Prinicpal security Exception Applet->EJB on JBOSS

Discussions

EJB programming & troubleshooting: Prinicpal security Exception Applet->EJB on JBOSS

  1. Hi guys...

    Im desperately trying to get an applet to connect to an ejb on jboss.
    I already have the ejb, it seems to work fine (tested it from jsp pages...) and a signed applet.
    But still i get an exception on the client:

    CODE:
    ejb-jar:
    <ejb-jar>
    <enterprise-beans>
    <session>
    <description>GTCSession</description>
    <display-name>GTCSession</display-name>
    <ejb-name>GTCSession</ejb-name>
    <home>de.zolltek.gtc.GTCSessionHome</home>
    <remote>de.zolltek.gtc.GTCSession</remote>
    <local-home>de.zolltek.gtc.GTCSessionLocalHome</local-home>
    <local>de.zolltek.gtc.GTCSessionLocal</local>
    <ejb-class>de.zolltek.gtc.GTCSessionBean</ejb-class>
    <session-type>Stateless</session-type>
    <transaction-type>Bean</transaction-type>
    </session>
    </enterprise-beans>
    </ejb-jar>

    jboss.xml
    <jboss>
    <enterprise-beans>
    <session>
    <ejb-name>GTCSession</ejb-name><!--Matches ejb-jar.xml -->
    <jndi-name>GTCSessionHome</jndi-name>
    </session>
    </enterprise-beans>
    </jboss>

    html-page:
    ...
    <applet codebase="classes"
         archive="applet.jar,jbossall-client.jar"
         code="AppletTest.class"
                name="AppletTest"
                width="320"
                height="200">
    ...

    critical Applet-Code:
    String myServer = this.getCodeBase().getHost();
    Properties props = System.getProperties();
    props.put("java.naming.factory.initial", "org.jboss.naming.NamingContextFactory");
    props.put("java.naming.provider.url",this.getCodeBase().getHost());
    InitialContext ctx = new InitialContext(props);
    GTCSessionHome home = (GTCSessionHome)PortableRemoteObject.narrow(ctx.lookup("GTCSession"),GTCSessionHome.class);
    GTCSession remote = home.create();
    ejbMessageLabel.setText("creation successful");
    Adresse tad = (Adresse)remote.getAdressebyFirma(new Integer(1)).toArray()[1];
    home.remove(remote);

    As far as i have researched yet it seems to be a problem is my Configuration in JBOSS. The ejb has only the minimal jboss.xml but should somehow specify the method permission to let someone access the methods.

    So i tried changing it to:
    <jboss>
    <enterprise-beans>
    <session>
    <ejb-name>GTCSession</ejb-name><!--Matches ejb-jar.xml -->
    <jndi-name>GTCSessionHome</jndi-name>
    </session>
    </enterprise-beans>
    <assembly-descriptor>
    <security-role>
    <role-name>User</role-name>
    </security-role>
    <method-permission>
    <role-name>User</role-name>
    <method>
    <ejb-name>GTCSession</ejb-name>
    <method-name>*</method-name>
    </method>
    </method-permission>
    </assembly-descriptor>
    </jboss>

    But i have no idea how i could tell the applet to be that principal or other way to configure jboss to let the applet access the ejb ...

    Could anyone help please ? Im a bit desperate here....
    Is my way till now correct or do i hvae any problems already ?

    Thx..

    Jörg

    Threaded Messages (5)

  2. i always forget something...[ Go to top ]

    has this forum no edit button or am i just blind ?

    i forgot the thrown exception:
    java.security.AccessControlException: access denied (java.lang.RuntimePermission org.jboss.security.SecurityAssociation.getPrincipalInfo)
    at java.security.AccessControlContext.checkPermission(Unknown Source)
    at java.security.AccessController.checkPermission(Unknown Source)
    at java.lang.SecurityManager.checkPermission(Unknown Source)
    at org.jboss.security.SecurityAssociation.getPrincipal(SecurityAssociation.ava:112)
    at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:39)
    at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
    ...
  3. i did it....somehow....[ Go to top ]

    Well... at least i have it working .... but not in an elegant way it seems:

    I deleted the entries for the securityInvokers in standardjboss.xml.

    Is this a major security leak ? Can i do it somehow... "nicely" ?
  4. i did it....somehow....[ Go to top ]

    I think if you make your applet "A Trusted Applet" by signing using some Certificate Authority then your problem might be get resolved without changing deployment descriptor.

    Although i haven't tried that but its just a thought.

    Regards,
    Mohit Gupta
  5. i did it....somehow....[ Go to top ]

    I have the same error and signing my applet didn't solve the problem.
  6. signing applets[ Go to top ]

    the applet is signed by a non-trusted authority, but i thought the only difference to a trusted one is that the user is prompted if HE wants to trust it anyway....

    Am i wrong ?