Pablo Fraga [http://community.jboss.org/people/pablo.fraga1975] created the discussion
"Re: Secure access to an EJB3.0" To view the discussion, visit: http://community.jboss.org/message/589282#589282 -------------------------------------------------------------- Wolfgang, Thanks for your reply! I was trying to understand the example, but honestly i lost my self in the jboss-client.xml descriptor, i don't understand which resource ref do i have to map in that file and for what? I thought it would be easier to call an EJB3 from another client EJB3 using security in JBossAS 4.2.3, just like in the example of JBossAS 5: *SecurityClient securityClient = SecurityClientFactory.getSecurityClient();* *securityClient.setSimple("caja", "password");* *securityClient.login();* *InitialContext ctx = new InitialContext();* Maybe i mess up myself, but i will try to explain my problem with an example: First i have an EJB3, annotated with security annotations: @Stateless(name = "ProxyIMMEJB") *@SecurityDomain("other")* *@RolesAllowed("architect")* @Local(value = ProxyIMMLocal.class) public class ProxyIMMEJBImpl implements ProxyIMMLocal { @Resource SessionContext ctx; *@RolesAllowed("architect")* public RespuestaIMMTO comprarTicket(TicketTO ticketTO) throws ... { Principal cp = ctx.getCallerPrincipal(); log.debug("Principal's name: " + cp.getName()); ... } } As you can see "other" indicates that i use JBoss's default authentication mechanism defined in login-config.xml situated in JBOSS_HOME\server\default\conf directory. In my case of "other", login-config.xml uses 2 properties files: users.properties and roles.properties with the following contents: login-config.xml <application-policy name = "other"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/users.properties</module-option> <module-option name="rolesProperties">props/roles.properties</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </authentication> </application-policy> users.properties caja=password roles.properties caja=architect In another EJB3 client, i tried to call the ProxyIMMEJB bean using standard security code: Properties env = new Properties(); *env.setProperty(Context.SECURITY_PRINCIPAL, "caja");* *env.setProperty(Context.SECURITY_CREDENTIALS, "password");* env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); env.setProperty(Context.PROVIDER_URL, "localhost:1099"); InitialContext ctx = new InitialContext(); try { ctx = new InitialContext(env); proxyIMM = (ProxyIMMLocal) ctx.lookup("estar/ejb/ProxyIMM/local"); } catch (NamingException e) { // TODO Auto-generated catch block e.printStackTrace(); } Soon i realized, security context was not propagated because i got "javax.ejb.EJBAccessException: Authorization failure" and confirmed later changing @*RolesAllowed("architect")* with *@PermitAll* and debugging principal's name. Principal cp = ctx.getCallerPrincipal(); log.debug("Principal's name: " + cp.getName()); This gave me anonymous. In my scenario, the complete example that you wrote applies? or there is a easiest way? Thank you very much for your patience! Pablo. -------------------------------------------------------------- Reply to this message by going to Community [http://community.jboss.org/message/589282#589282] Start a new discussion in Beginner's Corner at Community [http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
_______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
