newbie question about secured remote ejb invoke

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

newbie question about secured remote ejb invoke

Joseph
Hi all,
 
I have tried many days but failed finding where my problem is.  The scenario is to invoke remote secured ejb on JBAS 7.1 final
 
=====================server side stuff below ===================
 
modification to "standalone-full-ha.xml"
 
            <security-realm name="ApplicationRealm">
                <authentication>
                    <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
                </authentication>
            </security-realm>
....
 
        <subsystem xmlns="urn:jboss:domain:remoting:1.1">
            <connector name="remoting-connector" socket-binding="remoting" security-realm="ApplicationRealm">
                <sasl>
                    <policy>
                        <no-anonymous value="true"/>
                        <no-plain-text value="false"/>
                        <pass-credentials value="true"/>
                    </policy>
                </sasl>
            </connector>
        </subsystem>
 
....
 
                <security-domain name="my-security-domain" cache-type="default">
                    <authentication>
                        <login-module code="Remoting" flag="optional">
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                        <login-module code="RealmUsersRoles" flag="required">
                            <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
                            <module-option name="realm" value="ApplicationRealm"/>
                            <module-option name="password-stacking" value="useFirstPass"/>
                        </login-module>
                    </authentication>
                </security-domain>
 
-------------------------------------------------------------------------------------------------------------
application-roles.properties:

test123=aabdd69afca03e09fc05b7539c62818d
-------------------------------------------------------------------------------------------------------------
application-users.properties:
 
test123=testrole
------------------------------------------------------------------------------------------------------------
@Stateless(name = "wutong_test_hello")
@Clustered
@Remote(HellowWorldRemote.class)
@Local(HellowWorldLocal.class)
@SecurityDomain(value = "my-security-domain")
public class HellowWorldImpl implements HellowWorldRemote, HellowWorldLocal {
@RolesAllowed(value = { "testrole" })
public String hello(String name) {
String ret = "hello: " + name +" , "+ctx.getCallerPrincipal().getName();
log.info(ret + ",hashcode:" + hashCode());
return ret;
}
}
----------------------------------------------------------------------------------------------------------------------------
public interface HellowWorldRemote {
String hello(String name);
}
----------------------------------------------------------------------------------------------------------------------------
public interface HellowWorldLocal {
String hello(String name);
}
 
 
 
=========================client side stuff below=================================
jboss-ejb-client.properties:
 
endpoint.name=my_end_point
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=127.0.0.1
remote.connection.default.port=4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
remote.connection.default.username=test123
remote.connection.default.password=test

remote.clusters=ejb
remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
remote.cluster.ejb.username=test123
remote.cluster.ejb.password=test
 
------------------------------------------------------------------------------------------------
 
  Properties props = new Properties();
  props.put(Context.URL_PKG_PREFIXES,"org.jboss.ejb.client.naming");
  context = new InitialContext(props);
 
   
   HellowWorldRemote remo=(HellowWorldRemote)context.lookup("ejb:/testEJB//wutong_test_hello!com.biz.ejb.face.HellowWorldRemote", HellowWorldRemote.class);
   log.info(remo.hello(Long.toString(System.currentTimeMillis())));
 
 
------------------------------------------------------------------------------------------------
 
I always get the following exception stacks bath on server side and client side :
 
 
16:58:53,157 ERROR [org.jboss.ejb3.invocation] (EJB default - 2) JBAS014134: EJB Invocation failed on component wutong_test_hello for method public abstract java.lang.String com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String): javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public abstract java.lang.String com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String) of bean: wutong_test_hello is not allowed
 at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
 at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:300) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:194) [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_25]
 at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303) [rt.jar:1.6.0_25]
 at java.util.concurrent.FutureTask.run(FutureTask.java:138) [rt.jar:1.6.0_25]
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [rt.jar:1.6.0_25]
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [rt.jar:1.6.0_25]
 at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_25]
 at org.jboss.threads.JBossThread.run(JBossThread.java:122)

 the principal name from org.jboss.as.security.service.SimpleSecurityManager.getCallerPrincipal() is "$local" ,so that I doubt I did not pass username "test123" to remote server successfully....
 
any idea what is wrong ? or what configuration files did I miss ?
 
thank you very much

_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
Reply | Threaded
Open this post in threaded view
|

Re: newbie question about secured remote ejb invoke

Jaikiran Pai
Let's continue in the user forums where we are already discussing this
https://community.jboss.org/thread/196169?tstart=0

-Jaikiran
On Thursday 01 March 2012 03:28 PM, Joseph wrote:

