[jboss-user] [Security & JAAS/JBoss] - SEAM & EJB & JAAS

tilnik do-not-reply at jboss.com
Fri May 11 07:21:48 EDT 2007


I encountered problem and I don't know how to resolve it.
I have an application deployed on jboss-4.0.5GA (jbossws upgaded to jbossws-1.2.1.GA). Part of application is stateless session bean deployed as WebService.
@WebService(name = "CtxManager", serviceName = "CtxManagerService", targetNamespace = WSConstants.TARGET_NAMESPACE)
@WebContext(contextRoot = ctxWS, authMethod = "BASIC", transportGuarantee = "CONFIDENTIAL", secureWSDLAccess = true)
@Stateless
@SecurityDomain("myApplicationPolicyName")
@RolesAllowed("cuser")
public class CtxManagerBean implements CtxManager{
...
@WebMethod
    public boolean hasActiveCall(@WebParam(name = "dialNumber"){...}
...
}
Same application also has seam component:
@Stateless
@Name("orgUnitBrowser")
@Restrict("#{s:hasRole('cuser')}")
public class OrgUnitBrowserBean implements OrgUnitBrowserLocal{...}

When I try to invoke CtxManagerBean.hasActiveCall method from orgUnitBroswer I get authorization failure ([RoleBasedAuthorizationInterceptor] Insufficient permissions, principal=null, requiredRoles=[cuser], principalRoles=[]).

When I invoke WS method from my WS client, authentication/authorization works fine. Web page (a JSF page that invokes orgUnitBrowser method that invokes ctxManager method) is also protected.
login-config.xml: 
...
  |     <application-policy name = "myApplicationPolicyName">
  |           <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
  |              flag = "required">
  |              <module-option name = "unauthenticatedIdentity">guest</module-option>
  |              <module-option name = "dsJndiName">java:/myDataSource</module-option>
  |              <module-option name = "principalsQuery">SELECT password FROM USERS WHERE username=?</module-option>
  |              <module-option name = "rolesQuery">SELECT r.description, 'Roles' 
  | 												FROM USERS u
  | 												JOIN USERS_ROLE ur ON ur.users_id=u.id
  | 												JOIN ROLE r ON ur.roles_id=r.id
  | 												AND u.username=?
  | 			 </module-option>
  |           </login-module>
  |           <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"/>
  | 	    </authentication>
  |     </application-policy>
  | ...
components.xml:
...
  |    <drools:rule-base name="securityRules">
  |        <drools:rule-files>
  |            <value>/security.drl</value>
  |        </drools:rule-files>
  |    </drools:rule-base>
  | 
  |    <security:identity  jaas-config-name="myApplicationPolicyName"
  |                            security-rules="#{securityRules}"/>
  | ...
page.xml:
...
  | <page view-id="/cuser/*" login-required="true">
  |     	<restrict>#{s:hasRole('cuser')}</restrict></page>
  | ...
What else should I define/change, to resolve problem?


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4044946#4044946

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4044946



More information about the jboss-user mailing list