[jboss-user] [Security & JAAS/JBoss] - Can't get access right from Java Client
jmcollin92
do-not-reply at jboss.com
Sat Sep 23 05:01:59 EDT 2006
I'm sorry to ask this question another time but I read all documentation and FAQ and I can't get my java client access to my EJB.
I'm on this pb for 3 days, and I had to make it works.
Thank's for your help.
Environnemt : Jboss4.0.1.SP1 and I try with 4.0.4.GA without success.
Here are some piece of code :
In the client :
| System.setProperty("java.security.auth.login.config", "file://path/to/auth.conf");
| Hashtable env = new Hashtable();
| env.put(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.security.jndi.LoginInitialContextFactory");
| env.put(Context.URL_PKG_PREFIXES,"org.jboss.naming:org.jnp.interfaces");
| env.put(Context.PROVIDER_URL, "jnp://localhost:1099");
| env.put(Context.SECURITY_CREDENTIALS,"root");
| env.put(Context.SECURITY_PRINCIPAL,"root");
| env.put(Context.SECURITY_PROTOCOL,"CPIProject");
|
| javax.naming.InitialContext initialContext = new javax.naming.InitialContext(env);
|
| Object objRef = initialContext.lookup(jndiName);
|
| MyHome home = javax.rmi.PortableRemoteObject.narrow(objRef, MyHome.class);
|
| /* It's fails at the next line !! */
| MyBean bean = home.create();
| ...
|
The auth.conf is :
| CPIProject {
| org.jboss.security.ClientLoginModule required
| password-stacking="useFirstPass"
| ;
| };
|
The login-config.xml is :
| <application-policy name="CPIProject">
| <authentication>
| <login-module code="org.jboss.security.ClientLoginModule" flag="required"/>
| <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="dsJndiName">java:/CPIDS</module-option>
| <module-option name="principalsQuery">Select PASSWORD from COLLABORATEUR where LOGIN=?</module-option>
| <module-option name="rolesQuery">Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
The debug security trace in server.log :
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] Begin isValid, principal:, cache info: null
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] defaultLogin, principal=
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(CPIProject), size=9
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(CPIProject), authInfo=AppConfigurationEntry[]:
| [0]
| LoginModule Class: org.jboss.security.ClientLoginModule
| ControlFlag: LoginModuleControlFlag : required
| Options:[1]
| LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
| ControlFlag: LoginModuleControlFlag : required
| Options:name=rolesQuery, value=Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK
| name=principalsQuery, value=Select PASSWORD from COLLABORATEUR where LOGIN=?
| name=unauthenticatedIdentity, value=guest
| name=dsJndiName, value=java:/CPIDS
|
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] Begin login
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] Obtained login: , credential.class: null
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] End login
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize, instance=@4626217
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/CPIDS
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=Select PASSWORD from COLLABORATEUR where LOGIN=?
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=Select P.ROLES_FK, 'Roles' from PROFIL P,COLLABORATEUR C where C.LOGIN=? AND C.ID=COLLABORATEURS_FK
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: Select PASSWORD from COLLABORATEUR where LOGIN=?, with username:
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.ClientLoginModule] abort
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
| 2006-09-23 10:45:44,671 TRACE [org.jboss.security.plugins.JaasSecurityManager.CPIProject] Login failure
| javax.security.auth.login.FailedLoginException: No matching username found in Principals
| at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:152)
|
We can see that the Principal is empty !
The security informations seems to be not propagating from Client to Server.
The FAQ says "put a ClientLoginModule". I've done this without sucess.
For information, authentication is all right from a struts web app.
What goes wrong ?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973696#3973696
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973696
More information about the jboss-user
mailing list