Problemas de autenticação usando JAAS

chun · Março 28, 2005, 3:13pm

Estou tentando fazer um bean ser autenticado via JAAS no banco de dados… porem nada funciona HEHEHE vamos a codigo…

Session Bean

public class TestSession implements SessionBean {

    private static final long serialVersionUID = 3257281444152751410L;
    private SessionContext ctx;
    
    
    public String ping() {
        System.out.println("TestBean PING ! Sending PONG ...");
        return "pong";
    }
    
    public void setSessionContext(SessionContext arg0) throws EJBException, RemoteException {
        this.ctx = arg0;
        System.out.println("TestBean Setado Contexto - [" + this.hashCode() + "]");
    }

    public void unsetSessionContext() throws EJBException, RemoteException {
        this.ctx = null;
        System.out.println("TestBean Retirado o Contexto - [" + this.hashCode() + "]");
    }

    public void ejbCreate() throws CreateException {
        System.out.println("TestBean Criado - [" + this.hashCode() + "]");
    }

    public void ejbRemove() throws EJBException, RemoteException {
        System.out.println("TestBean Removido - [" + this.hashCode() + "]");
    }
    
    public void ejbActivate() throws EJBException, RemoteException {
        System.out.println("TestBean Ativado - [" + this.hashCode() + "]");
    }

    public void ejbPassivate() throws EJBException, RemoteException {
        System.out.println("TestBean Passivado - [" + this.hashCode() + "]");
    }

}

O client de conexao é

public class TesteSessionClient {

    public static void main(String[] args) throws Exception {
      
      System.setProperty("java.security.auth.login.config","c:/Projetos/Teste Bean/production/auth.conf");
      SecurityAssociationHandler handler = new SecurityAssociationHandler();

      Principal userPrincipal = new Principal()
      {
      public String getName()
      {
      return "dyego";
      }
      };

      handler.setSecurityInfo( userPrincipal, "123");
      LoginContext loginContext = new LoginContext( "joseDomain", ( CallbackHandler ) handler );
      loginContext.login();
        
        
        Properties props = System.getProperties();
        TestSessionRemote TestSession_obj;
        
        props.setProperty("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
        props.setProperty("java.naming.provider.url", "jnp://192.168.0.1:1099");
        Context ctx = new InitialContext(props);
        Object obj = ctx.lookup("TestSession");
        TestSessionHome TestSessionHome_obj = (TestSessionHome) PortableRemoteObject.narrow(obj, TestSessionHome.class);
        TestSession_obj = TestSessionHome_obj.create();
        System.out.println(TestSession_obj.ping());

    }
}

Meu auth.conf eh


joseDomain {
required;
      org.jboss.security.ClientLoginModule  required;
};

meu login-config.xml eh

 <application-policy name = "joseDomain">
           <authentication>
             <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/JoseDS</module-option>
             <module-option name = "principalsQuery">SELECT js_password from jaas_auth where js_user=?</module-option>
             <module-option name = "rolesQuery">SELECT js_role as Role,"roles" as RoleGroup FROM jaas_auth where js_user=?</module-option>
             </login-module>
          </authentication>
    </application-policy>

Meu ejb-jar eh:

<?xml version="1.0" encoding="UTF-8"?>
<ejb-jar xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.1" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/ejb-jar_2_1.xsd">
<display-name> Teste Bean Server Side </display-name> 
	<enterprise-beans>


      <!-- Session Bean de Teste -->
      <session>
         <ejb-name>TestSession</ejb-name>
         <home>br.com.escriba.testebean.session.interfaces.TestSessionHome</home>
         <remote>br.com.escriba.testebean.session.interfaces.TestSessionRemote</remote>
         <local-home>br.com.escriba.testebean.session.interfaces.TestSessionLocalHome</local-home>
         <local>br.com.escriba.testebean.session.interfaces.TestSessionLocal</local>
         <ejb-class>br.com.escriba.testebean.session.TestSession</ejb-class>
         <session-type>Stateless</session-type>
         <transaction-type>Container</transaction-type>
      </session>
	</enterprise-beans>
	
	
	
	
<!-- Descritor de Instalação -->
<assembly-descriptor>

 <method-permission>
      <role-name>admin</role-name>
      <method> 
         <ejb-name>TestSession</ejb-name>
         <method-name>ping</method-name>
      </method>
   </method-permission>

</assembly-descriptor>
	
</ejb-jar>

O erro que esta ocorrendo ao tentar rodar o client é:

