[JBoss-user] [Security & JAAS/JBoss] - Authentication failed calling @Service from session bean @Po

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi,

In an EJB 3.0 application I have methods on a session bean that delegate calls to a POJO @Service.

I have just started to apply security, starting with a UsersRolesLoginModule which seems to be working for the session bean calls from the client.

I presume that if the authenticated user can call a method on the session bean, that the session bean can call a method on the @Service with identical @RolesAllowed, but I get a javax.ejb.EJBAccessException: Authentication failure.

Method on session bean:

@SecurityDomain("mydomain") @PermitAll
public @Stateful class UserSessionBean implements UserSession {

	@EJB 
	ServerLocal server;

	@PostConstruct 
	public void initSession() {
		logger.info("UserSession @PostConstruct");
		sessionID = server.registerUserSession();
	}

};

Error:
15:22:31,105 ERROR [STDERR] java.lang.RuntimeException: javax.ejb.EJBAccessException: Authentication failure
15:22:31,105 ERROR [STDERR]     at org.jboss.ejb3.interceptor.LifecycleInterceptorHandler.postConstruct(LifecycleInterceptorHandler.java:109)
15:22:31,105 ERROR [STDERR]     at org.jboss.ejb3.EJBContainer.invokePostConstruct(EJBContainer.java:582)
15:22:31,105 ERROR [STDERR]     at org.jboss.ejb3.AbstractPool.create(AbstractPool.java:108)
15:22:31,105 ERROR [STDERR]     at org.jboss.ejb3.ThreadlocalPool.get(ThreadlocalPool.java:48)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.cache.simple.SimpleStatefulCache.create(SimpleStatefulCache.java:207)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:288)
15:22:31,106 ERROR [STDERR]     at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
15:22:31,106 ERROR [STDERR]     at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
15:22:31,106 ERROR [STDERR]     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
15:22:31,106 ERROR [STDERR]     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
15:22:31,106 ERROR [STDERR]     at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
15:22:31,106 ERROR [STDERR]     at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
15:22:31,106 ERROR [STDERR]     at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
15:22:31,106 ERROR [STDERR] Caused by: javax.ejb.EJBAccessException: Authentication failure
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
15:22:31,106 ERROR [STDERR]     at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:71)
15:22:31,106 ERROR [STDERR]     at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
15:22:31,106 ERROR [STDERR]     at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
15:22:31,106 ERROR [STDERR]     at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.service.ServiceContainer.localInvoke(ServiceContainer.java:199)
15:22:31,106 ERROR [STDERR]     at org.jboss.ejb3.service.ServiceLocalProxy.invoke(ServiceLocalProxy.java:75)
15:22:31,106 ERROR [STDERR]     at $Proxy246.registerUserSession(Unknown Source)
15:22:31,106 ERROR [STDERR]     at org.myapplication.server.UserSessionBean.initSession(UserSessionBean.java:62)
15:22:31,106 ERROR [STDERR]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:22:31,107 ERROR [STDERR]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
15:22:31,107 ERROR [STDERR]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
15:22:31,107 ERROR [STDERR]     at java.lang.reflect.Method.invoke(Method.java:585)
15:22:31,107 ERROR [STDERR]     at org.jboss.ejb3.interceptor.LifecycleInvocationContextImpl.proceed(LifecycleInvocationContextImpl.java:159)
15:22:31,107 ERROR [STDERR]     at org.jboss.ejb3.interceptor.LifecycleInterceptorHandler.postConstruct(LifecycleInterceptorHandler.java:105)
15:22:31,107 ERROR [STDERR]     ... 12 more
15:22:31,107 ERROR [STDERR] Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
15:22:31,107 ERROR [STDERR]     at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
15:22:31,107 ERROR [STDERR]     at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
15:22:31,107 ERROR [STDERR]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
15:22:31,110 ERROR [STDERR]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
15:22:31,110 ERROR [STDERR]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
15:22:31,110 ERROR [STDERR]     at java.lang.reflect.Method.invoke(Method.java:585)
15:22:31,110 ERROR [STDERR]     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
15:22:31,110 ERROR [STDERR]     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
15:22:31,110 ERROR [STDERR]     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
15:22:31,110 ERROR [STDERR]     at java.security.AccessController.doPrivileged(Native Method)
15:22:31,110 ERROR [STDERR]     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
15:22:31,110 ERROR [STDERR]     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
15:22:31,110 ERROR [STDERR]     at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
15:22:31,110 ERROR [STDERR]     at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
15:22:31,110 ERROR [STDERR]     at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
15:22:31,110 ERROR [STDERR]     at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121)
15:22:31,110 ERROR [STDERR]     at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67)
15:22:31,110 ERROR [STDERR]     ... 27 more

I'm unable to rule out the possibility that the client is failing to authenticate, this is as far as I have got.

To the more experienced with Jboss/EJB3 security, my question is, should the @PostConstruct method be able to call the @Service method and will the identity of the logged-in user apply to the call?

Or is this simply a failure to authenticate at all what with this being the first method call?
The worrying thing is that on the client according to debug log messages, my simple CallbackHandler passed to LoginContext never gets called for the username and password. This I am also confused about.

The client code looks like this:

		System.setProperty("java.security.auth.login.config", "src/META-INF/auth.conf");
			CallbackHandler myHandler = new LoginCallbackHandler();
//			LoginContext lc = new LoginContext("testuser", myHandler);
			LoginContext lc = new LoginContext("mydomain", new org.jboss.security.auth.callback.UsernamePasswordHandler("testuser", "testpass"));
			try {
				lc.login();
			}
	        catch (LoginException le)
	        {
	            System.out.println("Login failed");
	            le.printStackTrace();
	        }

			Properties env = new Properties();
//			env.setProperty(Context.SECURITY_PRINCIPAL, "testuser");
//			env.setProperty(Context.SECURITY_CREDENTIALS, "testpass");
			env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
			env.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interfaces"); // MC
			env.setProperty(Context.PROVIDER_URL, hostname);

			// Contact EJB server
//			Context ctx = new LoginInitialContextFactory().getInitialContext(env);
			InitialContext ctx = new InitialContext(env); 
			session = (UserSession) ctx.lookup("MyApplication/UserSessionBean/remote");

I have spent all day looking on the web and in forums for hints, and trying things.

Can anyone help?

Matt

View the original post : http://staging.jboss.com/index.html?module=bb&op=viewtopic&p=3890825#3890825

Reply to the post : http://staging.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3890825