# JBoss 7 Authentifizierung: "No principals available"



## Sym (17. Sep 2011)

Hallo,

ich fasse das Problem mal zusammen, da der andere Thread unübersichtlich wirkt.

Ich habe folgende Struktur:


```
my-app.ear
        |+ src
           |+ main
              |+ application
                 |+ jboss-app.xml
        |+ client.war
        |+ ejb.jar
        |+ ...
        |+ lib
```

jboss-app.xml
[xml]<?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE jboss-app
    PUBLIC "-//JBoss//DTD J2EE Application 4.2//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-app_4_2.dtd">

<jboss-app>
	<security-domain>java:/jaas/other</security-domain>
</jboss-app>[/xml]

JBoss 7 standalone.xml:
[xml]<management>
    <security-realms>
        <security-realm name="test">
            <authentication>
                <properties path="mgmt-users.properties" relative-to="jboss.server.config.dir"/>
            </authentication>
        </security-realm>
    </security-realms>
    ...
</management>
...
<subsystem xmlns="urn:jboss:domain:security:1.0">
            <security-domains>
                <security-domain name="other" cache-type="default">
                    <authentication>
                        <login-module code="Database" flag="required">
                            <module-option name="dsJndiName" value="java:/test"/>
                            <module-option name="principalsQuery" value="SELECT password FROM users WHERE username=?"/>
                            <module-option name="rolesQuery" value="select role, 'Roles' from UserRoles where email=?"/>
                        </login-module>
                    </authentication>
                </security-domain>
            </security-domains>
        </subsystem>[/xml]

Der Authentication-Block im Realm-Bereich ist allerdings wohl falsch. Was muss ich da eintragen?

web.xml
[xml]<login-config>
        <auth-method>BASIC</auth-method>
        <realm-name>test</realm-name>
    </login-config>[/xml]

AuthenticationManager im JSF 2 Client:

```
LoginContext loginContext;
		try {
			loginContext = new LoginContext("other", new CallbackHandler() {
				public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
					for (int i = 0; i < callbacks.length; i++) {
						if (callbacks[i] instanceof NameCallback) {
							((NameCallback) callbacks[i]).setName(email);
						} else if (callbacks[i] instanceof PasswordCallback) {
							((PasswordCallback) callbacks[i]).setPassword(password.toCharArray());
						} else {
							throw new UnsupportedCallbackException(callbacks[i]);
						}
					}
				}
			});
			loginContext.login();
			final Subject subject = loginContext.getSubject();
			final Set<Principal> principals = subject.getPrincipals();
			for (Principal principal : principals) {
				principal.getName();
			}
			principals.getClass();
		} catch (LoginException e) {
			// TODO Auto-generated catch block
			e.printStackTrace();
		}
```
Da werden alle Principale gesetzt. Auslesen kann ich die über den LoginContext an dieser Stelle auch.

AuthenticationBean in den EJBs:

```
final Principal principal = sessionContext.getCallerPrincipal();
```

liefert mir:

```
Caused by: javax.ejb.EJBException: java.lang.IllegalStateException: No principal available
	at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.handleExceptionInOurTx(CMTTxInterceptor.java:193)
	at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:261)
	at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.required(CMTTxInterceptor.java:359)
	at org.jboss.ejb3.tx2.impl.CMTTxInterceptor.invoke(CMTTxInterceptor.java:219)
	at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:35)
	at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:287) [jboss-invocation-1.1.0.Final.jar:1.1.0.Final]
	at org.jboss.as.ejb3.component.session.SessionInvocationContextInterceptor.processInvocation(SessionInvocationContextInterceptor.java:71)
```

Und meine @RolesAllowed Methode liefert

```
CHWERWIEGEND [javax.enterprise.resource.webcontainer.jsf.context] (http--127.0.0.1-8080-2) javax.el.ELException: /pages/security/userSettings.xhtml @45,90 value="#{friendShip.outgoingFriendshipRequests}": javax.ejb.EJBAccessException: Invocation on method: public abstract java.util.List de.larmic.ts.ejb.api.security.FriendshipLocal.loadOutgoingFriendshipRequests(long) of bean: FriendshipBean is not allowed
```

Was mache ich falsch? Oder verstehe ich was nicht korrekt?

Danke und Gruß


----------



## FArt (19. Sep 2011)

Wenn du schon unnötigerweise für das gleiche Thema einen neuen Thread aufmachen musst, dann mache den anderen wenigstens zu und verlinke auf diesen hier.


----------



## maki (19. Sep 2011)

*geschlossen*

und...

*wiedereröffnet*


----------



## xandrox (24. Nov 2011)

Hi after some hours of debugging i found the solution. Try to add ClientLoginModule. This works in my case (programatic JAAS login in a webapp)

      <!-- Add this line to your login-config.xml to include the ClientLoginModule propogation -->      
      <login-module code="org.jboss.security.ClientLoginModule" flag="required" ></login-module>

see: SecurityFAQ | JBoss AS | JBoss Community

/Sandro


----------

