Hi, gurus.
My question is about authentication data propagation from servlet to EJB.
We use one security domain for our application based on custom LoginModule.
The only security config in our web.xml is
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>
| The Protected Calculator
| </web-resource-name>
| <url-pattern>*.jsf</url-pattern>
| </web-resource-collection>
|
| <user-data-constraint>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
| </security-constraint>
|
It seemed it doesn't matter cause we don't use any Tomcat provided ways of
servlet authentication (cause our login logic is more complex).
So in one JSF action method I interact with LoginContext directly:
| public String login() {
| String outcome = Constants.FAILED;
| try {
| IdmCallbackHandler callbackHandler = new
IdmCallbackHandler(getLoginName(), getPassword(), getAccountId());
| loginContext = new
LoginContext(AuthenticationBean.SECURITY_REALM, callbackHandler);
| loginContext.login();
| Subject subject = loginContext.getSubject();
|
getFacesContext().getExternalContext().getSessionMap().put(Constants.SUBJECT_SESSION_KEY,
subject);
|
| for(Principal p : subject.getPrincipals()) {
| if (p instanceof IdmPrincipal) {
| setCurrentUserAccount( new UserAccount(
((IdmPrincipal)p).getAccount() ) );
| break;
| }
| }
|
login() passes successfully and subject is valid
The problem occurs inside setCurrentUserAccount() when local stateless session
bean method (marked with @PermitAll) is called:
18:05:21,943 ERROR [AuthenticationBean] Exception:
javax.ejb.EJBAccessException: Authentication failure
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70)
at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
at
org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
at $Proxy4155.getPermissions(Unknown Source)
at
com.image.idm.jsf.beans.UserAccount.loadPermissions(UserAccount.java:51)
at com.image.idm.jsf.beans.UserAccount.setAccount(UserAccount.java:47)
at com.image.idm.jsf.beans.UserAccount.(UserAccount.java:36)
at
com.image.idm.jsf.beans.AuthenticationBean.login(AuthenticationBean.java:140)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.el.parser.AstValue.invoke(AstValue.java:151)
at com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:283)
at
com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
at
com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
at
org.apache.myfaces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:63)
at javax.faces.component.UICommand.broadcast(UICommand.java:106)
at
org.ajax4jsf.framework.ajax.AjaxViewRoot.processEvents(AjaxViewRoot.java:281)
at
org.ajax4jsf.framework.ajax.AjaxViewRoot.broadcastEvents(AjaxViewRoot.java:257)
at
org.ajax4jsf.framework.ajax.AjaxViewRoot.processApplication(AjaxViewRoot.java:412)
at
org.apache.myfaces.lifecycle.LifecycleImpl.invokeApplication(LifecycleImpl.java:343)
at
org.apache.myfaces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:86)
Caused by: com.image.idm.jaas.IdmLoginException
at com.image.idm.jaas.IdmLoginModule.login(IdmLoginModule.java:110)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
at
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
at
org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:211)
at
org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:79)
at $Proxy4155.getPermissions(Unknown Source)
at
com.image.idm.jsf.beans.UserAccount.loadPermissions(UserAccount.java:51)
at com.image.idm.jsf.beans.UserAccount.setAccount(UserAccount.java:47)
at com.image.idm.jsf.beans.UserAccount.(UserAccount.java:36)
at
com.image.idm.jsf.beans.AuthenticationBean.login(AuthenticationBean.java:140)
It seemed that during EJB method invokation our LoginModule is called again.
Is it really needed or it is a wrong behaviour?
Is it possible to make EJB container "undestand" that authentication is done
and take authentication info?
Both jboss.xml and jboss-web.xml are configured to the same security domain.
JBOSS version is 4.0.5 GA.
If you know the decision or at least the root of the problem - please let me
know
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027967#4027967
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4027967
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
