Hi, I'm having problems setting up JAAS security in JBoss 3.2.3. (I have few years experience as java programmer, but JBoss is relatively new to me). I would be grateful if someone can help me with this problem. I configured DatabaseServerLoginModule, set up Principals and Roles tables in HSQL as described in JBoss documentation, written custom CallBack handler. When I invoke login from servlet, Subject is found correctly as defined in database tables and login parameters supplied to handler. So user was authenticated: user name and role printed out correctly. The test code is:
LoginContext loginContext = new LoginContext("client-login", handler); | loginContext.login(); | Subject subject = loginContext.getSubject(); | System.out.println("Subject from servlet : " + subject.toString()); | accDelegate = new AccountDelegate(); | String message = accDelegate.createAccountFacade(); | System.out.println(message); When I try to create AccountFacade bean (stateful session bean), from accDelegate object (Business Delegate and Service Locator design patterns are applied), I get SecurityException insufficient method permissions. Required role=[Buyer] principal roles=null. But servlet already confirmed that the Principal was authenticated with the role 'Buyer'. It looks like the authenticated Subject is not propaged by the container with the next method call. The other settings are as follows: | login-config.xml | <policy> | <!-- Used by clients within the application server VM such as | mbeans and servlets that access EJBs. | --> | <application-policy name = "client-login"> | <authentication> | <login-module code = "org.jboss.security.ClientLoginModule" | flag = "required"> | </login-module> | </authentication> | </application-policy> | | <!-- ================================================================================= | LOG IN MODULE added by me | Login module uses dabase to check user name and password --> | | <application-policy name = "dbAuthentication"> | <authentication> | <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" | flag = "required"> | <module-option name = "unauthenticatedIdentity">nobody</module-option> | <module-option name = "dsJndiName">java:/DefaultDS</module-option> | </login-module> | </authentication> | </application-policy> | | <!-- =================================================================================== --> | | </policy> | | auth.conf | other { | // jBoss LoginModule | org.jboss.security.ClientLoginModule required | ; | | // Put your login modules that need jBoss here | }; | | client-login { | // jBoss LoginModule | org.jboss.security.ClientLoginModule required | ; | | // Put your login modules that need jBoss here | }; | | dbAuthentication { | // jBoss LoginModule added by me | org.jboss.security.auth.spi.DatabaseServerLoginModule required | ; | unauthenticatedIdentity="nobody"; | dsJndiName="java:/DefaultDS" | | // Put your login modules that need jBoss here | }; | | jboss.xml | <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 3.2//EN" "http://www.jboss.org/j2ee/dtd/jboss_3_2.dtd"> | <jboss> | <security-domain>java:/jaas/dbAuthentication</security-domain> | <unauthenticated-principal>nobody</unauthenticated-principal> | <enterprise-beans> | <session> | <ejb-name>AccountFacadeBean</ejb-name> | <jndi-name>AccountFacadeBean</jndi-name> | </session> | <session> | <ejb-name>AccountControl</ejb-name> | <jndi-name>AccountControl</jndi-name> | <local-jndi-name>AccountControlLocal</local-jndi-name> | </session> | </enterprise-beans> | </jboss> | | ejb-jar.xml | ................ other tags ............ | <security-role> | <role-name>Buyer</role-name> | </security-role> | <security-role> | <role-name>Supplier</role-name> | </security-role> | <method-permission> | <role-name>Buyer</role-name> | <method> | <ejb-name>AccountFacadeBean</ejb-name> | <method-intf>Home</method-intf> | <method-name>create</method-name> | </method> | <method> | <ejb-name>AccountFacadeBean</ejb-name> | <method-intf>Remote</method-intf> | <method-name>getUser</method-name> | </method> | </method-permission> | Thank you in advance Natalia View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3844043#3844043 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3844043 ------------------------------------------------------- This SF.Net email is sponsored by OSTG. Have you noticed the changes on Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now, one more big change to announce. We are now OSTG- Open Source Technology Group. Come see the changes on the new OSTG site. www.ostg.com _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user