Problems using JAAS with EJB 3.0 on JBoss 4.0.4-GA

Similar Messages

• Problem using XSU with EJB

  Hello
  1) I have trouble when using the Oracle XML SQL Ulitity (XSU) with Enterprise Java Beans (EJB).
  This is due to that
  oracle.xml.sql.OracleXMLSQLException extends RuntimeException
  i.e. is interpreted by the EJB container as a system exception.
  (java.sql.SQLException extends Exception)
  2) Is there anywhere I can submit a change suggestion to the XSU developer team?
  Regards
  Ole

  Hello
  1) I have trouble when using the Oracle XML SQL Ulitity (XSU) with Enterprise Java Beans (EJB).
  This is due to that
  oracle.xml.sql.OracleXMLSQLException extends RuntimeException
  i.e. is interpreted by the EJB container as a system exception.
  (java.sql.SQLException extends Exception)
  2) Is there anywhere I can submit a change suggestion to the XSU developer team?
  Regards
  Ole

• Has anyone used JAAS with WebLogic?

  Has anyone used JAAS with Weblogic? I was looking at their example, and I have a bunch of questions about it. Here goes:
  Basically the problem is this: the plug-in LoginModule model of JAAS used in WebLogic (with EJB Servers) seems to allow clients to falsely authenticate.
  Let me give you a little background on what brought me to this. You can find the WebLogic JAAS example (to which I refer below) in the pdf: http://e-docs.bea.com/wls/docs61/pdf/security.pdf . (I believe you want pages 64-74) WebLogic, I believe goes about this all wrong. They allow the client to use their own LoginModules, as well as CallBackHandlers. This is dangerous, as it allows them to get a reference (in the module) to the LoginContext's Subject and authenticate themselves (i.e. associate a Principal with the subject). As we know from JAAS, the way AccessController checks permissions is by looking at the Principal in the Subject and seeing if that Principal is granted the permission in the "policy" file (or by checking with the Policy class). What it does NOT do, is see if that Subject
  has the right to hold that Principal. Rather, it assumes the Subject is authenticated.
  So a user who is allowed to use their own Module (as WebLogic's example shows) could do something like:
  //THEIR LOGIN MODULE (SOME CODE CUT-OUT FOR BREVITY)
  public class BasicModule implements LoginModule
  private NameCallback strName;
  private PasswordCallback strPass;
  private CallbackHandler myCB;
  private Subject subj;
           //INITIALIZE THIS MODULE
             public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
                    try
                         //SET SUBJECT
                           subj = subject;  //NOTE: THIS GIVES YOU REFERENCE
  TO LOGIN CONTEXT'S SUBJECT
                                                   // AND ALLOWS YOU TO PASS
  IT BACK TO THE LOGIN CONTEXT
                         //SET CALLBACKHANDLERS
                           strName = new NameCallback("Your Name: ");
                           strPass = new PasswordCallback("Password:", false);
                           Callback[] cb = { strName, strPass };
                         //HANDLE THE CALLBACKS
                           callbackHandler.handle(cb);
                    } catch (Exception e) { System.out.println(e); }
       //LOG THE USER IN
         public boolean login() throws LoginException
            //TEST TO SEE IF SUBJECT HOLDS ANYTHING YET
            System.out.println( "PRIOR TO AUTHENTICATION, SUBJECT HOLDS: " +
  subj.getPrincipals().size() + " Principals");
            //SUBJECT AUTHENTICATED - BECAUSE SUBJECT NOW HOLDS THE PRINCIPAL
             MyPrincipal m = new MyPrincipal("Admin");
             subj.getPrincipals().add(m);
             return true;
           public boolean commit() throws LoginException
                 return true;
      }(Sorry for all that code)
  I tested the above code, and it fully associates the Subject (and its principal) with the LoginContext. So my question is, where in the process (and code) can we put the LoginContext and Modules so that a client cannot
  do this? With the above example, there is no Security. (a call to: myLoginContext.getSubject().doAs(...) will work)
  I think the key here is to understand JAAS's plug-in security model to mean:
  (Below are my words)
  The point of JAAS is to allow an application to use different ways of authenticating without changing the application's code, but NOT to allow the user to authenticate however they want.
  In WebLogic's example, they unfortunately seem to have used the latter understanding, i.e. "allow the user to authenticate however they want."
  That, as I think I've shown, is not security. So how do we solve this? We need to put JAAS on the server side (with no direct JAAS client-side), and that includes the LoginModules as well as LoginContext. So for an EJB Server this means that the same internal permission
  checking code can be used regardless of whether a client connects through
  RMI/RMI-IIOP/JEREMIE (etc). It does NOT mean that the client gets to choose
  how they authenticate (except by choosing YOUR set ways).
  Before we even deal with a serialized subject, we need to see how JAAS can
  even be used on the back-end of an RMI (RMI-IIOP/JEREMIE) application.
  I think what needs to be done, is the client needs to have the stubs for our
  LoginModule, LoginContext, CallBackHandler, CallBacks. Then they can put
  their info into those, and everything is handled server-side. So they may
  not even need to send a Subject across anyways (but they may want to as
  well).
  Please let me know if anyone sees this problem too, or if I am just completely
  off track with this one. I think figuring out how to do JAAS as though
  everything were local, and then putting RMI (or whatever) on top is the
  first thing to tackle.

