[jboss-user] [Security & JAAS/JBoss] - Credentials propagation to a remote jboss server
tang_2001
do-not-reply at jboss.com
Tue Nov 7 11:48:00 EST 2006
Hello,
I'm trying to authenticate the accesses to a jboss-4.0.4 server through an EJB session facade with a unique "generic" user account.
This server is remotely acceded from a jboss-portal-2.4 server.
I used to authenticate this way from a simple tomcat5.0 server, but I can't succeed in doing the same from the jboss portal server.
Following is the description of my current configuration.
on jboss portal side:
--------------------
1- Added an SSOValve as described just like in page http://www.simongbrown.com/blog/2004/11/04/1099588633312.html
This valve does something like:
request.setUserPrincipal(new SSOPrincipal(request.getContext()
| .getRealm(), username, password, roles));
where SSOPrincipal extends org.apache.catalina.realm.GenericPrincipal
2- An extract of my jboss-web.xml file:
<security-domain>java:/jaas/client-login</security-domain>
This should help propagating my credentials to my session facade on a remote jboss server
on the remote jboss server side:
-------------------------------
I have the following settings that used to work when I had a simple tomcat server in the front side. Now I try to do the same with jboss portal in front, but the remote jboss server settings remain the same:
1- I defined in jboss-login file:
<application-policy name="gubpm">
| <authentication>
| <login-module
| code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">
| props/gubpm-users.properties
| </module-option>
| <module-option name="rolesProperties">
| props/gubpm-roles.properties
| </module-option>
| </login-module>
| <login-module code="org.jboss.security.ClientLoginModule"
| flag="required">
| <!-- Any existing security context will be restored on logout -->
| <module-option name="restore-login-identity">
| true
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
3- From jboss portal, I do a lookup of the remote facade:
Hashtable props = new Hashtable();
| props.put(Context.INITIAL_CONTEXT_FACTORY,
| "org.jnp.interfaces.NamingContextFactory");
| String providerUrl = Constants.PROVIDER_URL;
| props.put(Context.PROVIDER_URL, providerUrl);
|
| Object reference = (new InitialContext(props)).lookup("SessionFacade");
|
| SessionFacadeHome home = (SessionFacadeHome) PortableRemoteObject
| .narrow(reference, SessionFacadeHome.class);
|
| return home.create();
2- I also added the following line to my jboss.xml file:
<security-domain>java:/jaas/gubpm</security-domain>
3- My ejb is configured to authorize accesses to the methods to role 'Authenticated'
The result is that this fail on the lookup line:
Object reference = (new InitialContext(props)).lookup("SessionFacade");
with the following error:
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
Of course I checked that the given username and password are the same that the remote jboss server expect to find in files props/gubpm-users.properties and props/gubpm-roles.properties. I cannot find what is wrong in my settings...
Please help!
Thanks,
Tanguy
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3983834#3983834
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3983834
More information about the jboss-user
mailing list