[jboss-user] [Remoting] - JAAS authentication with EJB over HTTP
robertxlongo@gmail.com
do-not-reply at jboss.com
Tue Jan 6 16:35:15 EST 2009
Hi,
We are using JBoss AS 4.2.3.GA and are attempting to access our Stateless Session Beans via HTTP using the instructions found here: http://www.jboss.org/community/docs/DOC-9632.
We use LDAP authentication to secure access to our SSB's. This seems to work well when we are using plain old RMI; however when we use HTTP an EJBAccessException is thrown:
| 2009-01-06 14:54:20,882 DEBUG [org.jboss.remoting.transport.servlet.ServletServerInvoker] Error thrown calling invoke on server invoker.
| javax.ejb.EJBAccessException: Authentication failure
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
| at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
| at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:304)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:809)
| at org.jboss.remoting.transport.servlet.ServletServerInvoker.processRequest(ServletServerInvoker.java:232)
| at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.processRequest(ServerInvokerServlet.java:128)
| at org.jboss.remoting.transport.servlet.web.ServerInvokerServlet.doPost(ServerInvokerServlet.java:157)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:710)
| at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
| at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
| at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
| at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
| at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
| at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
| at java.lang.Thread.run(Thread.java:619)
|
|
Here is the relevant code:
Client
Properties p = new Properties();
| p.put(Context.SECURITY_PRINCIPAL, "user");
| p.put(Context.SECURITY_CREDENTIALS, "password");
| p.put("java.naming.factory.initial", "org.jboss.naming.HttpNamingContextFactory");
| p.put("java.naming.provider.url", "http://localhost:8080/unified-invoker/JNDIFactory/?return-exception=true");
| p.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");
|
| InitialContext ctx = new InitialContext(p);
| ACLManagerClient am = (ACLManagerClient) ctx.lookup("ACLManager/http");
| ACL acl = am.get(0);
jboss.xml
| <session>
| <ejb-name>LDAPManager</ejb-name>
| <remote-binding>
| <jndi-name>LDAPManager/http</jndi-name>
| <client-bind-url>
| http://${jboss.bind.address}:8080/unified-invoker/Ejb3ServerInvokerServlet/?return-exception=true
| </client-bind-url>
| </remote-binding>
| <security-domain>MyDomain</security-domain>
| </session>
| <session>
|
http-uinvoker.sar\unified-invoker.war\WEB-INF\jboss-web.xml
| <?xml version="1.0" encoding="ISO-8859-1"?>
|
| <!DOCTYPE jboss-web
| PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
| "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
|
| <jboss-web>
| <security-domain>java:/jaas/Ryba</security-domain>
| </jboss-web>
|
login-config.xml
| <application-policy name="MyDomain">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
| flag="required">
| <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
| <module-option name="rolesCtxDN">ou=People,dc=example,dc=com</module-option>
| <module-option name="matchOnUserDN">true</module-option>
| <module-option name="principalDNSuffix">,ou=People,dc=example,dc=com</module-option>
| <module-option name="principalDNPrefix">uid=</module-option>
| <module-option name="uidAttributeID">member</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">false</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
Any idea how we can get the credentials passed to the EJB container? Any help would be greatly appreciated.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4199915#4199915
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4199915
More information about the jboss-user
mailing list