"[EMAIL PROTECTED]" wrote : http://www.jboss.org/wiki/Wiki.jsp?page=XMBeansforSecurity |
I followed the examples but encountered "NoSuchMethodException" when startup JBoss. The problem is JBoss startup sequence tried to use org.jboss.mx.server.MBeanInvoker interface to lookup a constructor for my Interceptor. Can any one help? Here is the output from startup log ======================= org.jboss.mx.interceptors.JNDISecurityInterceptor | java.lang.NoSuchMethodException: org.jboss.mx.interceptors.JNDISecurityInterceptor.<init>(org.jboss.mx.server.MBeanInvoker) | at java.lang.Class.getConstructor0(Class.java:1929) | at java.lang.Class.getConstructor(Class.java:1019) | at org.jboss.mx.modelmbean.ModelMBeanInvoker.getInterceptors(ModelMBeanInvoker.java:552) | at org.jboss.mx.modelmbean.ModelMBeanInvoker.configureInterceptorStack(ModelMBeanInvoker.java:458) | at org.jboss.mx.modelmbean.XMBean.configureInterceptorStack(XMBean.java:360) | at org.jboss.mx.modelmbean.ModelMBeanInvoker.invokePreRegister(ModelMBeanInvoker.java:350) | at org.jboss.mx.server.AbstractMBeanInvoker.preRegister(AbstractMBeanInvoker.java:539) | at org.jboss.mx.server.registry.BasicMBeanRegistry.invokePreRegister(BasicMBeanRegistry.java:644) | at org.jboss.mx.server.registry.BasicMBeanRegistry.registerMBean(BasicMBeanRegistry.java:199) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473) | at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:1018) | at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:981) | at org.jboss.mx.server.MBeanServerImpl.createMBean(MBeanServerImpl.java:318) | at org.jboss.system.ServiceCreator.install(ServiceCreator.java:152) | at org.jboss.system.ServiceConfigurator.internalInstall(ServiceConfigurator.java:149) | at org.jboss.system.ServiceConfigurator.install(ServiceConfigurator.java:114) | at org.jboss.system.ServiceController.install(ServiceController.java:198) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61) | What I did was, 1. compile the following class ===================== package org.jboss.mx.interceptors; | | imports ignored | | public final class JNDISecurityInterceptor | extends AbstractInterceptor | { | private static Logger log = Logger.getLogger(JNDISecurityInterceptor.class); | private static final Principal READER_ROLE = new SimplePrincipal("JNDIReader"); | private static final Principal WRITER_ROLE = new SimplePrincipal("JNDIWriter"); | | private String securityDomain; | private SubjectSecurityManager authMgr; | private RealmMapping roleMgr; | | public JNDISecurityInterceptor() | { | super("JNDI Security Interceptor"); | } | public String getSecurityDomain() | { | return securityDomain; | } | public void setSecurityDomain(String securityDomain) throws Exception | { | log.info("setSecurityDomain: "+securityDomain); | this.securityDomain = securityDomain; | InitialContext ctx = new InitialContext(); | this.authMgr = (SubjectSecurityManager) ctx.lookup(securityDomain); | this.roleMgr = (RealmMapping) ctx.lookup(securityDomain); | } | | // Interceptor overrides ----------------------------------------- | public Object invoke(Invocation invocation) throws InvocationException | { | String opName = invocation.getName(); | log.info("invoke, opName="+opName); | | // If this is not the invoke(Invocation) op just pass it along | if( opName == null || opName.equals("invoke") == false ) | return invocation.nextInterceptor().invoke(invocation); | Object[] args = invocation.getArgs(); | org.jboss.invocation.Invocation invokeInfo = | (org.jboss.invocation.Invocation) args[0]; | // There must be a valid security manager | if( authMgr == null || roleMgr == null ) | { | String msg = "No security mgr configured, check securityDomain: "+securityDomain; | throw new SecurityException(msg); | } | | // Get the security context passed from the client | Principal principal = invokeInfo.getPrincipal(); | Object credential = invokeInfo.getCredential(); | if( authMgr.isValid(principal, credential) == false ) | { | String msg = "Failed to authenticate principal: "+principal; | throw new SecurityException(msg); | } | HashSet methodRoles = new HashSet(); | Method method = invokeInfo.getMethod(); | boolean isRead = isReadMethod(method); | if( isRead == true ) | methodRoles.add(READER_ROLE); | else | methodRoles.add(WRITER_ROLE); | if( roleMgr.doesUserHaveRole(principal, methodRoles) == false ) | { | String msg = "Failed to authorize subject: "+authMgr.getActiveSubject() | + " principal: " + principal | + " for access roles:" + methodRoles; | throw new SecurityException(msg); | } | | // Let the invocation go | return invocation.nextInterceptor().invoke(invocation); | } | | private boolean isReadMethod(Method method) | { | boolean isRead = true; | String name = method.getName(); | String name = method.getName(); | isRead = name.equals("lookup") || name.equals("list") | || name.equals("listBindings"); | return isRead; | } | } | 2. modified the mbean declaration for NamingService in ~/conf/jboss-service.xml =================================== <mbean code="org.jboss.naming.NamingService" | name="jboss:service=Naming" | xmbean-dd="xmdesc/NamingService-xmbean.xml" > | <!-- other attributes omitted --> | </mbean> | 3. create file ~/conf/xmdesc/NamingService-xmbean.xml ====================================== <?xml version="1.0" encoding="UTF-8"?> | <!DOCTYPE mbean PUBLIC | "-//JBoss//DTD JBOSS XMBEAN 1.1//EN" | "http://www.jboss.org/j2ee/dtd/jboss_xmbean_1_0.dtd" | [ | ATTLIST interceptor securityDomain CDATA #IMPLIED | ]> | | <mbean> | <description>A deployment of the standard JBoss JNDI naming servr | that employs custom interceptors to add security | </description> | | <descriptors> | <interceptors> | <interceptor code="org.jboss.mx.interceptors.JNDISecurityInterceptor" | securityDomain="java:/jaas/jmx-console"/> | </interceptors> | </descriptors> | | <class>org.jboss.naming.NamingService</class> | | <constructor> | <description>The default constructor</description> | <name>NamingService</name> | </constructor> | | <attribute access="read-only" getMethod="getMethodMap"> | <name>MethodMap</name> | <type>java.util.Map</type> | </attribute> | <attribute access="read-write" getMethod="getPort" setMethod="setPort"> | <name>Port</name> | <type>int</type> | </attribute> | <attribute access="read-write" getMethod="getInstallGlobalService" | setMethod="setInstallGlobalService"> | <name>InstallGlobalService</name> | <type>boolean</type> | </attribute> | | <!-- Operations --> | <operation> | <description>The start lifecycle operation</description> | <name>start</name> | </operation> | <operation> | <description>The stop lifecycle operation</description> | <name>stop</name> | </operation> | <operation> | <description>The detyped lifecycle operation (for internal use only)</description> | <name>jbossInternalLifecycle</name> | <parameter> | <description>The lifecycle operation</description> | <name>method</name> | <type>java.lang.String</type> | </parameter> | <return-type>void</return-type> | </operation> | | <operation> | <description>The generic invocation operation used by detached invokers | to route requests to the service | </description> | <name>invoke</name> | <parameter> | <description>The Naming interface method invocation encapsulation | </description> | <name>invocation</name> | <type>org.jboss.invocation.Invocation</type> | </parameter> | <return-type>java.lang.Object</return-type> | </operation> | </mbean> | View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3856657#3856657 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3856657 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user