[jboss-user] [Beginner's Corner] - Re: Secure access to an EJB3.0

Pablo Fraga do-not-reply at jboss.com
Wed Feb 23 09:40:35 EST 2011

Pablo Fraga [http://community.jboss.org/people/pablo.fraga1975] created the discussion

"Re: Secure access to an EJB3.0"

To view the discussion, visit: http://community.jboss.org/message/589282#589282


Thanks for your reply!

I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what?

I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5:

*SecurityClient securityClient = SecurityClientFactory.getSecurityClient();* 
*securityClient.setSimple("caja", "password");* 
*InitialContext ctx = new InitialContext();*

Maybe i mess up myself, but i will try to explain my problem with an example:

First i have an EJB3, annotated with security annotations:

@Stateless(name = "ProxyIMMEJB")
@Local(value = ProxyIMMLocal.class)
public class ProxyIMMEJBImpl implements ProxyIMMLocal {

    @Resource SessionContext ctx;

    public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... {
        Principal cp = ctx.getCallerPrincipal(); 
        log.debug("Principal's name: " + cp.getName());

As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents:


   <application-policy name = "other">
          <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
              <module-option name="usersProperties">props/users.properties</module-option>
              <module-option name="rolesProperties">props/roles.properties</module-option>
              <module-option name="unauthenticatedIdentity">anonymous</module-option>





In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code:

Properties env = new Properties();
*env.setProperty(Context.SECURITY_PRINCIPAL, "caja");*
*env.setProperty(Context.SECURITY_CREDENTIALS, "password");*
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "localhost:1099");
InitialContext ctx = new InitialContext();
try {
   ctx = new InitialContext(env);
   proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local");
} catch (NamingException e) {
   // TODO Auto-generated catch block

Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @*RolesAllowed("architect")* with *@PermitAll* and debugging principal's name.

        Principal cp = ctx.getCallerPrincipal(); 
        log.debug("Principal's name: " + cp.getName());

This gave me anonymous.

In my scenario, the complete example that you wrote applies? or there is a easiest way?

Thank you very much for your patience!


Reply to this message by going to Community

Start a new discussion in Beginner's Corner at Community

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20110223/57b70fc8/attachment.html 

More information about the jboss-user mailing list