  Send this to:
  newsgroups.bea.com / security-group.

• Client remote Authentication using JAAS and EJB Access

  Hi,
  I have a problem using JAAS in combination with Sun One Appserver 8.1 and a java remote client trying to access an EJB. Here is the scenario:
  I have implemented an EJB who's methods are protected through the deployment descriptor:
          <assembly-descriptor>
               <security-role>
                  <description>role for clients outside of the server </description>
                  <role-name>sedna</role-name>
                </security-role>
              <method-permission>
                <role-name>sedna</role-name>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-intf>Remote</method-intf>
                  <method-name>*</method-name>
                </method>
              </method-permission>
              <method-permission>
                <unchecked/>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>getVersion</method-name>
                </method>
                <method>
                  <ejb-name>ServerInfoBean</ejb-name>
                  <method-name>create</method-name>
                </method>
              </method-permission>
          </assembly-descriptor>I've deployed the EJB in a jar file which was packed into an ear file of a bigger application. The role has been mapped to the admin Principal in the sun-ejb-jar.xml descriptor.
  I can find the EJB, create it, and call the unchecked method getVersion and that works fine, so far so good.
  But then I try to access another method which is protected and then I get this exception
  org.omg.CORBA.NO_PERMISSION:   vmcid: 0x2000  minor code: 1806 completed: Maybe
          at com.sun.enterprise.iiop.POAProtocolMgr.mapException(POAProtocolMgr.java:179)
          at com.sun.ejb.containers.BaseContainer.postInvoke(BaseContainer.java:853)
          at com.sun.ejb.containers.EJBObjectInvocationHandler.invoke(EJBObjectInvocationHandler.java:137)
  ...I have to mention that I do make a login via the LoginContext. My jaas.config File has a reference to the com.sun.enterprise.security.auth.login.ClientPasswordLoginModule module.
  After login (which works perfectly) I lookup the context with a corbaname url which - if I understood it right - ignores the Context.SECURITY_PRINCIPAL and Context.SECURITY_CREDENTIALS settings.
  After that I make the calls to the EJB. And I am allways ANONYMOUS on the server side, which is definitely the problem. Because ANONYMOUS is not allowed to call the protected EJB Methods. But I made a jaas login in advance. So where am I making a mistake???
  Am I doing something wrong?
  Need help! Thx,
  Stephan

  Hi.
  I understand correctly that you call Subject.doAs on
  the client to call the remote EJB. I guess It isn't
  right way.I had also a bad feeling about this, so I forget it. But anyway it wasn't working with or without using that doAs().
  >
  >
  Subject contextSubject =
  Subject.getSubject(AccessController.getContext());
  contextSubject.getPrincipals();This code throws exceptions in the Appserver. Unfortunately they are catched somewhere so I'm unable to find out what was going wrong. But I guess, that these exceptions where security exceptions. Never the less thanks for the hint!
  But I don't think that doing the check on the server side is the way I want to go because that is programmatically security and I want to use the declarative security which can be used through the deployment descriptor. If used correctly - and supposed I do not completely misunderstand the specification - then it should be possible to create an EJB that is protected via it's deployment descriptor and access it through the client only if the client has been authenticated through JAAS mechanisms. After successful authentication the principal should be accessible through the EJB context but not for security check, that should allready been done at this time.
  Unfortunately I don't find any resource on the internet describing the scenario in such a detail that I can reproduce it. There are only very high level documentations and hints in forums.
  Again, thanks for your effort,
  Stephan

