5 Replies Latest reply on Apr 30, 2009 5:09 AM by ropalka

    RealmAuthenticator is not a valid RealmAuthenticationProvide

    sun-certified
    sun-certified Apr 7, 2009 7:47 PM

      hi forum,

      my system: jboss as 5.0.1, sun java 5, metro 3.1.0, net beans 6.5.1, windows xp

      i built a jbossws webservice with netbeans 6.5.1. i'm using netbeans in order to leverage it's nifty point-and-click wsit configuration support.

      i followed a combination of the jbossws instructions for configuring jbossws' metro wsit implementation, plus the more comprehensive instructions provided by sun for their original implementation of metro. i've been able to successfully configure jbossws for the ws-policy symmetric binding (server cert authn) authn mechanism. but that was done just as a proof of concept. my real requirement is to configure my web service for mutual certificate authentication.

      using neatbeans 6.5.1 and glassfish v2.1, i am able to successfully configure mutual cert authn exactly as the instructions explain in the glassfish docs. unfortunately, it's nowhere near that easy when it comes to configuring jbossws's metro implementation. using netbeans as instructed in the glassfish docs does get me part of the way there. but something always goes wrong once the wsit-configured ws is deployed to jboss (for example, jaxb chokes on the
      IncludeTimestamp element that netbeans includes by default in the wsit files it generates. as a shortcut, i figured: since i got mutual authn working in glassfish, i should be able to create a service with the same name as the one i have in jboss, configure that glassfish-deployed web service with the asymetric binding for mutual cert authn, then simply copy the netbeans-generated client and service wsit files to my jboss project. however, when i try to run the client against the service to test the mutual authn, i get this inexplicable exception ("Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider");

      as instructed by the jbossws metro docs that RealmAuthenticator class is referenced by a file named com.sun.xml.xwss.RealmAuthenticator which is located in the META-INF/services directory of the war file that is deployed for the web service. that file came from the jbossws metro 3.1.0 source distribution as part of the samples bundled with the distro.

      the stack trace does seem to indicate that the wsit runtime has kicked in and it does appear as if it is at least attempting to authenticate the client's cert on the service side. but i am completely stumped as to why jboss's RealmAuthenticationAdapter has determined RealmAuthenticator isn't an instance of RealmAuthenticationAdapter (which it most definately is).

      please, can anybody shed any light on what the problem might be?

      thanks in advance for your help.
      =============================================

      /*
 * JBoss, Home of Professional Open Source.
 * Copyright 2006, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jboss.test.ws.jaxws.samples.wsse;

import javax.security.auth.Subject;

import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.XWSSecurityException;

/**
 * A simple realm authenticator showing how to override the WSIT default
 * (which is based on tomcat-users.xml when not running on Glassfish)
 *
 * @author alessio.soldano@jboss.com
 * @since 25-Apr-2008
 *
 */
public class RealmAuthenticator extends RealmAuthenticationAdapter
{
 @Override
 public boolean authenticate(Subject callerSubject, String username, String password) throws XWSSecurityException
 {
 System.out.println("Custom realm authenticator called: username=" + username + ", password=" + password);
 return (username.equals("kermit") && password.equals("thefrog"));
 }
}

