[jboss-user] [Security & JAAS/JBoss] - EJB 3 Security in JBoss 5.0.1.GA
zithuba
do-not-reply at jboss.com
Mon Mar 30 12:51:31 EDT 2009
Hi,
This is my jboss-beans xml:
<application-policy xmlns="urn:jboss:security-beans:1.0" name="lms-system">
<login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required" >
<module-option name="dsJndiName">java:/lmsDS</module-option>
<module-option name="principalsQuery">
select user_pass from admin_user where username=?
</module-option>
<module-option name="rolesQuery">
select role_name, 'Roles' from security_role where user_name = ?
</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="unauthenticatedIdentity">LMS_USER</module-option>
<module-option name="hashCharset">UTF-8</module-option>
<!--module-option name="password-stacking">useFirstPass</module-option-->
<module-option name="hashEncoding">base64</module-option>
</login-module>
<policy-module code="org.jboss.security.authorization.modules.JACCAuthorizationModule" flag="required"/>
<!--policy-module code="org.jboss.security.authorization.modules.DelegatingAuthorizationModule" flag="required"/-->
<!--policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="optional"/ -->
</application-policy>
<!--application-policy xmlns="urn:jboss:security-beans:1.0" name="test-domain2" extends="other">
<policy-module code="org.jboss.security.authorization.modules.XACMLAuthorizationModule" flag="required"/>
</application-policy-->
Client login code:
securityClient.setSimple(userName, password.toCharArray());
// securityClient.setVmwideAssociation(true);
securityClient.login();
context = new InitialContext();
later I then lookup with code:
context.lookup(jndiName);
This is the scurity audit log:
2009-03-30 18:29:06,672 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Success]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=123;method=findUserByName;
2009-03-30 18:29:06,883 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:54686]:) [Error]Source=org.jboss.security.plugins.javaee.EJBAuthorizationHelper;Exception:=Authorization Failed: ;Resource:=[org.jboss.security.authorization.resources.EJBResource:contextMap={policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration at 1168524}:method=public za.gov.housing.domain.model.User za.gov.housing.ejb.service.UserServiceBean.findUserByName(java.lang.String) throws za.gov.housing.common.exception.SystemException,za.gov.housing.common.exception.ApplicationException:ejbMethodInterface=Remote:ejbName=UserServiceBean:ejbPrincipal=123:MethodRoles=Roles(,):securityRoleReferences=null:callerSubject=Subject:
Principal: 123
Principal: Roles(members)
:callerRunAs=null:callerRunAs=null:ejbRestrictionEnforcement=false:ejbVersion=null];policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration at 1168524;
my jboss.xml:
<security-domain>java:/jaas/lms-system</security-domain>
<!--unauthenticated-principal /-->
<missing-method-permissions-excluded-mode>true</missing-method-permissions-excluded-mode>
EJB:
@Stateless
@SecurityDomain("lms-system")
public class UserServiceBean implements UserServiceRemote {
@Override
public User findUserByName(String name) throws SystemException, ApplicationException{
try {
User user = userFacade.findByUserName(name);
I get caller unauthorised exception
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4222074#4222074
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4222074
More information about the jboss-user
mailing list