[jboss-user] [Security & JAAS/JBoss] - Re: Invoke secured EJB from standalone Tomcat
craig1980
do-not-reply at jboss.com
Tue Sep 30 12:51:02 EDT 2008
Hi.
I have tried by using this environment for my JNDI Lookup (for now i have used fixed credentials but it's more important the result forme):
| java.naming.provider.url=jnp://xxx.xxx.xxx.xxx:1099,
| java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory,
| java.naming.security.principal=username,
| java.naming.factory.url.pkgs=org.jnp.interfaces,
| java.naming.security.credentials=password
|
The error on the client is the same.
On the server (My Jboss server) by eneabling the security log i have this stack trace:
|
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(wfdemopluto), size=8
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(wfdemopluto), no entry in appConfigs, tyring parentCont: null
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(wfdemopluto), no entry in parentConfig, trying: other
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(wfdemopluto), authInfo=AppConfigurationEntry[]:
| [0]
| LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
| ControlFlag: LoginModuleControlFlag: required
| Options:
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize, instance=@21756776
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Security domain: other
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/C:/jboss-4.0.5.GA/server/default/conf/users.properties, defaults=null
| 2008-09-30 18:45:19,468 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[ML, root, ang, operatore, Admin, operatoreCartografico, angpippo, cost]
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/C:/jboss-4.0.5.GA/server/default/conf/roles.properties, defaults=null
| 2008-09-30 18:45:19,468 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[ML, root, ang, operatore, Admin, operatoreCartografico, angpippo, cost]
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Authenticating as unauthenticatedIdentity=null
| 2008-09-30 18:45:19,468 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=null
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] abort
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.plugins.JaasSecurityManager.wfdemopluto] Login failure
| javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
| at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
| at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:211)
| at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:135)
| at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
| at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
| at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:637)
| at org.jboss.ejb.Container.invoke(Container.java:975)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
| at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
| at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
| at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
| at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
| at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
| at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
| at sun.rmi.transport.Transport$1.run(Transport.java:153)
| at java.security.AccessController.doPrivileged(Native Method)
| at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
| at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
| at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
| at java.lang.Thread.run(Thread.java:595)
| 2008-09-30 18:45:19,468 TRACE [org.jboss.security.plugins.JaasSecurityManager.wfdemopluto] End isValid, false
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1222793120437 sessioncount 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1222793120437 sessioncount 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1222793120437 sessioncount 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1222793120437 sessioncount 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1222793120437 sessioncount 0
| 2008-09-30 18:45:20,437 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
|
It seems as on JBoss side the Principal is null.
Now my auth.conf for my web client configuration is this one:
|
| PortalRealm {
| com.liferay.portal.kernel.security.jaas.PortalLoginModule required;
| org.jboss.security.ClientLoginModule required;
| };
|
|
I must use both PortalLoginModule and ClientLoginModule (this last one is usefull for JBoss, infact by a simple java client i'm able in invocking my EJB)
I don't understand where i'm missing myself.
Any suggestion more pls?
Thnx to all
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4179625#4179625
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4179625
More information about the jboss-user
mailing list