Re: [Resteasy-users] Injecting an EJB in a Resteasy Resource authenticated with OAuth 2.0
Thank you for your answer? What's the better solution? In my architeture each application is on a specific jboss profile. Each application has several rest services inside it. I need a SSO solution including browser authetication and rest access in another application. The transactional control is implemented with EJB, so I need security context propagation too. My users and roles backend is in a OpenLDAP Server and I have a customized login module to access it. Resteasy OAUTH2 doesn't deal with ejb authentication. SSO valve works well, but only between apps in the same profile. What's the better solution to my environment? PicketLink, Keycloack or another one? Thanks in advance! Inácio -- The best possible search technologies are now affordable for all companies. Download your FREE open source Enterprise Search Engine today! Our experts will assist you in its installation for $59/mo, no commitment. Test it for FREE on our Cloud platform anytime! http://pubads.g.doubleclick.net/gampad/clk?id=145328191&iu=/4140/ostg.clktrk ___ Resteasy-users mailing list Resteasy-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/resteasy-users
Re: [Resteasy-users] Injecting an EJB in a Resteasy Resource authenticated with OAuth 2.0
I didn't actually solve this for the resteasy oauth implementation. We solved it in Keycloak, but I haven't been able to get back to resteasy to fix the problem there. On 5/22/2014 11:25 AM, JOSÉ INÁCIO DA SILVA JÚNIOR wrote: > Hi! > > My Resteasy/OAuth2.0 authentication environment is working perfect. > Everything is fine when I work in a web context. > But when I inject an EJB in a resteasy resource, I get the following > exception: > > 12:22:32,027 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] > (http--10.0.21.52-8443-5) Bad password for username=customer-portal > 12:22:32,027 ERROR > [org.jboss.security.authentication.JBossCachedAuthenticationManager] > (http--10.0.21.52-8443-5) Login failure: > javax.security.auth.login.FailedLoginException: Password Incorrect/Password > Required > at > org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) > [picketbox-4.0.7.Final.jar:4.0.7.Final] > at > org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) > [picketbox-4.0.7.Final.jar:4.0.7.Final] > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > [rt.jar:1.7.0_55] > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > [rt.jar:1.7.0_55] > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > [rt.jar:1.7.0_55] > at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55] > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) > [rt.jar:1.7.0_55] > at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) > [rt.jar:1.7.0_55] > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) > [rt.jar:1.7.0_55] > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) > [rt.jar:1.7.0_55] > at java.security.AccessController.doPrivileged(Native Method) > [rt.jar:1.7.0_55] > at > javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) > [rt.jar:1.7.0_55] > at javax.security.auth.login.LoginContext.login(LoginContext.java:595) > [rt.jar:1.7.0_55] > at > org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) > [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] > at > org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) > [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] > at > org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) > [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] > at > org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) > [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] > at > org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:306) > [jboss-as-security-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:272) > [jboss-as-security-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at java.security.AccessController.doPrivileged(Native Method) > [rt.jar:1.7.0_55] > at > org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) > [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) > [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] > at > org.jboss.as.e
[Resteasy-users] Injecting an EJB in a Resteasy Resource authenticated with OAuth 2.0
Hi! My Resteasy/OAuth2.0 authentication environment is working perfect. Everything is fine when I work in a web context. But when I inject an EJB in a resteasy resource, I get the following exception: 12:22:32,027 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--10.0.21.52-8443-5) Bad password for username=customer-portal 12:22:32,027 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--10.0.21.52-8443-5) Login failure: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:270) [picketbox-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:155) [picketbox-4.0.7.Final.jar:4.0.7.Final] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55] at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55] at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55] at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final] at org.jboss.as.security.service.SimpleSecurityManager.authenticate(SimpleSecurityManager.java:306) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.security.service.SimpleSecurityManager.push(SimpleSecurityManager.java:272) [jboss-as-security-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:49) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55] at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:32) [jboss-as-ejb3-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.1.1.Final.jar:7.1.1.Final] at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final] at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invo