Wolfgang,
Thanks for your reply!
I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what?
I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5:
SecurityClient securityClient = SecurityClientFactory.getSecurityClient();
securityClient.setSimple("caja", "password");
securityClient.login();
InitialContext ctx = new InitialContext();
Maybe i mess up myself, but i will try to explain my problem with an example:
First i have an EJB3, annotated with security annotations:
@Stateless(name = "ProxyIMMEJB")
@SecurityDomain("other")
@RolesAllowed("architect")
@Local(value = ProxyIMMLocal.class)
public class ProxyIMMEJBImpl implements ProxyIMMLocal {
@Resource SessionContext ctx;
@RolesAllowed("architect")
public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... {
Principal cp = ctx.getCallerPrincipal();
log.debug("Principal's name: " + cp.getName());
...
}
}
As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents:
login-config.xml
<application-policy name = "other">
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">props/users.properties</module-option>
<module-option name="rolesProperties">props/roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
users.properties
caja=password
roles.properties
caja=architect
In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code:
Properties env = new Properties();
env.setProperty(Context.SECURITY_PRINCIPAL, "caja");
env.setProperty(Context.SECURITY_CREDENTIALS, "password");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "localhost:1099");
InitialContext ctx = new InitialContext();
try {
ctx = new InitialContext(env);
proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local");
} catch (NamingException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @RolesAllowed("architect") with @PermitAll and debugging principal's name.
Principal cp = ctx.getCallerPrincipal();
log.debug("Principal's name: " + cp.getName());
This gave me anonymous.
In my scenario, the complete example that you wrote applies? or there is a easiest way?
Thank you very much for your patience!
Pablo.