      ============================================= 
      ...
2009-04-07 16:53:52,703 ERROR [com.sun.xml.wss.jaxws.impl] (HDScanner) WSSTUBE0027: Error in configuring Server Security Callback Handler.
com.sun.xml.wss.impl.XWSSecurityRuntimeException: Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider
 at com.sun.xml.wss.RealmAuthenticationAdapter.newInstance(RealmAuthenticationAdapter.java:109)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.getRealmAuthenticationAdapter(SecurityServerTube.java:767)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:733)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:150)
 at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:129)
 at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101)
 at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152)
 at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:217)
 at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parseAdapters(DeploymentDescriptorParserExt.java:295)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parse(DeploymentDescriptorParserExt.java:171)
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:109)
 at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)
 at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:75)
 at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
 at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:698)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:290)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:221)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
 at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)
 at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:65)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:142)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:166)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
 at java.lang.Thread.run(Thread.java:595)
2009-04-07 16:53:53,140 ERROR [com.sun.xml.wss.jaxws.impl] (HDScanner) WSSTUBE0028: Error in creating new instance of SecurityServerTube
java.lang.RuntimeException: WSSTUBE0027: Error in configuring Server Security Callback Handler.
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:739)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:150)
 at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:129)
 at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101)
 at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152)
 at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:217)
 at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parseAdapters(DeploymentDescriptorParserExt.java:295)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parse(DeploymentDescriptorParserExt.java:171)
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:109)
 at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)
 at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:75)
 at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
 at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:698)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:290)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:221)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
 at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)
 at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:65)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:142)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:166)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
 at java.lang.Thread.run(Thread.java:595)
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider
 at com.sun.xml.wss.RealmAuthenticationAdapter.newInstance(RealmAuthenticationAdapter.java:109)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.getRealmAuthenticationAdapter(SecurityServerTube.java:767)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:733)
 ... 37 more
2009-04-07 16:53:53,140 DEBUG [org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl] (HDScanner) RuntimeModelDeploymentAspect:Destroy
2009-04-07 16:53:53,140 DEBUG [org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl] (HDScanner) RuntimeModelDeploymentAspect:Destroy
2009-04-07 16:53:53,140 DEBUG [org.jboss.wsf.container.jboss50.deployer.WebServiceDeployerPostJSE] (HDScanner) Error during deploy: vfszip:/C:/development/jboss-5.0.1.GA/server/default/deploy/MutualCertTestApp.war/
javax.xml.ws.WebServiceException: Failed to build METRO runtime model
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:133)
 at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)
 at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:75)
 at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
 at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:698)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:290)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:221)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:417)
 at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:280)
 at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:135)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:65)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:142)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:166)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:650)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:675)
 at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.RuntimeException: WSSTUBE0028: Error in creating new instance of SecurityServerTube
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:155)
 at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:129)
 at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101)
 at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152)
 at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:217)
 at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parseAdapters(DeploymentDescriptorParserExt.java:295)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parse(DeploymentDescriptorParserExt.java:171)
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:109)
 ... 28 more
Caused by: java.lang.RuntimeException: WSSTUBE0027: Error in configuring Server Security Callback Handler.
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:739)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:150)
 ... 36 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider
 at com.sun.xml.wss.RealmAuthenticationAdapter.newInstance(RealmAuthenticationAdapter.java:109)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.getRealmAuthenticationAdapter(SecurityServerTube.java:767)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:733)
 ... 37 more
      [/url]

      • 9841 Views
      • Tags:
        • 1. Re: RealmAuthenticator is not a valid RealmAuthenticationPro
          ropalka
          ropalka Apr 8, 2009 2:41 AM (in response to sun-certified)

          Hi,

          I analyzed your stack trace and I see the following problem:
          * Our sample RealmAuthenticator extends com.sun.xml.wss.RealmAuthenticationAdapter
          * In SecurityServerTube.configureServerHandler() method there's the following check:


          Object obj = loadClass(ret).newInstance();
          if (!(obj instanceof CallbackHandler)) {
          throw new RuntimeException(
          LogStringsMessages.WSSTUBE_0033_INVALID_CALLBACK_HANDLER_CLASS(ret));


          * The RealAuthenticationAdapter doesn't implement javax.security.auth.callback.CallbackHandler

          Thus to fix your problem, you have to implement this interface in your Real authenticator.

            • Actions
          • 2. Re: RealmAuthenticator is not a valid RealmAuthenticationPro
            sun-certified
            sun-certified Apr 8, 2009 9:49 PM (in response to sun-certified)

            thanks richard for your very helpful and informative reply. sincerely appreciated.

            i've implemented javax.security.auth.callback.CallbackHandler like you said. but i still get the same error.

            i've removed META-INF/services/com.sun.xml.xwss.RealmAuthenticator from my war in order to shut it up. now i'm getting a whole new set of problems!

            please, can you help me figure this out?

            thanks again richard for your help.

            ==============================================

            package net.javafreelancer.tutorials.jboss;

import javax.servlet.http.HttpServlet;

import java.io.IOException;
import java.io.PrintWriter;
import java.net.URL;

import javax.servlet.ServletException;
import javax.servlet.http.*;
import javax.xml.ws.WebServiceRef;

public class MutualCertTestClientServlet extends HttpServlet {

 /**
 *
 */
 private static final long serialVersionUID = -8952375438224208530L;

 @WebServiceRef(wsdlLocation = "http://localhost:6060/MutualCertTestApp/MutualCertTestService?wsdl")
 private MutualCertTestServiceService service;



 public MutualCertTestClientServlet() {
 }

 protected void processRequest(HttpServletRequest request,
 HttpServletResponse response) throws ServletException, IOException {
 service = new MutualCertTestServiceService();
 PrintWriter out;
 response.setContentType("text/html;charset=UTF-8");
 out = response.getWriter();
 try {
 out.println("<html>");
 out.println("<head>");
 out.println("<title>Servlet MutualCertTestClientServlet</title>");
 out.println("</head>");
 out.println("<body>");
 out.println((new StringBuilder()).append(
 "<h1>Servlet MutualCertTestClientServlet at ").append(
 request.getContextPath()).append("</h1>").toString());
 try {
 MutualCertTestService port = service.getMutualCertTestPort();
 String result = port.testGetUserPrincipal();
 out.println((new StringBuilder())
 .append("<p>User Principal = ").append(result)
 .toString());

