[jboss-user] [Security & JAAS/JBoss] - Re: Simple JAAS authentication not working....

j0llyr0g3r do-not-reply at jboss.com
Fri Jun 13 13:07:24 EDT 2008 

Thx very much, that was indeed missing!

Now i am one step further, Jboss gives me no more errors when i try to access my EJB-application, but unfortunately the (stand-alone & remote) RMI-client does:

ERROR [SocketClientInvoker.handleException]: Got marshalling exception, exiting
  | java.lang.ClassNotFoundException: javax.ejb.EJBAccessException
  | 	at org.jboss.remoting.serialization.ClassLoaderUtility.loadClass(ClassLoaderUtility.java:82)
  | 	at org.jboss.remoting.loading.RemotingClassLoader.loadClass(RemotingClassLoader.java:76)
  | 	at java.lang.ClassLoader.loadClassInternal(ClassLoader.java:319)
  | 	at java.lang.Class.forName0(Native Method)
  | 	at java.lang.Class.forName(Class.java:247)
  | 	at org.jboss.remoting.loading.ObjectInputStreamWithClassLoader.resolveClass(ObjectInputStreamWithClassLoader.java:174)
  | 	at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1575)
  | 	at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1496)
  | 	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1732)
  | 	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  | 	at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1947)
  | 	at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1871)
  | 	at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1753)
  | 	at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1329)
  | 	at java.io.ObjectInputStream.readObject(ObjectInputStream.java:351)
  | 	at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObjectVersion2_2(JavaSerializationManager.java:239)
  | 

* Googling for this error messages i found - literally - nothing.
* If I remove all stuff which deals with authentification from client + Jboss + EAR everything works fine again, so this error is definitely caused by something which is related to JAAS
* I have the jar "jbossall-client.jar" in my clients classpath, i thought this should be enough, but this jar does not contain the mentioned "java.lang.ClassNotFoundException: javax.ejb.EJBAccessException" the only thing i find is "javax/ejb/AccessLocalException.class" (in the unpacked jar)

I try to connect to the server like that:


  | Hashtable<String, String> props = new Hashtable<String, String>();
  | props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
  | props.put(Context.PROVIDER_URL,"jnp://" + "myhost");
  | props.put(Context.SECURITY_PRINCIPAL, "myuser");
  | props.put(Context.SECURITY_CREDENTIALS, "mypassword");
  | Context ctx = new InitialContext(props);
  | // get RMI stub
  | ISendCommand sendCommand = (ISendCommand) ctx.lookup(myjndiname);
  | String result = sendCommand.sendCommand(myArgs);
  | 


Does anybody know what i am doing wrong / in which jar this class is located?




#####################################



For readers which are as unexperienced as i am in JAAS, here is a quick summary what i have done so far (hopefully it helps you):


    *  Create the file users.properties under /$PROJECT-ROOT/META-INF: 

admin=secretadminpassword
  | user=secretuserpassword 


    * Create the file roles.properties under /$PROJECT-ROOT/META-INF: 

admin=adminRole
  | user=userRole 


    * Add a ejb-jar.xml to the ejb-jar subproject under the directory META-INF: 

<ejb-jar> 
  |   <assembly-descriptor>
  |      <security-role>
  |      	<description>admin: only allowed users</description>
  |      	<role-name>adminRole</role-name>
  |      </security-role>
  |      <security-role>
  |      	<description>users: the rest</description>
  |      	<role-name>userRole</role-name>
  |      </security-role>
  |      <method-permission>
  |      	<role-name>admin</role-name>
  |      	<method>
  |      		<ejb-name>SendCommand</ejb-name>
  |      		<method-name>*</method-name>
  |      	</method>	
  |      </method-permission>
  |   </assembly-descriptor>
  | </ejb-jar>
  | 

    * Add the file jboss.xml under the directory /$PROJECT-ROOT/META-INF 

<jboss> 
  |   <security-domain>java:/jaas/esf</security-domain> 
  |   <enterprise-beans>  
  |     <session>
  |       <ejb-name>SendCommand</ejb-name>
  |       <jndi-name>SendCommand</jndi-name>
  |     </session>
  |   </enterprise-beans>
  | </jboss> 
  | 

    * Adjust the file login-config.xml under the directory $JBOSS_HOME/server/$PROFILE/conf/ 

<application-policy name = "esf">
  |  <authentication>
  |    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
  |                                <module-option
  |                                        name="usersProperties">
  |                                        META-INF/users.properties
  |                                </module-option>
  |                                <module-option
  |                                        name="rolesProperties">
  |                                        META-INF/roles.properties
  |                                </module-option>
  |     </login-module>
  |  </authentication>
  | </application-policy>
  | 

    * Add annotations to the EJB 

@SecurityDomain("esf")
  | .....
  | public class SendCommand....

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158034#4158034

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158034

More information about the jboss-user mailing list