• Problem using Toplink with JUnit

  Hi,
  I have a problem using Toplink with JUnit. Method under test is very simple: it use a static EntityManager object to open a transaction and persists data to db. When I invoke the method from a test method, it gives me the exception:
  java.lang.AssertionError
       at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.computePURootURL(PersistenceUnitProcessor.java:248)
       at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.findPersistenceArchives(PersistenceUnitProcessor.java:232)
       at oracle.toplink.essentials.ejb.cmp3.persistence.PersistenceUnitProcessor.findPersistenceArchives(PersistenceUnitProcessor.java:216)
       at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.initialize(JavaSECMPInitializer.java:239)
       at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.initializeFromMain(JavaSECMPInitializer.java:278)
       at oracle.toplink.essentials.internal.ejb.cmp3.JavaSECMPInitializer.getJavaSECMPInitializer(JavaSECMPInitializer.java:81)
       at oracle.toplink.essentials.ejb.cmp3.EntityManagerFactoryProvider.createEntityManagerFactory(EntityManagerFactoryProvider.java:119)
       at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:83)
       at javax.persistence.Persistence.createEntityManagerFactory(Persistence.java:60)
       at it.valerio.electromanager.model.EntityFacade.<clinit>(EntityFacade.java:12)
       at it.valerio.electromanager.business.ClienteBiz.insertIntoDatabase(ClienteBiz.java:36)
       at it.valerio.electromanager.test.model.ClienteTest.insertDBTest(ClienteTest.java:30)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at org.junit.internal.runners.TestMethodRunner.executeMethodBody(TestMethodRunner.java:99)
       at org.junit.internal.runners.TestMethodRunner.runUnprotected(TestMethodRunner.java:81)
       at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
       at org.junit.internal.runners.TestMethodRunner.runMethod(TestMethodRunner.java:75)
       at org.junit.internal.runners.TestMethodRunner.run(TestMethodRunner.java:45)
       at org.junit.internal.runners.TestClassMethodsRunner.invokeTestMethod(TestClassMethodsRunner.java:66)
       at org.junit.internal.runners.TestClassMethodsRunner.run(TestClassMethodsRunner.java:35)
       at org.junit.internal.runners.TestClassRunner$1.runUnprotected(TestClassRunner.java:42)
       at org.junit.internal.runners.BeforeAndAfterRunner.runProtected(BeforeAndAfterRunner.java:34)
       at org.junit.internal.runners.TestClassRunner.run(TestClassRunner.java:52)
       at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:38)
       at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38)
       at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:460)
       at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:673)
       at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:386)
       at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:196)
  Where is the problem???
  Regards,
  Valerio

  EntityFacade class is very simple and it uses a static EntityManager object. Here the code:
  public class EntityFacade {
       private static EntityManager em = Persistence.createEntityManagerFactory("ElectroManager").createEntityManager();
       private static Logger logger=Logger.getLogger(EntityFacade.class);
       public static void insertCliente(Cliente c)
            logger.debug("Inserisco cliente nel db: " + c);
            em.getTransaction().begin();
            c.setId(getNextIdForTable("Cliente"));
            em.persist(c);
            em.getTransaction().commit();
  If I call the method from inside a main it works well, so I think the problem is not the classpath neither the URL in the persistence.xml. However the URL is:
  <property name="toplink.jdbc.url" value="jdbc:derby:c:/programmi/ElectroManager/db/electroManager"/>
  I use the latest build version of TopLink.
  Thanks.

• Problem Using Multiple With Statements

  I'm having a problem using multiple WITH statements. Oracle seems to be expecting a SELECT statement after the first one. I need two in order to reference stuff from the second one in another query.
  Here's my code:
  <code>
  WITH calculate_terms AS (SELECT robinst_current_term_code,
  CASE
  WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '40'
  WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '100'
  END first_term,
  CASE
  WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '100'
  WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '160'
  END second_term
  FROM robinst
  WHERE robinst_aidy_code = :aidy)
  /*Use terms from calculate_terms to generate attendance periods*/
  WITH gen_attn_terms AS
  SELECT
  CASE
  WHEN first_term LIKE '%60' THEN 'Fall '||substr(first_term,0,4)
  WHEN first_term LIKE '%20' THEN 'Spring '||substr(first_term,0,4)
  END first_attn_period,
  CASE
  WHEN second_term LIKE '%60' THEN 'Fall '||substr(second_term,0,4)
  WHEN second_term LIKE '%20' THEN 'Spring '||substr(second_term,0,4)
  END second_attn_period
  FROM calculate_terms
  SELECT *
  FROM gen_attn_terms
  <code>
  I get ORA-00928: missing SELECT keyword error. What could be the problem?

