other" entry in my login-config.xml, but I do have this entry:
<application-policy name="jbpm-console">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option name="dsJndiName">java:/JbpmDS</module-option>
<module-option name="principalsQuery">
SELECT PASSWORD_ FROM JBPM_ID_USER WHERE NAME_=?
</module-option>
<module-option name="rolesQuery">
SELECT g.NAME_ ,'Roles'
FROM JBPM_ID_USER u,
JBPM_ID_MEMBERSHIP m,
JBPM_ID_GROUP g
WHERE g.TYPE_='security-role'
AND m.GROUP_ = g.ID_
AND m.USER_ = u.ID_
AND u.NAME_=?
</module-option>
</login-module>
</application-policy>
everything else is just vanilla out-of-the-box unchanged configuration. WEB-INF/jboss-web.xml has
<security-domain>java:/jaas/jbpm-console</security-domain>
which looks like it should be using the "jbpm-console" application policy, but it doesn't seem to be.
I tried copying the jbpm-console application policy to ones named "other" and "jboss.web", but I get the same error message.
Can anyone offer any suggestions? I'm amazed that jbpm is so difficult to get working with a fresh installation.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4224948#4224948
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4224948
17 years