[jboss-user] [Security & JAAS/JBoss] - Simple Auth for HelloWorld-Example not working...
j0llyr0g3r
do-not-reply at jboss.com
Wed Jun 18 14:50:34 EDT 2008
Hey folks,
since my first tries with JAAS and Jboss failed with a complex application, i made a simple HelloWorld application to exclude all possible errors.
My application is really simple:
RMI-client:
| public static void main(String[] args) throws NamingException, RemoteException {
|
| Hashtable<String, String> props = new Hashtable<String, String>();
| props.put(Context.INITIAL_CONTEXT_FACTORY,"org.jnp.interfaces.NamingContextFactory");
| props.put(Context.PROVIDER_URL,"jnp://sdoesmon:1099");
| Context ctx = new InitialContext(props);
| ISayHello iSayHello = (ISayHello) ctx.lookup("SayHello/SayHello/remote");
| System.out.println("Sending command....");
| String result = iSayHello.sayHello();
| System.out.println("result: " + result);
| }
|
My EJB:
@Stateless
| @Remote
| public class SayHello implements ISayHello {
|
| public String sayHello() {
| return "Yippie! There i am!";
| }
| }
This works like a charm and my client tells me:
Sending command....
| result: Yippie! There i am!
Now i wanted to add JAAS-authentification, so:
* I added the following lines to my client:
| props.put(Context.SECURITY_PRINCIPAL, "admin");
| props.put(Context.SECURITY_CREDENTIALS, "foo");
|
* I added the file users.properties to the directory META-INF of my ejb-subproject:
admin=foo
* I added the file roles.properties to the directory META-INF of my ejb-subproject:
admin=SayHelloRole
* I added the file ejb-jar.xml to the directory META-INF of my ejb-subproject:
| <ejb-jar>
| <enterprise-beans>
| <session>
| <ejb-name>SayHello</ejb-name>
| <security-role-ref>
| <role-name>SayHelloRole</role-name>
| <role-link>SayHelloRole</role-link>
| </security-role-ref>
| </session>
| </enterprise-beans>
| <assembly-descriptor>
| <security-role>
| <description>foo</description>
| <role-name>SayHelloRole</role-name>
| </security-role>
| <method-permission>
| <role-name>SayHelloRole</role-name>
| <method>
| <ejb-name>SayHello</ejb-name>
| <method-name>*</method-name>
| </method>
| </method-permission>
| </assembly-descriptor>
| </ejb-jar>
|
|
* I added the file jboss.xml to the directory META-INF of my project ROOT:
| <jboss>
| <security-domain>java:/jaas/SayHello</security-domain>
| <enterprise-beans>
| <session>
| <ejb-name>SayHello</ejb-name>
| <jndi-name>SayHello</jndi-name>
| </session>
| </enterprise-beans>
| </jboss>
|
So far, so good.....
Finally, i added this to the login-config.xml:
| <application-policy name = "SayHello">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
| <module-option
| name="usersProperties">
| META-INF/users.properties
| </module-option>
| <module-option
| name="rolesProperties">
| META-INF/roles.properties
| </module-option>
| </login-module>
| </authentication>
| </application-policy>
|
|
I hoped this would work, but of course it doesn't, i can connect to my EJB with whatever user i want.
Even if i give the wrong password / user, my client still says:
Sending command....
| result: Yippie! There i am!
Jesus Christ! I don't even know where to start looking for the reason for this behaviour......
I would really appreciate it if somebody could give me a hint what is going wrong here......
What could i do to narrow down what my application is missing?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4159074#4159074
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4159074
More information about the jboss-user
mailing list