WSSecureEndpoint mit JBoss

W

Warhamster

Mitglied
Moin und ein frohes neues Jahr.

Bin hier gerade am Verzweifeln.
Es geht um einen WSSecureEndpoint wobei ich folgende Fehlermeldungen erhalte:

Code: 
01:48:50,311 ERROR [ServerEngine] Server error: AxisFault
 faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Client
 faultSubcode: 
 faultString: SecurityException; nested exception is: 
	java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=Test, method=getText, interface=SERVICE_ENDPOINT, requiredRoles=[friend], principalRoles=[]
 faultActor: 
 faultNode: 
 faultDetail: 
	{http://xml.apache.org/axis/}stackTrace: java.rmi.AccessException: SecurityException; nested exception is: 
	java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=Test, method=getText, interface=SERVICE_ENDPOINT, requiredRoles=[friend], principalRoles=[]
	at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:370)
	at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:196)
	at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
	at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:624)
	at org.jboss.ejb.Container.invoke(Container.java:873)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:141)
	at org.jboss.mx.server.Invocation.dispatch(Invocation.java:80)
	at org.jboss.mx.server.Invocation.invoke(Invocation.java:72)
	at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:245)
	at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:644)
	at org.jboss.webservice.server.InvokerProviderEJB.invokeServiceEndpoint(InvokerProviderEJB.java:131)
	at org.jboss.webservice.server.InvokerProvider.invokeMethod(InvokerProvider.java:305)
	at org.jboss.axis.providers.java.RPCProvider.invokeTarget(RPCProvider.java:176)
	at org.jboss.axis.providers.java.RPCProvider.processMessage(RPCProvider.java:121)
	at org.jboss.axis.providers.java.JavaProvider.invoke(JavaProvider.java:358)
	at org.jboss.axis.strategies.InvocationStrategy.visit(InvocationStrategy.java:73)
	at org.jboss.axis.SimpleChain.doVisiting(SimpleChain.java:160)
	at org.jboss.axis.SimpleChain.invoke(SimpleChain.java:123)
	at org.jboss.axis.handlers.soap.SOAPService.invoke(SOAPService.java:560)
	at org.jboss.webservice.server.ServerEngine.invokeInternal(ServerEngine.java:200)
	at org.jboss.webservice.server.ServerEngine.invoke(ServerEngine.java:89)
	at org.jboss.axis.transport.http.AxisServlet.doPost(AxisServlet.java:911)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at org.jboss.axis.transport.http.AxisServletBase.service(AxisServletBase.java:370)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
	at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
	at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:159)
	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=Test, method=getText, interface=SERVICE_ENDPOINT, requiredRoles=[friend], principalRoles=[]
	at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:258)
	at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:143)
	at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:192)
	... 46 more


01:48:50,327 INFO  [AxisServlet] java.rmi.AccessException: SecurityException; nested exception is: 
	java.lang.SecurityException: Insufficient method permissions, principal=null, ejbName=Test, method=getText, interface=SERVICE_ENDPOINT, requiredRoles=[friend], principalRoles=[]



Dabei beinhaltet die login-config.xml von JBoss folgenden Abschnitt:
Code: 
<application-policy name="JBossWS">
      <authentication>
        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
          flag="required">
          <module-option name="dsJndiName">java:/jaas/JBossWS</module-option>
          <module-option name="usersProperties">users.properties</module-option>
          <module-option name="rolesProperties">roles.properties</module-option>
          <module-option name="unauthenticatedIdentity">anonymous</module-option>
        </login-module>
      </authentication>
    </application-policy>

Auszug aus der jboss.xml:
Code: 
   <security-domain>java:/jaas/JBossWS</security-domain>
   <enterprise-beans>
     <session>
         <ejb-name>Test</ejb-name>
         <jndi-name>ejb/Test</jndi-name>
      </session>
   </enterprise-beans>

Und dann wäre da auch noch die ejb-jar.xml:
Code: 
<enterprise-beans>
      <session >
         <description><![CDATA[Das ist mal eine Testbean]]></description>
         <display-name>HalloWelt</display-name>

         <ejb-name>Test</ejb-name>
         <service-endpoint>test.interfaces.TestWS</service-endpoint>
         <ejb-class>test.ejb.TestBean</ejb-class>
         <session-type>Stateless</session-type>
         <transaction-type>Container</transaction-type>
         
         <security-role-ref>
         	<role-name>friend</role-name>
         </security-role-ref>

      </session>
   </enterprise-beans>

   <assembly-descriptor >
     <security-role>
     	<role-name>friend</role-name>
     </security-role>
     <method-permission>
     	<role-name>friend</role-name>
     	<method>
     		<ejb-name>Test</ejb-name>
     		<method-name> *</method-name>
     	</method>
     </method-permission>
   </assembly-descriptor>


In der roles.properties Datei befindet sich nur eine Rolle mit einem User:
admin=friend
Und in der users.properties Datei ist auch nur ein User:
admin=admin



Achja, hier ist noch der Client:

Code: 
public static void main(String[] args) {
		TestService testService = new TestService_Impl();
		try {
			testService.createCall(new QName(nameSpaceUri, serviceName), 
											UrlString);
			
			TestWS testWS = (TestWS) testService.getPort(
										new QName(nameSpaceUri, portName), 
										TestWS.class);
			
			Stub stub = (Stub)testWS;
			stub._setProperty(Stub.USERNAME_PROPERTY, "admin");
			stub._setProperty(Stub.PASSWORD_PROPERTY, "admin");
			
			System.out.println(testWS.getText());
		} catch (ServiceException e) {
			e.printStackTrace();
		} catch (RemoteException e) {
			e.printStackTrace();
		}


Bevor ich versucht habe, das Ganze sicher zu machen, hat alles wunderbar funktioniert.
Für WSSecureEndpoint habe ich jene Anleitung verwendet:
http://wiki.jboss.org/wiki/Wiki.jsp?page=WSSecureEndpoint


Ich lege mich jetzt schlafen, morgen mache ich mich aber wieder ran. Sollte ich derweilen das Problem selber gelöst haben, melde ich mich.


Schon mal danke.

Beste Grüße,
Marcel
 
Den Fehler konnte ich beheben.
Nun habe ich einen neuen.

Exception in thread "main" javax.xml.rpc.soap.SOAPFaultException: SecurityException; nested exception is:
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at com.sun.xml.rpc.client.StreamingSender._raiseFault(StreamingSender.java:478)
at com.sun.xml.rpc.client.StreamingSender._send(StreamingSender.java:294)
at jaxrpc.test.TestWS_Stub.getText(TestWS_Stub.java:68)
at Main.main(Main.java:35)

Auszug aus dem Client:
...
Stub stub = (Stub)testWS;
stub._setProperty(Stub.USERNAME_PROPERTY, "admin");
stub._setProperty(Stub.PASSWORD_PROPERTY, "admin");
System.out.println(testWS.getText());
...

Die Properties Datei mit Usern:
admin=admin



Kann es sein, dass da irgendwo nen das Passwort umgewandelt wird? In md5 oder irgend nen hash?


Wie ich das andere Problem behoben habe, erkläre ich später noch.
Ich lege mich jetzt wirklich hin.
gn8 ;)
 
Moin.

Den Fehler habe ich nicht behoben. :(
Ich habe einfach in die falsche Konsole geschaut. Entschuldigt bitte.
Die eine Fehlermeldung ist vom Server, die andere vom Client.

Beste Grüße,
Marcel
 
Um antworten zu können musst du eingeloggt sein.

Neue Beiträge

Zurück