[jboss-user] [Security & JAAS/JBoss] - EJBAccessException

klejs do-not-reply at jboss.com
Sat Nov 18 10:18:17 EST 2006 

Hi,

I'm trying to use JBoss with EJB3 and JAAS but I'm getting an EJBAccessException and I can't figure out why. Im using JBoss 4.0.5.GA and EJB3. When testing for isUserInRole("operator") in my webapp it returns true but the exception is thrown when trying to call a metod on an EJB.
 
My config and code looks like this:

web.xml
<security-constraint>
  | 		<web-resource-collection>
  | 			<web-resource-name>My resources</web-resource-name>
  | 			<description>Protects the application</description>
  | 			<url-pattern>/*</url-pattern>
  | 		</web-resource-collection>
  | 		<auth-constraint>
  | 			<role-name>operator</role-name>
  | 		</auth-constraint>
  | 	</security-constraint>
  | 	
  | 	<login-config>
  | 		<auth-method>FORM</auth-method>
  | 		    <form-login-config>
  | 			    <form-login-page>/login.html</form-login-page>
  | 				<form-error-page>/login_error.html</form-error-page>
  | 		    </form-login-config>
  | 	</login-config>

jboss-web.xml
<jboss-web>
  | <security-domain>java:/jaas/my_security_domain</security-domain>
  | </jboss-web>

jboss.xml
<jboss>
  | <security-domain>java:/jaas/my_security_domain</security-domain>
  | </jboss>

login-config.xml
<application-policy name="my_security_domain">
  | 	<authentication>
  | 		<login-module
  | 			code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
  | 			flag="required">
  | 			
  | 			<module-option name="dsJndiName">java:/myDS</module-option>
  | 			<module-option name="principalsQuery">
  | 				select password from user where username=?
  | 			</module-option>
  | 			<module-option name="rolesQuery">
  | 				select role.rolename, 'Roles' from user_role, role where (user_role.username = ?) and (role.id = user_role.role_id)
  | 			</module-option>
  | 		</login-module>
  | 	</authentication>
  | </application-policy>
  | 
  | Code for getting EJB from web app
InitialContext ctx = new InitialContext();
  | Object result = ctc.lookup("myEJB");

EJB code
@Stateless
  | @RolesAllowed("operator")
  | public class MyManagerBean implements MyManager {
  |    ...
  | }

The exception I get looks like this:
aused by: javax.ejb.EJBAccessException: Authentication failure
  |        at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:99)
  |        at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
  |        at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:131)
  |        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |        at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
  |        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |        at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  |        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |        at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
  |        at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
  |        at $Proxy166.listMSOperators(Unknown Source)
  |        at com.bossmedia.egs.jp.web.MSOperatorsListHandler.listMSOperators(Unknown Source)
  |        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |        at java.lang.reflect.Method.invoke(Method.java:585)
  |        at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
  |        ... 28 more
  | aused by: javax.security.auth.login.LoginException: Inga inloggningsmoduler har konfigurerats f÷r java:
  |        at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
  |        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
  |        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
  |        at org.jboss.security.plugins.SubjectActions$LoginContextAction.run(SubjectActions.java:162)
  |        at java.security.AccessController.doPrivileged(Native Method)
  |        at org.jboss.security.plugins.SubjectActions.createLoginContext(SubjectActions.java:277)
  |        at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:600)
  |        at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
  |        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
  |        at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
  |        at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
  |        ... 43 more
  | 

Can anyone help me with this? Thanks in advance.

/klejs

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3987072#3987072

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3987072

More information about the jboss-user mailing list