16:27:29,704 ERROR [SecurityInterceptor] Insufficient method permissions, principal=dyego, method=create, interface=HOME, requiredRoles=[], principalRoles=null
16:27:29,705 ERROR [LogInterceptor] EJBException in method: public abstract br.com.escriba.testebean.session.interfaces.TestSessionRemote br.com.escriba.testebean.session.interfaces.TestSessionHome.create() throws javax.ejb.CreateException,java.rmi.RemoteException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=dyego, method=create, interface=HOME, requiredRoles=[], principalRoles=null
        at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
        at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
        at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
        at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
        at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
        at org.jboss.ejb.Container.invoke(Container.java:876)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
        at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:775)
        at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
        at sun.reflect.GeneratedMethodAccessor74.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
        at sun.rmi.transport.Transport$1.run(Transport.java:153)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:595)

Alguem sabe o que fazer ?

rafabene · Março 28, 2005, 3:28pm

Se você quer que o TestBean seja criado por qualquer um e apenas o metodo ping seja acessado pela role admin, Adicione as linhas abaixo no seu ejb-jar.xml

<method-permission >
<unchecked/>
<method >
<ejb-name>TestSession</ejb-name>
<method-intf>Home</method-intf>
<method-name>create</method-name>
<method-params>
</method-params>
</method>
</method-permission>
<method-permission>
<role-name>admin</role-name>
<method>
<ejb-name>TestSession</ejb-name>
<method-name>ping</method-name>
</method>
</method-permission>

</assembly-descriptor>

rafabene · Março 28, 2005, 3:30pm

Agora ficou mais nitido:

&lt;method-permission &gt;
    &lt;unchecked/&gt;
    &lt;method &gt;
        &lt;ejb-name&gt;TestSession&lt;/ejb-name&gt;
        &lt;method-intf&gt;Home&lt;/method-intf&gt;
        &lt;method-name&gt;create&lt;/method-name&gt;
        &lt;method-params&gt;
        &lt;/method-params&gt;
    &lt;/method&gt;
&lt;/method-permission&gt;
&lt;method-permission&gt;
    &lt;role-name&gt;admin&lt;/role-name&gt;
    &lt;method&gt;
    &lt;ejb-name&gt;TestSession&lt;/ejb-name&gt;
    &lt;method-name&gt;ping&lt;/method-name&gt;
    &lt;/method&gt;
&lt;/method-permission&gt;

chun · Março 28, 2005, 3:41pm

Beleza , agora cria , porem mesmo colocando o usuario e senha ele nao permite acessar o metodo PING

o erro é :

6:52:59,808 ERROR [SecurityInterceptor] Insufficient method permissions, principal=dyego, method=ping, interface=REMOTE, requiredRoles=[admin], principalRoles=null
16:52:59,809 ERROR [LogInterceptor] EJBException in method: public abstract java.lang.String br.com.escriba.testebean.session.interfaces.TestSessionRemote.ping() throws java.rmi.RemoteException, causedBy:
java.lang.SecurityException: Insufficient method permissions, principal=dyego, method=ping, interface=REMOTE, requiredRoles=[admin], principalRoles=null
        at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:219)
        at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:118)
        at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
        at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
        at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
        at org.jboss.ejb.Container.invoke(Container.java:854)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:242)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:642)
        at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:775)
        at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
        at sun.reflect.GeneratedMethodAccessor74.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
        at sun.rmi.transport.Transport$1.run(Transport.java:153)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
        at java.lang.Thread.run(Thread.java:595)

O mais curioso que ele insiste dizer que principalRoles=null e na minha tabela eu tenho roles veja:

+-------------+--------------+------+-----+---------+----------------+
| Field       | Type         | Null | Key | Default | Extra          |
+-------------+--------------+------+-----+---------+----------------+
| js_id       | int(8)       |      | PRI | NULL    | auto_increment |
| js_user     | varchar(255) | YES  |     | NULL    |                |
| js_password | varchar(255) | YES  |     |         |                |
| js_role     | varchar(255) | YES  |     |         |                |
+-------------+--------------+------+-----+---------+----------------+

e os registros :

+-------+---------+-------------+---------+
| js_id | js_user | js_password | js_role |
+-------+---------+-------------+---------+
|     1 | dyego   | 123         | admin   |
|     2 | guest   |             | guest   |
+-------+---------+-------------+---------+

Sabe o q pode estar acontecendo ?

[quote=rafabene]Agora ficou mais nitido:

<method-permission > <unchecked/> <method > <ejb-name>TestSession</ejb-name> <method-intf>Home</method-intf> <method-name>create</method-name> <method-params> </method-params> </method> </method-permission> <method-permission> <role-name>admin</role-name> <method> <ejb-name>TestSession</ejb-name> <method-name>ping</method-name> </method> </method-permission>[/quote]

net_sandro · Março 28, 2005, 7:33pm

Não sei se o case-sensitive no “roles” do seu select gera problema, mas não custa tentar.

Tenta trocar:

SELECT js_role as Role,"roles" as RoleGroup

por

SELECT js_role as Role,"Roles" as RoleGroup

:roll:

bebad · Julho 9, 2007, 6:48pm

isso funcionou ?

system · Dezembro 30, 2015, 3:35pm

Problemas de autenticação usando JAAS

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI