[JBoss-user] Stuck with Authentication.

Konstantin Priblouda Mon, 25 Jun 2001 11:22:00 -0700
Hi list, 

I tried to implement securoty via JAAS. 
Due to complicated password validation schema
(customer likes to have it this way )

I decided to authenticate via EJB's. 

So, I have an "LogiinChecker" ejb ( session ), which
is fed with user name and password and it can lookup
necessary Entities and check credentials. 

Everything worked fine with my custom login module
( it looked up LoginChecker and called all necessary
methods without problems )

So, everything vorked from tomcat side. 

Then I activated container security. ( 
<security-domain>java:/jaas/webesa</security-domain>
in
standartjboss.xml )

Now my login module can not  access the beans at all:
---<snip>---
[EmbeddedTomcatSX] java.rmi.RemoteException:
checkSecurityAssociation; nested exception is: 
        java.lang.SecurityException: Authentication
exception, principal=null
[EmbeddedTomcatSX] java.lang.SecurityException:
Authentication exception, principal=null
[EmbeddedTomcatSX]      at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:213)
[EmbeddedTomcatSX]      at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:144)
[EmbeddedTomcatSX]      at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:106)
[EmbeddedTomcatSX]      at
org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:253)
[EmbeddedTomcatSX]      at
org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:436)
[EmbeddedTomcatSX]      at
org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:212)
[EmbeddedTomcatSX]      at $Proxy10.create(Unknown
Source)
[EmbeddedTomcatSX]      at
com.cfc.webesa.auth.WebesaLoginModule.lookupLoginManager(WebesaLoginModule.java:318)
[EmbeddedTomcatSX]      at
com.cfc.webesa.auth.WebesaLoginModule.initialize(WebesaLoginModule.java:88)
---<snap>---
( principal is obviously null, because no login was
performed yet... )
How do I disable any security checking on my
LoginManager bean completely?

Here is ejb-jar.xml:
      <session>
         <description>Session bean for management of
login/principal/context/roles stuff</description>
         <ejb-name>LoginManager</ejb-name>
        
<home>com.cfc.bo.UserLogin.interfaces.LoginManagerHome</home>
        
<remote>com.cfc.bo.UserLogin.interfaces.LoginManager</remote>
        
<ejb-class>com.cfc.bo.UserLogin.ejb.LoginManagerEJB</ejb-class>
         <session-type>Stateless</session-type>
        
<transaction-type>Container</transaction-type>

</session>

( bean references omitted )

tia,

=====
Konstantin Priblouda ( ko5tik )    Freelance Software developer
< http://www.pribluda.de > < play java games -> http://www.yook.de >
< render charts online -> http://www.pribluda.de/povray/ >

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/

_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/jboss-user
[JBoss-user] Stuck with Authentication.

Reply via email to
