My oh my this week has given me headaches. I went through hundreds of lines
of code for both geronimo and OpenEJB, and I can't seem to figure out why
this isn't working. From what I've found on the internet it should work
(unless I'm missing something).
OK. So I have this EJB:
@Stateless
@DeclareRoles( { "Admin" })
@RolesAllowed( { "Admin" })
public class TestBean implements TestRemote, TestLocal
{
@Resource
private SessionContext sessionCtx;
public String getInfo()
{
Principal p = sessionCtx.getCallerPrincipal();
StringBuilder sb = new StringBuilder();
sb.append("\n").append("Principal: " + p.getName() + " - type: " +
p.getClass().getCanonicalName());
return sb.toString();
}
}
getInfo() is a Remote method.
Then it's deploy plan contains:
<security doas-current-called="true" default-role="Admin">
</security>
And I do a remote lookup as follows:
Properties p = new Properties();
p.put("java.naming.factory.initial",
"org.apache.openejb.client.RemoteInitialContextFactory");
p.put("java.naming.provider.url", "ejbd://localhost:4201");
// user and pass optional
p.put("openejb.authentication.realmName", "KMSRealm");
p.put("java.naming.security.principal", "quintin");
p.put("java.naming.security.credentials", "pass");
InitialContext ctx = new InitialContext(p);
TestRemote myBean = (TestRemote) ctx.lookup("TestBeanRemote");
String info = myBean.getInfo();
When I run the code I get an: Exception in thread "main"
javax.ejb.EJBAccessException: Unauthorized Access by Principal Denied
So, I remove the security definitions from the EJB and it's deploy plan, the
method executes, and the Principal it returns is UnauthenticatedPrincipal.
KMSRealm is a server wide SQLLoginModule realm defined in the geronimo
console. I know the login works, because changing the InitialContext
credentials causes the login to fail. So all this works.
I am basically trying to login via EJB, and then be able to do two things
(1) define authorizations on the EJBs/methods (2) Retrieve the
Subject/Principal. Both of these are very important.
I've also tried replacing my <security> element in the deploy plan to this:
<security>
<default-subject>
<realm>KMSRealm</realm>
<id>quintin</id>
</default-subject>>
</security>
But then I get the following when deploying:
Error: Operation failed: start of kms/KMSPlatform-ejb/1.0/jar failed
Unknown start exception
Configuration kms/KMSPlatform-ejb/1.0/jar failed to start due to
the following reasons:
The service
EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=PersonnelBean
did not start because
kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
did not start.
The service
EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=StatelessSessionBean,name=TestBean
did not start because
kms/KMSPlatform-ejb/1.0/jar?EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
did not start.
The service
EJBModule=kms/KMSPlatform-ejb/1.0/jar,J2EEApplication=null,j2eeType=JACCManager,name=JACCManager
did not start because Unknown realm: KMSRealm
I am up to my head in frustration. I gave Geronimo a try on a redev of a
project, but what took me about half a day to setup on Glassfish has now
taken me a week. Can anyone please help me out, because I really want to
have Geronimo's benefits in my applications.
--
Quintin Beukes