> Hi all,
> I have tried many days but failed finding where my problem is.  The
> scenario is to invoke remote secured ejb on JBAS 7.1 final
> =====================server side stuff below ===================
> modification to "standalone-full-ha.xml"
> <security-realm name="ApplicationRealm">
> <authentication>
> <properties path="application-users.properties"
> relative-to="jboss.server.config.dir"/>
> </authentication>
> </security-realm>
> ....
> <subsystem xmlns="urn:jboss:domain:remoting:1.1">
> <connector name="remoting-connector" socket-binding="remoting"
> security-realm="ApplicationRealm">
> <sasl>
> <policy>
> <no-anonymous value="true"/>
> <no-plain-text value="false"/>
> <pass-credentials value="true"/>
> </policy>
> </sasl>
> </connector>
> </subsystem>
> ....
> <security-domain name="my-security-domain" cache-type="default">
> <authentication>
> <login-module code="Remoting" flag="optional">
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> <login-module code="RealmUsersRoles" flag="required">
> <module-option name="usersProperties"
> value="${jboss.server.config.dir}/application-users.properties"/>
> <module-option name="rolesProperties"
> value="${jboss.server.config.dir}/application-roles.properties"/>
> <module-option name="realm" value="ApplicationRealm"/>
> <module-option name="password-stacking" value="useFirstPass"/>
> </login-module>
> </authentication>
> </security-domain>
> -------------------------------------------------------------------------------------------------------------
> application-roles.properties:
>
> test123=aabdd69afca03e09fc05b7539c62818d
> -------------------------------------------------------------------------------------------------------------
> application-users.properties:
> test123=testrole
> ------------------------------------------------------------------------------------------------------------
> @Stateless(name = "wutong_test_hello")
> @Clustered
> @Remote(HellowWorldRemote.class)
> @Local(HellowWorldLocal.class)
> @SecurityDomain(value = "my-security-domain")
> public class HellowWorldImpl implements HellowWorldRemote,
> HellowWorldLocal {
> @RolesAllowed(value = { "testrole" })
> public String hello(String name) {
> String ret = "hello: " + name +" , "+ctx.getCallerPrincipal().getName();
> log.info <http://log.info> (ret + ",hashcode:" + hashCode());
> return ret;
> }
> }
> ----------------------------------------------------------------------------------------------------------------------------
> public interface HellowWorldRemote {
> String hello(String name);
> }
> ----------------------------------------------------------------------------------------------------------------------------
> public interface HellowWorldLocal {
> String hello(String name);
> }
> =========================client side stuff
> below=================================
> jboss-ejb-client.properties:
> endpoint.name <http://endpoint.name>=my_end_point
> remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
> remote.connections=default
> remote.connection.default.host=127.0.0.1
> remote.connection.default.port=4447
> remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
> remote.connection.default.username=test123
> remote.connection.default.password=test
>
> remote.clusters=ejb
> remote.cluster.ejb.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=true
> remote.cluster.ejb.username=test123
> remote.cluster.ejb.password=test
> ------------------------------------------------------------------------------------------------
>   Properties props = new Properties();
>   props.put(Context.URL_PKG_PREFIXES,"org.jboss.ejb.client.naming");
>   context = new InitialContext(props);
>
>    HellowWorldRemote
> remo=(HellowWorldRemote)context.lookup("ejb:/testEJB//wutong_test_hello!com.biz.ejb.face.HellowWorldRemote",
> HellowWorldRemote.class);
> log.info
> <http://log.info>(remo.hello(Long.toString(System.currentTimeMillis())));
> ------------------------------------------------------------------------------------------------
> I always get the following exception stacks bath on server side and
> client side :
> 16:58:53,157 ERROR [org.jboss.ejb3.invocation] (EJB default - 2)
> JBAS014134: EJB Invocation failed on component wutong_test_hello for
> method public abstract java.lang.String
> com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String):
> javax.ejb.EJBAccessException: JBAS014502: Invocation on method: public
> abstract java.lang.String
> com.biz.ejb.face.HellowWorldRemote.hello(java.lang.String) of bean:
> wutong_test_hello is not allowed
>  at
> org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:101)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
> [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45)
> [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61)
> [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]
>  at
> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:300)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$200(MethodInvocationMessageHandler.java:64)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:194)
> [jboss-as-ejb3-7.1.0.Final.jar:7.1.0.Final]
>  at
> java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441) [rt.jar:1.6.0_25]
>  at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
> [rt.jar:1.6.0_25]
>  at java.util.concurrent.FutureTask.run(FutureTask.java:138)
> [rt.jar:1.6.0_25]
>  at
> java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
> [rt.jar:1.6.0_25]
>  at
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
> [rt.jar:1.6.0_25]
>  at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_25]
>  at org.jboss.threads.JBossThread.run(JBossThread.java:122)
>
>  the principal name from
> org.jboss.as.security.service.SimpleSecurityManager.getCallerPrincipal()
> is "$local" ,so that I doubt I did not pass username "test123" to
> remote server successfully....
> any idea what is wrong ? or what configuration files did I miss ?
> thank you very much
>
>
> _______________________________________________
> jboss-as7-dev mailing list
> [hidden email]
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev

_______________________________________________
jboss-as7-dev mailing list
[hidden email]
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev