[jboss-user] [EJB/JBoss] - javax.ejb.EJBAccessException: Authentication failure
Usul
do-not-reply at jboss.com
Tue Jun 17 18:53:28 EDT 2008
Hi,
Im trying to do authentication (ejb 3.0, jboss-4.2.2.GA).
Im getting this error:
anonymous wrote :
| Exception in thread "main" javax.ejb.EJBAccessException: Authentication failure
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:769)
| at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:573)
| at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:373)
| at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:166)
| at org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:163)
| at org.jboss.remoting.Client.invoke(Client.java:1634)
| at org.jboss.remoting.Client.invoke(Client.java:548)
| at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:62)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
| at $Proxy0.sub(Unknown Source)
| at myclient.Client.main(Client.java:44)
| at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:67)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:53)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:74)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessRemoteProxy.invoke(StatelessRemoteProxy.java:107)
| at $Proxy0.sub(Unknown Source)
| at myclient.Client.main(Client.java:44)
|
That is my Client:
| package myclient;
|
| import java.rmi.RMISecurityManager;
| import java.util.Properties;
|
| import javax.naming.InitialContext;
| import javax.security.auth.login.LoginContext;
| import javax.security.auth.login.LoginException;
|
| import myserv.IDoSomethingBean;
|
| import org.jboss.security.auth.callback.UsernamePasswordHandler;
|
| public class Client
| {
|
| public static void main(String[] args) throws Exception
| {
| System.setProperty("java.security.policy", "F:\\rmi.policy");
| System.setProperty("java.security.auth.login.config", "F:\\jaas.config");
| if (System.getSecurityManager() == null) {
| System.setSecurityManager(new RMISecurityManager());
| }
|
| Properties properties = new Properties();
| properties.put("java.naming.factory.initial","org.jnp.interfaces.NamingContextFactory");
| properties.put("java.naming.factory.url.pkgs","org.jboss.naming:org.jnp.interfaces");
| properties.put("java.naming.provider.url","localhost:1099");
|
| UsernamePasswordHandler handler = null;
| handler = new UsernamePasswordHandler("kermit", "thefrog");
| LoginContext lc = new LoginContext("steffendom", handler);
|
| try {
| lc.login();
| } catch(LoginException e) {
| System.out.println("authentication failed");
| e.printStackTrace();
| }
|
| InitialContext ctx = new InitialContext(properties);
| IDoSomethingBean calculator = (IDoSomethingBean) ctx.lookup("DoSomethingBean/remote");
|
| System.out.println("9 - 5 = " + calculator.sub(9, 5));
|
| // Scope of work complete, logout to remove authentication info
| try {
| lc.logout();
| } catch(LoginException e) {
| System.out.println("logout failed");
| e.printStackTrace();
| }
|
| }
| }
|
Im starting jboss with "run -c all".
This is my \server\all\conf\login-config.xml
anonymous wrote :
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <!-- The XML based JAAS login configuration read by the
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add
| an application-policy element for each security domain.
|
| The outline of the application-policy is:
| <application-policy name="security-domain-name">
|
| <login-module code="login.module1.class.name" flag="control_flag">
| <module-option name = "option1-name">option1-value</module-option>
| <module-option name = "option2-name">option2-value</module-option>
| ...
| </login-module>
|
| <login-module code="login.module2.class.name" flag="control_flag">
| ...
| </login-module>
| ...
|
| </application-policy>
|
| $Revision: 64598 $
| -->
|
|
| <!-- Used by clients within the application server VM such as
| mbeans and servlets that access EJBs.
| -->
| <application-policy name = "client-login">
|
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| <!-- Any existing security context will be restored on logout -->
| <module-option name="restore-login-identity">true</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- Security domain for JBossMQ -->
| <application-policy name = "jbossmq">
|
| <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "dsJndiName">java:/DefaultDS</module-option>
| <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
| <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- Security domain for JBossMQ when using file-state-service.xml
| <application-policy name = "jbossmq">
|
| <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
| flag = "required">
| <module-option name = "unauthenticatedIdentity">guest</module-option>
| <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
| </login-module>
|
| </application-policy>
| -->
|
| <!-- Security domains for testing new jca framework -->
| <application-policy name = "HsqlDbRealm">
|
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">sa</module-option>
| <module-option name = "userName">sa</module-option>
| <module-option name = "password"></module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
| </login-module>
|
| </application-policy>
|
| <application-policy name = "JmsXARealm">
|
| <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
| flag = "required">
| <module-option name = "principal">guest</module-option>
| <module-option name = "userName">guest</module-option>
| <module-option name = "password">guest</module-option>
| <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- A template configuration for the jmx-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "jmx-console">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
| <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- A template configuration for the web-console web application. This
| defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name = "web-console">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">web-console-users.properties</module-option>
| <module-option name="rolesProperties">web-console-roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
| <!--
| A template configuration for the JBossWS security domain.
| This defaults to the UsersRolesLoginModule the same as other and should be
| changed to a stronger authentication mechanism as required.
| -->
| <application-policy name="JBossWS">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">props/jbossws-users.properties</module-option>
| <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
| <module-option name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
|
| </application-policy>
|
| <!-- The default login configuration used by any security domain that
| does not have a application-policy entry with a matching name
| -->
| <application-policy name = "other">
| <!-- A simple server login module, which can be used when the number
| of users is relatively small. It uses two properties files:
| users.properties, which holds users (key) and their password (value).
| roles.properties, which holds users (key) and a comma-separated list of
| their roles (value).
| The unauthenticatedIdentity property defines the name of the principal
| that will be used when a null username and password are presented as is
| the case for an unuathenticated web client or MDB. If you want to
| allow such users to be authenticated add the property, e.g.,
| unauthenticatedIdentity="nobody"
| -->
|
| <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required" />
|
| </application-policy>
|
| <application-policy name="steffendom">
|
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required">
| <module-option name="usersProperties">users.properties</module-option>
| <module-option name="rolesProperties">roles.properties</module-option>
| </login-module>
|
| </application-policy>
|
|
|
My users.properties:
anonymous wrote :
| # A sample users.properties file for use with the UsersRolesLoginModule
| kermit=thefrog
|
My roles.properties:
anonymous wrote :
| # A sample roles.properties file for use with the UsersRolesLoginModule
| kermit=friend
|
I placed these two files in \server\all\conf and in \server\all\conf\props and in the jar where my (ejb 3.0) bean is located, just to be sure.
My rmi.policy:
anonymous wrote :
| grant
| {
| permission java.security.AllPermission;
| };
|
My jaas.config:
anonymous wrote :
| steffendom { org.jboss.security.auth.spi.UsersRolesLoginModule required;};
|
And just to be complete, my two Bean-Classes:
| package myserv;
|
| import javax.ejb.Stateless;
| import org.jboss.annotation.security.SecurityDomain;
| import javax.annotation.security.PermitAll;
| import javax.annotation.security.RolesAllowed;
|
| @Stateless
| @SecurityDomain("steffendom")
| public class DoSomethingBean implements IDoSomethingBean
| {
| @RolesAllowed({"friend"})
| public int add(int a, int b)
| {
| return a+b;
| }
|
| @PermitAll
| public int sub(int a, int b)
| {
| return a-b;
| }
| }
|
| package myserv;
|
|
| import javax.ejb.*;
|
| @Remote
| public interface IDoSomethingBean {
| public int add(int a, int b);
| public int sub(int a, int b);
| }
|
Please help, I googeld every site there is. I dont know what more I can do.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4158845#4158845
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4158845
More information about the jboss-user
mailing list