Hi all.
I'm sooooo close to the solution to this ;) Maybe in a week or so I'll have
it !!
OK. So, here's my setup.
Step 1)
Configure JBoss with an application-policy in the login-config.xml file (which
is located in $JBOSS_HOME/server/default)
In said login-config.xml file I have the following ...
| <application-policy name = "simpleSB">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule" flag
= "required">
| <module-option
name="usersProperties">users.properties</module-option>
| <module-option
name="rolesProperties">roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
which, as far as I understand it sets up a realm called simpleSB. In
users.properties I have:
david=david
and in roles.properties I have:
david=tester
which, as far as I understand it sets up the user 'david' with the password
'david' and the role 'tester'
Step 2)
Create a simple session bean. One method (ok, 2) that simply echo "Hello
World". The class is called Printer.
The class:
| package com.powder.ejb;
|
| import java.rmi.*;
|
| import javax.ejb.*;
|
| public class Printer implements SessionBean {
|
| public void ejbActivate() {
| }
|
| public void ejbPassivate() {
| }
|
| public void ejbCreate() {
| }
|
| public void ejbRemove() {
| }
|
| public void setSessionContext(SessionContext ctx) throws EJBException,
RemoteException {
| // TODO store session context reference
| }
|
| // actual bean methods
|
| public String printHello() {
| return "Hello from inside the session bean!";
| }
|
| public String printHelloThere(String name) {
| return "Hello there, " + name + ", from inside the session bean!";
| }
|
| }
|
The Remote interface:
| package com.powder.ejb;
|
| import java.rmi.*;
|
| import javax.ejb.*;
|
| public interface PrinterRemote extends EJBObject {
|
| public String printHello() throws RemoteException;
| public String printHelloThere(String name) throws RemoteException;
|
| }
|
The Home interface:
| package com.powder.ejb;
|
| import java.rmi.*;
|
| import javax.ejb.*;
|
| public interface PrinterHome extends EJBHome {
|
| PrinterRemote create() throws RemoteException, CreateException;
|
| }
|
Step 3)
Configure the ejb-jar.xml descriptor to put in some security :
| <ejb-jar>
|
| <enterprise-beans>
| <session>
| <ejb-name>simple</ejb-name>
| <home>com.powder.ejb.PrinterHome</home>
| <remote>com.powder.ejb.PrinterRemote</remote>
| <ejb-class>com.powder.ejb.Printer</ejb-class>
| <session-type>Stateless</session-type>
| <transaction-type>Bean</transaction-type>
| <security-role-ref>
| <role-name>tester</role-name>
| </security-role-ref>
| </session>
| </enterprise-beans>
|
| <assembly-descriptor>
| <security-role>
| <role-name>tester</role-name>
| </security-role>
| <method-permission>
| <role-name>tester</role-name>
| <method>
| <ejb-name>simple</ejb-name>
| <method-name>*</method-name>
| </method>
| </method-permission>
| </assembly-descriptor>
|
| </ejb-jar>
|
Step 4)
Set up the jboss.xml descriptor to use the proper jndi name and realm:
| <jboss>
| <security-domain>java:/jaas/simpleSB</security-domain>
| <enterprise-beans>
| <session>
| <ejb-name>simple</ejb-name>
| <jndi-name>ejb/simple</jndi-name>
| </session>
| </enterprise-beans>
| </jboss>
|
Step 5)
Start setting up the client end of things. To use the LoginContext idea you
have to a) set up a callback handler that supplies the username and password,
b) set up the authorization file to tell the client JVM which authorization
proxy class is going to be used, and c) run the client JVM with the argument to
show where the auth file is.
NOTE (i changed square brackets in the code to parenthesis to get around
formatting issues in this BB)
a)
| package com.powder.ejb;
|
| import java.io.IOException;
|
| import javax.security.auth.callback.*;
|
| public class PrinterClientCallbackHandler implements CallbackHandler {
|
| private String username;
| private String password;
|
| public PrinterClientCallbackHandler(String username, String password) {
| this.username = username;
| this.password = password;
| }
|
| public void handle(Callback[] callbacks) throws IOException,
UnsupportedCallbackException {
| for (int i=0; i<callbacks.length; i++) {
| if (callbacks(i) instanceof NameCallback) {
| NameCallback nc = (NameCallback)callbacks(i);
| nc.setName(username);
| } else if (callbacks(i) instanceof PasswordCallback) {
| PasswordCallback pc = (PasswordCallback)callbacks(i);
| pc.setPassword(password.toCharArray());
| } else {
| throw new UnsupportedCallbackException(callbacks(i),
"unrecognized callback");
| }
| }
| }
| }
|
b)
I set up a file called auth.conf in the directory where my Eclipse project is
running ( /home/davidh/eclipse/workspace/simpleSessionBean/auth.conf) and I
supply the argument -Djava.auth.login.config=above-path when I start the JVM.
The file looks like:
| simpleSB {
| org.jboss.security.ClientLoginModule required;
| };
|
c)
This is my client program:
| package com.powder.ejb;
|
| import java.util.*;
| import javax.naming.*;
| import javax.security.auth.login.*;
|
| public class PrinterClient {
|
| public static void main(String[] args) {
|
| try {
| String username = "david";
| String password = "david";
|
| PrinterClientCallbackHandler ch = new
PrinterClientCallbackHandler(username, password);
| LoginContext lc = new LoginContext("simpleSB", ch);
| lc.login();
| System.out.println("Login context successfully created");
|
| Properties prop = new Properties();
| prop.put(Context.INITIAL_CONTEXT_FACTORY,
"org.jnp.interfaces.NamingContextFactory");
| prop.put(Context.PROVIDER_URL, "localhost:1099");
|
| Context ctx = new InitialContext(prop);
|
| Object objref = ctx.lookup("ejb/simple");
|
| PrinterHome home = (PrinterHome)
javax.rmi.PortableRemoteObject.narrow(objref, PrinterHome.class);
| PrinterRemote printer = (PrinterRemote)home.create();
|
| System.out.println(printer.printHello());
| System.out.println(printer.printHelloThere(username));
|
| printer.remove();
|
| } catch (Exception e) {
| e.printStackTrace();
| }
| }
| }
|
Now, when I run the client the login credentials are sent to the server but the
proper role (tester) is not assigned to the principal as evidenced by the error
message:
| java.rmi.ServerException: RemoteException occurred in server thread; nested
exception is:
| java.rmi.AccessException: SecurityException; nested exception is:
| java.lang.SecurityException: Insufficient method permissions,
principal=david, method=create, interface=HOME, requiredRoles=[tester],
principalRoles=null
|
Any thoughts?
Regards,
Dave Haas
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3861000#3861000
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3861000
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
