[jboss-dev-forums] [Design of Security on JBoss] - Security EJB2 and dependencies
adrian@jboss.org
do-not-reply at jboss.com
Tue Apr 22 10:46:07 EDT 2008
If you run the pooled tests in JBoss5
| ./build.sh test -Dtest=pooled -Dnojars=t
|
you will see it fails with
| 16:20:26,857 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
| java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
| at org.jboss.security.auth.spi.Util.loadProperties(Util.java:366)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:563)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:497)
| at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
| at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:76)
| at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:301)
| at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:238)
| at org.jboss.ejb.plugins.SSLSessionInterceptor.invokeHome(SSLSessionInterceptor.java:53)
| at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
| at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
| at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:640)
| at org.jboss.ejb.Container.invoke(Container.java:1031)
| at sun.reflect.GeneratedMethodAccessor156.invoke(Unknown Source)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
| at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
| at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
| at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
| at org.jboss.invocation.pooled.server.PooledInvoker$MBeanServerAction.invoke(PooledInvoker.java:896)
| at org.jboss.invocation.pooled.server.PooledInvoker.invoke(PooledInvoker.java:383)
| at org.jboss.invocation.pooled.server.ServerThread.processInvocation(ServerThread.java:233)
| at org.jboss.invocation.pooled.server.ServerThread.dorun(ServerThread.java:275)
| at org.jboss.invocation.pooled.server.ServerThread.run(ServerThread.java:156)
|
This is because it has been configured to use the ssl-pooled domain which is hot
deployed with the ejbs, but it is actually using the "other" domain.
I'd guess this is because org.jboss.ejb.plugins.SecurityInterceptor
is not respecting the jmx dependency rules.
i.e. it is trying to retrieve the SecurityDomain in setContainer() instead of start()
setContainer() is invoked from EJB.create()
| public void setContainer(Container container)
| {
| ...
|
| // HERE This is invoked from EJB.create() which is too early since
| the SecurityDomain is not deployed until start()
|
| if(securityManager != null)
| {
| appSecurityDomain = securityManager.getSecurityDomain();
| appSecurityDomain = SecurityUtil.unprefixSecurityDomain(appSecurityDomain);
| }
| }
| }
|
>From the debug logging
|
| This is where it tries to retrieve the security domain:
|
| 2008-04-22 16:20:25,185 DEBUG [org.jboss.ejb.StatelessSessionContainer] (RMI TCP Connection(6)-127.0.0.1) Creating jboss.j2ee:jndiName=StatelessSessionWithPooledSSL,se
| rvice=EJB
|
| This is where the security domain is actually deployed
|
| 2008-04-22 16:20:25,198 DEBUG [org.jboss.security.plugins.JaasSecurityDomain] (RMI TCP Connection(6)-127.0.0.1) Starting jboss.security:service=JaasSecurityDomain,doma
| in=pooled-ssl
| 2008-04-22 16:20:25,201 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] (RMI TCP Connection(6)-127.0.0.1) Added pooled-ssl, org.jboss.security.plugins.Ja
| asSecurityDomain at 18441c1 to map
| 2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.pooled-ssl] (RMI TCP Connection(6)-127.0.0.1) CachePolicy set to: org.jboss.util
| .TimedCachePolicy at 1f90a95
| 2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] (RMI TCP Connection(6)-127.0.0.1) setCachePolicy, c=org.jboss.util.TimedCachePoli
| cy at 1f90a95
| 2008-04-22 16:20:25,213 DEBUG [org.jboss.security.plugins.JaasSecurityDomain] (RMI TCP Connection(6)-127.0.0.1) Started jboss.security:service=JaasSecurityDomain,domai
| n=pooled-ssl
|
| This is where it should be retrieved
|
| 2008-04-22 16:20:25,269 DEBUG [org.jboss.ejb.StatelessSessionContainer] (RMI TCP Connection(6)-127.0.0.1) Started jboss.j2ee:jndiName=StatelessSessionWithPooledSSL,ser
| vice=EJB
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4145879#4145879
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4145879
More information about the jboss-dev-forums
mailing list