Hi all,
I have scoured the Internet and pounded my head against the wall for hours
looking for answers to my questions. I have found a bunch of stuff but nothing
seems to be working for me. I am beginning to think that I may be asking the
wrong questions or totally am missing some basic principle!!
My main question is with regards to the security architecture between Tomcat
and JBoss. I have a struts web application which is run in the web container
and some EJB's that run in the application container. Nothing new there.
My question is with regards to how security works in this situation. I am
using JAAS and the DatabaseServerLoginModule. How do the credentials and
principals get passed around between the containers? Does the JAAS security
manager do everything for me or do I have to pass some of that information
around when trying to get a Context in the app container from the web
container.
I currently have a system set up to where it will authenticate the user
correctly, by creating a LoginContext and the first time I try to create an
InitialContext everything works fine. Then when the web user sends the next
request to the web container, it fails when I try to create an InitialContext.
Its almost as if I should be placing the Subject, which has been successfully
authenticated into a place somewhere where the containers can get to them when
trying to authorize. Am I on the correct path?
I guess I am looking for an answer to my problem as much as I am looking for
the correct way of looking at the big picture. If there are any other sources
that may help clarify this it would be much appreciated.
Below are the code snippets along with the error message I am getting. It is
the typical java.lang.SecurityException: Authentication exception,
principal=null error.
What follows are:
login-config.xml snippet
LoginContext snippet (which works)
InitialContext snippet (which works the first time and never again)
log output from JBoss
---------------------------------------------------------------------
login-config.xml snippet
<application-policy name = "Camp">
<login-module
code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
<module-option
name="dsJndiName">java:/PostgresDS</module-option>
<module-option name="principalsQuery">SELECT password
FROM tblPrincipals where username=?</module-option>
<module-option name="rolesQuery">select user_role as
Roles, 'Roles' from tblRoles where username=?</module-option>
</login-module>
<login-module code = "org.jboss.security.ClientLoginModule"
flag="required"></login-module>
</application-policy>
NOTE: One thing to note here is that unless it returned the string "Roles" for
the second column in the rolesQuery I could not get it authenticating AT ALL.
Very weird. It just came back with the principalRoles=null error that is so
common.
----------------------------------------------------------------------
LoginContext snippet
......
char[] pass = password.toCharArray();
PassiveCallbackHandler cbh = new PassiveCallbackHandler(userName, pass);
LoginContext lc = new LoginContext("Camp", cbh);
lc.login();
Subject s = lc.getSubject();
.....
NOTE: Do I need to do something with the Subject after its been authenticated?
DO I need to put it into the Context or into the Tomcat session? I do not do
anything with it after actually getting it from the LoginContext.
----------------------------------------------------------------------
InitialContext snippet
......
System.out.println("Performing <CAMP/report> home lookup");
try {
Context ctx = new InitialContext();
Object home = ctx.lookup("CAMP/report");
report_home pSearch = (report_home)
PortableRemoteObject.narrow (home, report_home.class);
return pSearch.create();
} catch (Exception e) {
e.printStackTrace();
}
NOTE: Do I need to be giving the InitialContext the principal and credentials
to the context before doing a lookup?
----------------------------------------------------------------------
Log snippet
12:31:20,717 INFO [STDOUT] Performing <CAMP/report> home lookup
12:31:20,950 INFO [STDOUT] java.rmi.AccessException: SecurityException; nested
exception is:
java.lang.SecurityException: Authentication exception, principal=null
12:31:20,952 INFO [STDOUT] at
org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:369)
12:31:20,954 INFO [STDOUT] at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
12:31:20,955 INFO [STDOUT] at
org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
12:31:20,956 INFO [STDOUT] at
org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
----------------------------------------------------------------------
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3860227#3860227
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3860227
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user
