[JBoss-user] [Security & JAAS/JBoss] - Authentication failed calling @Service from session bean @Po

matt10 Mon, 17 Jul 2006 08:28:45 -0700

Hi,

In an EJB 3.0 application I have methods on a session bean that delegate calls 
to a POJO @Service.


I have just started to apply security, starting with a UsersRolesLoginModule 
which seems to be working for the session bean calls from the client.

I presume that if the authenticated user can call a method on the session bean, 
that the session bean can call a method on the @Service with identical 
@RolesAllowed, but I get a javax.ejb.EJBAccessException: Authentication failure.

Method on session bean:

@SecurityDomain("mydomain") @PermitAll
public @Stateful class UserSessionBean implements UserSession {

        @EJB 
        ServerLocal server;

        @PostConstruct 
        public void initSession() {
                logger.info("UserSession @PostConstruct");
                sessionID = server.registerUserSession();
        }

};

Error:
15:22:31,105 ERROR [STDERR] java.lang.RuntimeException: 
javax.ejb.EJBAccessException: Authentication failure
15:22:31,105 ERROR [STDERR]     at 
org.jboss.ejb3.interceptor.LifecycleInterceptorHandler.postConstruct(LifecycleInterceptorHandler.java:109)
15:22:31,105 ERROR [STDERR]     at 
org.jboss.ejb3.EJBContainer.invokePostConstruct(EJBContainer.java:582)
15:22:31,105 ERROR [STDERR]     at 
org.jboss.ejb3.AbstractPool.create(AbstractPool.java:108)
15:22:31,105 ERROR [STDERR]     at 
org.jboss.ejb3.ThreadlocalPool.get(ThreadlocalPool.java:48)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.cache.simple.SimpleStatefulCache.create(SimpleStatefulCache.java:207)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:288)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
15:22:31,106 ERROR [STDERR] Caused by: javax.ejb.EJBAccessException: 
Authentication failure
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
15:22:31,106 ERROR [STDERR]     at 
org.jboss.ejb3.service.ServiceLocalProxy.invoke(ServiceLocalProxy.java:75)
15:22:31,106 ERROR [STDERR]     at $Proxy246.registerUserSession(Unknown Source)
15:22:31,106 ERROR [STDERR]     at 
org.myapplication.server.UserSessionBean.initSession(UserSessionBean.java:62)
15:22:31,106 ERROR [STDERR]     at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:22:31,107 ERROR [STDERR]     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
15:22:31,107 ERROR [STDERR]     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
15:22:31,107 ERROR [STDERR]     at 
java.lang.reflect.Method.invoke(Method.java:585)
15:22:31,107 ERROR [STDERR]     at 
org.jboss.ejb3.interceptor.LifecycleInvocationContextImpl.proceed(LifecycleInvocationContextImpl.java:159)
15:22:31,107 ERROR [STDERR]     at 
org.jboss.ejb3.interceptor.LifecycleInterceptorHandler.postConstruct(LifecycleInterceptorHandler.java:105)
15:22:31,107 ERROR [STDERR]     ... 12 more
15:22:31,107 ERROR [STDERR] Caused by: 
javax.security.auth.login.FailedLoginException: Password Incorrect/Password 
Required
15:22:31,107 ERROR [STDERR]     at 
org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
15:22:31,107 ERROR [STDERR]     at 
org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
15:22:31,107 ERROR [STDERR]     at 
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:22:31,110 ERROR [STDERR]     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
15:22:31,110 ERROR [STDERR]     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
15:22:31,110 ERROR [STDERR]     at 
java.lang.reflect.Method.invoke(Method.java:585)
15:22:31,110 ERROR [STDERR]     at 
javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
15:22:31,110 ERROR [STDERR]     at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
15:22:31,110 ERROR [STDERR]     at 
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
15:22:31,110 ERROR [STDERR]     at 
java.security.AccessController.doPrivileged(Native Method)
15:22:31,110 ERROR [STDERR]     at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
15:22:31,110 ERROR [STDERR]     at 
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
15:22:31,110 ERROR [STDERR]     at 
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
15:22:31,110 ERROR [STDERR]     at 
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
15:22:31,110 ERROR [STDERR]     at 
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
15:22:31,110 ERROR [STDERR]     at 
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121)
15:22:31,110 ERROR [STDERR]     at 
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67)
15:22:31,110 ERROR [STDERR]     ... 27 more

I'm unable to rule out the possibility that the client is failing to 
authenticate, this is as far as I have got.

To the more experienced with Jboss/EJB3 security, my question is, should the 
@PostConstruct method be able to call the @Service method and will the identity 
of the logged-in user apply to the call?

Or is this simply a failure to authenticate at all what with this being the 
first method call?
The worrying thing is that on the client according to debug log messages, my 
simple CallbackHandler passed to LoginContext never gets called for the 
username and password. This I am also confused about.



The client code looks like this:

                System.setProperty("java.security.auth.login.config", 
"src/META-INF/auth.conf");
                        CallbackHandler myHandler = new LoginCallbackHandler();
//                      LoginContext lc = new LoginContext("testuser", 
myHandler);
                        LoginContext lc = new LoginContext("mydomain", new 
org.jboss.security.auth.callback.UsernamePasswordHandler("testuser", 
"testpass"));
                        try {
                                lc.login();
                        }
                catch (LoginException le)
                {
                    System.out.println("Login failed");
                    le.printStackTrace();
                }
                        
                        Properties env = new Properties();
//                      env.setProperty(Context.SECURITY_PRINCIPAL, "testuser");
//                      env.setProperty(Context.SECURITY_CREDENTIALS, 
"testpass");
                        env.setProperty(Context.INITIAL_CONTEXT_FACTORY, 
"org.jnp.interfaces.NamingContextFactory");
                        env.setProperty(Context.URL_PKG_PREFIXES, 
"org.jboss.naming:org.jnp.interfaces"); // MC
                        env.setProperty(Context.PROVIDER_URL, hostname);
                        
                        // Contact EJB server
//                      Context ctx = new 
LoginInitialContextFactory().getInitialContext(env);
                        InitialContext ctx = new InitialContext(env); 
                        session = (UserSession) 
ctx.lookup("MyApplication/UserSessionBean/remote");


I have spent all day looking on the web and in forums for hints, and trying 
things.

Can anyone help?


Matt

View the original post : 
http://staging.jboss.com/index.html?module=bb&op=viewtopic&p=3890825#3890825

Reply to the post : 
http://staging.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3890825


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] [Security & JAAS/JBoss] - Authentication failed calling @Service from session bean @Po

Reply via email to