5:59 a.m.
Hi,
I have written custom JAAS Login Module which extends AbstractServerLoginModule for
authN and authZ. I am getting the following error when I try to access the protected EJB
with required role. But the Webcontainer is working as expected, able to access the
secured resources based on the user role. But the EJB containers is not working. Please
find the below error.
My environment:
JBoss 5.1.0 GA, Win XP
As jboss.xml the <security-domain> element is ignored by JBoss 5.1.0 GA. Please
correct me if I am worng, I think it is a bug in JBoss 5.1.0 GA? So, I have modified the
security-policies-jboss-beans.xml for jboss-ejb-policy element as follows:
<?xml version="1.0" encoding="UTF-8"?>
<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jboss-web-policy" extends="other">
<policy-module
code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule"
flag="required"/>
</application-policy>
<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jboss-ejb-policy" extends="UIdPSso">
<policy-module
code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule"
flag="required"/>
</application-policy>
<application-policy xmlns="urn:jboss:security-beans:1.0"
name="jboss-WebUIdP-policy" extends="UIdPSso">
<policy-module
code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule"
flag="required"/>
ejb-jar.xml is in EJB's/META-INF :
<?xml version="1.0"?>
<!DOCTYPE ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans
1.1//EN' 'http://java.sun.com/j2ee/dtds/ejb-jar_1_1.dtd'>
<ejb-jar>
<enterprise-beans>
<ejb-name>DsBean</ejb-name>
com.sample.as2.weblogic.test.DsBeanHome
com.sample.as2.weblogic.test.DsBean
<ejb-class>com.sample.as2.weblogic.test.DsBeanEJB</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
</enterprise-beans>
<assembly-descriptor>
<security-role>
DSmart Bean Level Access
<role-name>DSBeanRole</role-name>
</security-role>
<method-permission>
<role-name>DSBeanRole</role-name>
<ejb-name>DsBean</ejb-name>
<method-intf>Remote</method-intf>
<method-name>*</method-name>
</method-permission>
<container-transaction>
<ejb-name>DsBean</ejb-name>
<method-name>*</method-name>
<trans-attribute>Required</trans-attribute>
</container-transaction>
</assembly-descriptor>
</ejb-jar>
ERROR org.jboss.ejb.plugins.SecurityInterceptor - Error in Security Interceptor
java.lang.SecurityException: Denied: caller with subject=Subject:
Principal: jaasuser
Principal: Roles(members:DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole)
Principal: CallerPrincipal(members:jaasuser)
and security context post-mapping
roles=Roles(DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole,): ejbMethod=public
abstract com.sample.as2.weblogic.test.DsBean
com.sample.as2.weblogic.test.DsBeanHome.create() throws
javax.ejb.CreateException,java.rmi.RemoteException
at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:368)
at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
at
org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)
at
org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
at
org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
at org.jboss.ejb.Container.invoke(Container.java:1046)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at
org.jboss.invocation.local.LocalInvoker$MBeanServerAction.invoke(LocalInvoker.java:169)
at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:118)
at org.jboss.invocation.InvokerInterceptor.invokeLocal(InvokerInterceptor.java:209)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:195)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at
org.jboss.proxy.ejb.SecurityContextInterceptor.invoke(SecurityContextInterceptor.java:64)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:68)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:184)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:101)
at $Proxy248.create(Unknown Source)
at com.sample.as2.servlets.unprotectedServlet.doPost(Unknown Source)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:402)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:595)
1462903 [http-127.0.0.1-8080-1] ERROR com.sample.as2.servlets.unprotectedServlet -
Exception caught initializing beans:java.rmi.AccessException: SecurityException; nested
exception is:
java.lang.SecurityException: Denied: caller with subject=Subject:
Principal: jaasuser
Principal: Roles(members:DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole)
Principal: CallerPrincipal(members:jaasuser)
and security context post-mapping
roles=Roles(DSBeanRole,ProtectedServletGroup,ValidUser,jaasrole,): ejbMethod=public
abstract com.sample.as2.weblogic.test.DsBean
com.sample.as2.weblogic.test.DsBeanHome.create() throws
javax.ejb.CreateException,java.rmi.RemoteException
Thanks,
Sangeetha
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264084#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...