Hello Andrea, I don't know how to solve your strange problem. What I can say:
the server output [Default] User 'leonardi' authenticated. shows that the user is recognized and the password is correct, it says nothing about access rights. The access rights are checked during the first access to a secured bean. Which exception exactly occurs when the login fails ? Can you post the StackTrace ? Annegret P.S: Please post also to the list not only to me ;-) -----Urspr�ngliche Nachricht----- Von: Andrea Cervellati [mailto:[EMAIL PROTECTED]] Gesendet: Dienstag, 22. Januar 2002 14:48 An: [EMAIL PROTECTED] Betreff: RE: [JBoss-user] security problem with Jboss+Tomcat Thank you very much for the advice. I separated the ejbs into two different jar files and I fixed the problem. Anyway I have another problem. When I start up the server, the first user that tries to access the protected resources gets the login failure even if the credentials are right. The strange thing is that the server seems to recognize the user 'cause it prints the following: [EmbeddedCatalinaServiceSX] jsp: init [Default] User 'leonardi' authenticated. Another strange thing is that if the same user tries to access the same resource again, the login goes well. This happens not only with the user 'leonardi' but with any other user that is the first after a start up operation. I'm using a database login module and I have the configuration bound under the JNDI name 'java:/jaas/modulojdbc'. When the server is deploying the app I can read the message: [Container factory] Deploying MatDidEJB [Default] lookup securityDomain manager name: java:/jaas/modulojdbc [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@4cd580 [JaasSecurityManagerService] setCachePolicy, c=null [JaasSecurityManagerService] Added modulojdbc, org.jboss.security.plugins.JaasSecurityManager@4cd580 to map so it seems everything is ok! So what should I do? Thanks again >From: "Sternagel Annegret (PN-SYS/PE)" <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: RE: [JBoss-user] security problem with Jboss+Tomcat >MIME-Version: 1.0 >X-BeenThere: [EMAIL PROTECTED] >X-Mailman-Version: 2.0.5 >List-Help: <mailto:[EMAIL PROTECTED]?subject=help> >List-Post: <mailto:[EMAIL PROTECTED]> >List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/jboss-user>, <mailto:[EMAIL PROTECTED]?subject=subscribe> >List-Id: The JBoss User main mailing list <jboss-user.lists.sourceforge.net> >List-Unsubscribe: <https://lists.sourceforge.net/lists/listinfo/jboss-user>, <mailto:[EMAIL PROTECTED]?subject=unsubscribe> >List-Archive: <http://www.geocrawler.com/redir-sf.php3?list=jboss-user> >X-Original-Date: Tue, 22 Jan 2002 09:39:08 +0100 >Date: Tue, 22 Jan 2002 09:39:08 +0100 >Content-Transfer-Encoding: 8bit >X-MIME-Autoconverted: from quoted-printable to 8bit by sparc20.ing.unimo.it id KAA06826 > >The security-doamin in jboss.xml is valid for all beans it belongs to. If >you want to restrict the security to particulary beans separate them in >different jars with different jboss.xml. > >Annegret > >-----Urspr�ngliche Nachricht----- >Von: Andrea Cervellati [mailto:[EMAIL PROTECTED]] >Gesendet: Montag, 21. Januar 2002 17:56 >An: [EMAIL PROTECTED] >Betreff: [JBoss-user] security problem with Jboss+Tomcat > > >Hi, > > I'm using JBoss and Tomcat for my web application. > > I have two stateful session ejbs: InsegnamentiEJB and MatDidEJB. > > The MatDidEJB is restricted to a security domain, but the other is not. > So I did not specify any method permission in the ejb-jar.xml for the first > > bean, but only for the second one: > > <assembly-descriptor> > <security-role> > <role-name>docente</role-name> > <assembly-descriptor> > > <method-permission> > <role-name>docente</role-name> > <method> > <ejb-name>MatDidEJB</ejb-name> > <method-name>*</method-name> > </method> > </method-permission> > > I want to use the database login module for the authentication of users so >I >had > to change the standard configurations adding the following jboss.xml: > > <jboss> <security-domain>java:/jaas/modulojdbc</security-domain> > </jboss> > > where modulojdbc is the JNDI name of the authorization configuration in the > > auth.conf file. > > Then I have two JSPs: Insegnamenti.jsp and MatDid.jsp. > > When the user connects to the first he/she doesn't need to be authenticated >and > can access to the related ejb. > On the bottom of the page there is a link to the other jsp and if the user > clicks it he/she must authenticate himself/herself with a login form. > > My web.xml contains the following: > > <security-constraint> > > <web-resource-collection> > <web-resource-name>area riservata</web-resource-name> > <url-pattern>/MatDid.jsp</url-pattern> > <http-method>DELETE</http-method> > <http-method>GET</http-method> > <http-method>POST</http-method> > <http-method>PUT</http-method> > </web-resource-collection> > > <auth-constraint> > <role-name>docente</role-name> > </auth-constraint> > > </security-constraint> > > > The problem is that when the user connect to the Insegnamenti.jsp and tries >to > connect to the InsegnamentiEJB the following exception occurs: > > javax.servlet.ServletException: checkSecurityAssociation; > nested exception is: > java.lang.SecurityException: Authentication exception, > principal=null; nested exception is: > java.rmi.RemoteException: checkSecurityAssociation; nested > exception is: > java.lang.SecurityException: Authentication exception, > principal=null > > It seems that as long as I set the jboss configuration with the jboss.xml, >any > user that try to access the beans must be authenticated! WHY?! > > How can I restrict the authentication only to ONE particular ejb? > > PLEASE HELP!!!!! > > Thanks in advance > > bye > > >_______________________________________________ >JBoss-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/jboss-user > >_______________________________________________ >JBoss-user mailing list >[EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/jboss-user _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
