[jboss-user] [EJB 3.0] - security problem after migrationg to ejb3
atamur
do-not-reply at jboss.com
Tue Feb 6 17:05:55 EST 2007
migrated project to ejb3
looks like it won't take my security domain, because it uses UsernamePasswordLoginModule instead of my custom one =|
although during deployment it says it will take db_store as sec. domain (last listing)
my bean
@Stateless(name = "UserEJB")
| @Remote(User.class)
| @TransactionManagement
| @SecurityDomain("db_store")
| public class UserBean implements User {
| ...
| @TransactionAttribute(TransactionAttributeType.SUPPORTS)
| @PermitAll
| public void create() throws CreateException
| }
| }
my security domain
<application-policy name="db_store">
| <authentication>
| <login-module code="ru.***.PermLoginModule" flag="sufficient">
| <module-option name="dsJndiName">
| DS/Standard
| </module-option>
| <module-option name="principalsQuery">
| SELECT pml_secret FROM permanentlogin p JOIN users u ON (p.usr_id = u.usr_id) WHERE usr_login = ? AND p.pml_secret = ? AND usr_isdeleted = 0
| </module-option>
| <module-option name="rolesQuery">
| SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
| </module-option>
| <module-option name="ignorePasswordCase">false</module-option>
| <module-option name="unauthenticatedIdentity">nobody</module-option>
| </login-module>
|
|
| <login-module code="ru.***.SCLoginModule" flag="required">
| <module-option name="dsJndiName">
| DS/Standard
| </module-option>
| <module-option name="principalsQuery">
| SELECT usr_password FROM users WHERE usr_login = ? AND usr_isdeleted = 0
| </module-option>
| <module-option name="rolesQuery">
| SELECT 'CommonUser', 'Roles' FROM users WHERE usr_login = ? AND usr_isdeleted = 0
| </module-option>
| <module-option name="ignorePasswordCase">false</module-option>
| <module-option name="unauthenticatedIdentity">nobody</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
my exception:
javax.ejb.EJBAccessException: Authentication failure
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:263)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:58)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:102)
| at $Proxy595281.create(Unknown Source)
| at ru.***.ejb.BeanHelper.getUserBean(BeanHelper.java:154)
| ... 21 more
| Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
|
deployment:
2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]
| 2007-02-07 00:50:32,023 DEBUG [Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to ru.***.ejb.main.user.UserBean SecurityDomainImpl[value=java:/jaas/db_store, unauthenticatedPrincipal=null]
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4012162#4012162
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4012162
More information about the jboss-user
mailing list