  You can just separate them with a comma:
  WITH calculate_terms AS (SELECT robinst_current_term_code,
  CASE
  WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '40'
  WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '100'
  END first_term,
  CASE
  WHEN robinst_current_term_code LIKE '%60' THEN robinst_current_term_code - '100'
  WHEN robinst_current_term_code LIKE '%20' THEN robinst_current_term_code - '160'
  END second_term
  FROM robinst
  WHERE robinst_aidy_code = :aidy),
  /*Use terms from calculate_terms to generate attendance periods*/
  gen_attn_terms AS
  SELECT
  CASE
  WHEN first_term LIKE '%60' THEN 'Fall '||substr(first_term,0,4)
  WHEN first_term LIKE '%20' THEN 'Spring '||substr(first_term,0,4)
  END first_attn_period,
  CASE
  WHEN second_term LIKE '%60' THEN 'Fall '||substr(second_term,0,4)
  WHEN second_term LIKE '%20' THEN 'Spring '||substr(second_term,0,4)
  END second_attn_period
  FROM calculate_terms
  )Not tested because there are no scripts.

• Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Any Problems using SSL with Safari and the move with Internet explorer to require only TLS encryption.

  Hi .
  Apple no longer supports Safari for Windows if that's what you are asking >  Apple apparently kills Windows PC support in Safari 6.0
  Microsoft has not written IE for Safari for many years.

• Do i have to use JNDI with EJBS?

  Hi
  I want to use JNDI to lookup a system which i will send messages to using JMS. I would like to have some java classes on Tomcat to do the job. But...whenever i hear about JNDI it is always in relation to EJBs. Can i only use JNDI with EJBS?
  If i can use JNDI is there anything important i need to know about.
  Thanks in advance!
  San H.

  You can definitely use JNDI outside of EJB's - in particular, it's a great interface for dealing with LDAP servers, even securely, and can also be used for DNS interfacing, COS, RMI registries, etc.
  While JNDI was chosen as the method by which J2EE components can locate other components in a distributed environment, it's by no means limited to that task :) It's a wonderful API, and in terms of things you need to know, most everything is covered fairly well at the JNDI tutorial in the various trails that are mapped out there.
  http://java.sun.com/products/jndi/tutorial/
  Good luck!
  James
  James Manning | Principal Engineer
  Porivo Technologies, Inc.
  919.806.0566 | [email protected]
  http://www.porivo.com/
  Measuring end-to-end Web performance.
  Register for a FREE Performance appraisal:
  http://www.porivo.com/peerReview/eval.html

• Do i have to use JMS with EJBS?

  Hi
  I want to use JMS as a messaging system (a queue) between my system and someone elses. I would like to have some java classes on Tomcat to do the job. But...whenever i hear about JMS i always hear it in relation to EJBs. Can i only use JMS with EJBS?
  If i can use JMS is there anything important i need to know about.
  Thanks in advance!
  San H.

  As far as I understand you are use JNDI and JMS is not bound with EJB's. These are java API's which are independent. Like JDBC you can use with Servlets, Applets, standalone applications, EJB, JMS etc etc.......
  In the same way you can use JNDI and JMS with diferent API. And the important feature of Java is that all java API interact with each other when these are independent. I would appricate comments of everyone......................Thanks

• Problem using ViewObject with bc4j:table

  Hello !!
  This is the query of my ViewObject:
  select * from speiseplan order by jahr desc, kw desc;
  and everything works fine in the BC4J tester:
  jahr kw
  2003 52
  2003 7
  2003 3
  2002 51
  But in my uix page the rows are not correctly sorted:
  jahr kw
  2003 3
  2003 7
  2003 52
  2002 51
  What's going wrong here?
  Thanks for your help.
  Regards,
  Mareike

  Duplicate post.
  Original problem using ViewObject with <bc4j:table>

• Problems using iCloud with Mountain Lion on iMac8,1

  problems using iCloud with Mountain Lion on iMac8,1 - about 5J old - iMac gets slower and slower - total free memory is used in some minutes - no more reaction on input

  Download > http://codykrieger.com/gfxCardStatus Open it and select Integrated Only. It's a bug with NVIDIA graphic cards

• How integrate JAAS with EJB Server?

  I want to use JAAS to create a security Handler for an open source EJB Server. Does anyone have some suggestions on how best to integrate this with EJB's (using EJB 1.1 for now)?
  Any ideas, or problems you might see, or things to be careful of are all welcome!

  Weblogic 6 actually provides this as an example. They use JAAS login modules for authentication purposes. I don't think this integration is too difficult. In integrating authorization I believe they just delegate to one of their security realms.

