Dear Scott,
I apologize for my disturbance. I am still confused about the "myLoginConfig". In my login-config.xml, I have the following <application-policy> elements:
<application-policy name = "client-login">
<authentication>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</authentication>
</application-policy>
...
<application-policy name = "ldap">
<authentication>
<login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
<module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name = "java.naming.provider.url">ldap://uranus:389/</module-option>
<module-option name = "java.naming.security.authentication">simple</module-option>
<module-option name = "principalDNPrefix">cn=</module-option>
<module-option name = "principalDNSuffix">,o=SGC,c=VN</module-option>
<module-option name = "uidAttributeID">userid</module-option>
<module-option name = "roleAttributeID">roles</module-option>
<module-option name = "rolesCtxDN">o=SGC,c=VN</module-option>
<module-option name = "matchOnUserDN">false</module-option>
<module-option name = "unauthenticatedIdentity">nobody</module-option>
</login-module>
</authentication>
</application-policy>
And when I run the piece of code as you told :
Properties env = new Properties();
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "jnp://uranus:1099/");
env.setProperty(Context.SECURITY_CREDENTIALS, "administrator");
env.setProperty(Context.SECURITY_PRINCIPAL, "administrator");
env.setProperty(Context.SECURITY_PROTOCOL, "ldap");
Context context = new InitialContext(env);
I get the exception:
java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at javax.security.auth.login.Configuration$3.run(Configuration.java:221)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
at org.jboss.security.jndi.LoginInitialContextFactory.getInitialContext(LoginInitialContextFactory.java:63)
at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:662)
at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:243)
at javax.naming.InitialContext.init(InitialContext.java:219)
at javax.naming.InitialContext.<init>(InitialContext.java:195)
at com.sdc.sgc.test.Test.start(Test.java:36)
at com.sdc.sgc.test.Test.main(Test.java:25)
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:95)
... 20 more
Just because in my deployment descriptor file - jboss.xml - I use java:/jaas/ldap for the security domain, so I set the env property
env.setProperty(Context.SECURITY_PROTOCOL, "ldap");
The problem is also the same when I use "client-login" instead of "ldap"
Best regards
Quan
-----Original Message-----
From: Scott M Stark [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 01, 2003 8:59 PM
To: [EMAIL PROTECTED]
Subject: Re: [JBoss-user] Insufficient method permissions
Our default login mechanism is not through the JNDI InitialContext. If
you want to do that you need to use the
org.jboss.security.jndi.LoginInitialContextFactory:
Properties env = new Properties();
// Try with a login that should succeed
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,
"org.jboss.security.jndi.LoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
env.setProperty(Context.SECURITY_CREDENTIALS, "theduke");
env.setProperty(Context.SECURITY_PRINCIPAL, "jduke");
env.setProperty(Context.SECURITY_PROTOCOL, "myLoginConfig");
where myLoginConfig is a JAAS login configuration that has at least the
JBoss ClientLogin module.
--
xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx
Pham Thanh Quan wrote:
> Hi all,
>
>
>
> When I run the following piece of code:
>
>
>
> Properties properties = new Properties();
>
> properties.put("java.naming.provider.url", url);
>
> properties.put("java.naming.factory.initial", jndiContextClass);
>
> properties.setProperty(Context.SECURITY_PRINCIPAL, "administrator");
>
> properties.setProperty(Context.SECURITY_CREDENTIALS, "administrator");
>
> Context context = new InitialContext(properties);
>
> PromotionInfoManagerHome promotionInfoManagerHome =
> (PromotionInfoManagerHome) context.lookup("PromotionInfoManager");
>
> PromotionInfoManager promotionInfoManager =
> promotionInfoManagerHome.create();
>
> PromotionProgramValue promotionProgramValue = new
> PromotionProgramValue("test", "test", "published", null, false);
>
> promotionInfoManager.createPromotionProgram(promotionProgramValue);
>
>
>
> I get the following exception:
>
>
>
> java.rmi.ServerException: RemoteException occurred in server thread;
> nested exception is:
>
> java.rmi.ServerException: EJBException:; nested exception is:
>
> javax.ejb.EJBException: checkSecurityAssociation;
> CausedByException is:
>
> Insufficient method permissions, principal=null,
> method=createPromotionProgram, interface=REMOTE,
> requiredRoles=[Administrator, SystemUser], principalRoles=[]
>
> …
>
>
>
> Although the account I used above (username=administrator,
> password=administrator, and its role is “Administrator”) is a valid
> account, when I use that account to login from my web server, and then
> call the method of the bean above, everything is OK. Please tell me what
> the problem is.
>
>
>
> Thanks and regards
>
> Quan
>
>
>
-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user