• Problems using SessionBroker with WebSphere

  Hello!
  I have some problems using a SessionBroker with WebSphere 5.1. In our project we use Entity Beans with BMP and everything works fine as long as we use a ServerSession. But when I use a SessionBroker instead, even though it wraps only one session, I get a NullPointerException every time I try to access an Entity Bean. See the stack trace below.
  It is important for our project to use multiple sessions and relationships between objects coming from different sessions in the next stage of the development
  By the way: The server session uses the appropriate external transaction controller, i.e. oracle.toplink.jts.was.JTSExternalTransactionController_5_1
  Thanks in advance for your help!
  Thomas
  java.lang.NullPointerException
       at oracle.toplink.ejb.EJBDataStore.store(EJBDataStore.java:572)
       at oracle.toplink.ejb.bmp.BMPEntityBase.ejbStore(BMPEntityBase.java:115)
       at com.ibm.ejs.container.BeanManagedBeanO.store(BeanManagedBeanO.java:233)
       at com.ibm.ejs.container.EntityBeanO.beforeCompletion(EntityBeanO.java:1062)
       at com.ibm.ejs.container.ContainerTx.beforeCompletion(ContainerTx.java:542)
       at com.ibm.ejs.util.tran.SyncDriver.beforeCompletion(SyncDriver.java:279)
       at com.ibm.ws.Transaction.JTA.RegisteredSyncs.distributeBefore(RegisteredSyncs.java:110)
       at com.ibm.ws.Transaction.JTA.TransactionImpl.internalPrepare(TransactionImpl.java:1213)
       at com.ibm.ws.Transaction.JTA.TransactionImpl.commit(TransactionImpl.java:962)
       at com.ibm.ws.Transaction.JTA.TranManagerImpl.commit(TranManagerImpl.java:150)
       at com.ibm.ws.Transaction.JTA.TranManagerSet.commit(TranManagerSet.java:182)
       at com.ibm.ejs.csi.TranStrategy.commit(TranStrategy.java:712)
       at com.ibm.ejs.csi.TranStrategy.postInvoke(TranStrategy.java:167)
       at com.ibm.ejs.csi.TransactionControlImpl.postInvoke(TransactionControlImpl.java:565)
       at com.ibm.ejs.container.EJSContainer.postInvoke(EJSContainer.java:3038)
       at com.ibm.ejs.container.EJSContainer.postInvoke(EJSContainer.java:2916)

  Unfortunately there is no way to do this in 9.0.4. This has been fixed in the 10.1.3 preview release, in 9.0.4 you will need to create your session broker in code to work around the problem.
  If you require sessions.xml support for this in 9.0.4, please contact Oracle support.

• Problems Using Viber with new iPhone 4S

  When I try and use VIber with my new iPhone is says push notifications are not enabled, even though I've enabled them. I've also tried deleting and reinstalling viber several times, along with restarting the phone. Is anyone else having the same problem and does anyone have any suggestions of something else I could do?

  Hi,
  This is a member of Viber's development team.
  @libbyfromchristchurch - Please check: http://helpme.viber.com/index.php?/Knowledgebase/Article/View/38/0/push-notifica tions-for-iphone---how-to-enable
  @quyenfromseattle - This is a known issue which will be resolved shortly. Make sure that you stay current with our version updates.
  It may help to change 'banners' to 'alerts' on Viber's Push Notification settings as a temporary workaround.
  Thank you for your patience!

• Problem using ipod with itunes 5.0.1

  Could anyone help me?? I'm having serious problems using my ipod mini with my "just downloaded" itunes 5.0.1.
  it says that my comunication software with ipod is not correctly installed and that i have to reinstall itunes again. i did it the problem is always there. what can i do?? can someone help me??

  Man, it seems that iTunes 5.whatever has gotten us all a little hot under the collar. I'm back up and running...this is what I did...I hope it helps some of you out.
  1) created a new folder in MyMusic and copied everything from my iTunes library to the new folder. I then tested a few songs to make sure they still played (you never know)
  2) I deleted iTunes using the control panel selection Add/Delete programs. I emptied the recycle gin and then did a search to see that iTunes was no longer there.
  3) I went to filehippo.com to download iTunes 4.8 (my original disks are packed (Thank you to poster Allison for the filehippo.com suggestion).
  4) I copied all my songs back into iTunes from where I had stored them in the new folder I created in MyMusic)
  5) I connected the iPod Mini and opened iTunes and darn if it STILL didn't recognize the iPod
  6) I did a restore on the iPod
  7) I reconnected the iPod and had to reregister it and Voila! it worked again!!!!
  Whatever the new features were in ver. 5.01, they were NOT worth the hassle I've experienced over the past two weeks. I'll stick with version 4.8 for awhile.