 } catch (Exception ex) {
 out.println((new StringBuilder()).append("<p>Exception = ")
 .append(ex).toString());
 }
 out.println("</body>");
 out.println("</html>");
 out.close();
 } finally {
 out.close();
 }
 }

 protected void doGet(HttpServletRequest request,
 HttpServletResponse response) throws ServletException, IOException {
 processRequest(request, response);
 }

 protected void doPost(HttpServletRequest request,
 HttpServletResponse response) throws ServletException, IOException {
 processRequest(request, response);
 }

 public String getServletInfo() {
 return "Short description";
 }

}

            ============================================== 
            package net.javafreelancer.tutorials.jboss;

import java.security.Principal;

import javax.annotation.Resource;
import javax.jws.WebMethod;
import javax.jws.WebParam;
import javax.jws.WebService;
import javax.xml.bind.annotation.XmlSeeAlso;
import javax.xml.ws.WebServiceContext;


//@XmlSeeAlso(com.sun.xml.ws.security.opt.crypto.dsig.SignedInfo.class)
@WebService(
 name="MutualCertTestService",
 portName = "MutualCertTestPort"
 )
public class MutualCertTestService {

 @Resource
 WebServiceContext wsCtx;

 @WebMethod(operationName="testGetUserPrincipal",action="testGetUserPrincipal")
 public String testGetUserPrincipal()
 {
 Principal principal = wsCtx.getUserPrincipal();
 String name = null;
 if(principal != null)
 name = principal.getName();
 return name;
 }
 @WebMethod(operationName="testIsUserInRole",action="testIsUserInRole")
 public boolean testIsUserInRole(@WebParam(name="role") String role)
 {
 return wsCtx.isUserInRole(role);
 }

}


            ============================================== 
            /*
 * JBoss, Home of Professional Open Source.
 * Copyright 2006, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.jboss.test.ws.jaxws.samples.wsse;

import java.io.IOException;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.UnsupportedCallbackException;

import com.sun.xml.wss.RealmAuthenticationAdapter;
import com.sun.xml.wss.XWSSecurityException;

/**
 * A simple realm authenticator showing how to override the WSIT default (which
 * is based on tomcat-users.xml when not running on Glassfish)
 *
 * @author alessio.soldano@jboss.com
 * @since 25-Apr-2008
 *
 */
public class RealmAuthenticator extends RealmAuthenticationAdapter implements
 javax.security.auth.callback.CallbackHandler {

 @Override
 public boolean authenticate(Subject callerSubject, String username,
 String password) throws XWSSecurityException {
 System.out.println("Custom realm authenticator called: username="
 + username + ", password=" + password);
 return (username.equals("kermit") && password.equals("thefrog"));
 }

 @Override
 public void handle(Callback[] callbacks) throws IOException,
 UnsupportedCallbackException {
 // TODO Auto-generated method stub

 }
}

            ============================================== 
            ...
2009-04-09 01:45:31,781 DEBUG [org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl] (HDScanner) EndpointMetricsDeploymentAspect:Destroy
2009-04-09 01:45:31,781 ERROR [org.jboss.kernel.plugins.dependency.AbstractKernelController] (HDScanner) Error installing to Real: name=vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/ state=PreReal mode=Manual requiredState=Real
org.jboss.deployers.spi.DeploymentException: Error during deploy: vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/
 at org.jboss.deployers.spi.DeploymentException.rethrowAsDeploymentException(DeploymentException.java:49)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:177)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:698)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:290)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:221)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
 at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
 at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:619)
Caused by: javax.xml.ws.WebServiceException: Failed to build METRO runtime model
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:133)
 at org.jboss.wsf.framework.deployment.DeploymentAspectManagerImpl.deploy(DeploymentAspectManagerImpl.java:129)
 at org.jboss.wsf.container.jboss50.deployer.ArchiveDeployerHook.deploy(ArchiveDeployerHook.java:75)
 at org.jboss.wsf.container.jboss50.deployer.AbstractWebServiceDeployer.internalDeploy(AbstractWebServiceDeployer.java:60)
 at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
 ... 23 more
Caused by: java.lang.RuntimeException: WSSTUBE0028: Error in creating new instance of SecurityServerTube
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:155)
 at com.sun.xml.wss.provider.wsit.SecurityTubeAppender.appendTube(SecurityTubeAppender.java:129)
 at com.sun.xml.ws.assembler.TubelineAssemblerFactoryImpl$WsitTubelineAssembler.createServer(TubelineAssemblerFactoryImpl.java:101)
 at com.sun.xml.ws.server.WSEndpointImpl.<init>(WSEndpointImpl.java:152)
 at com.sun.xml.ws.server.EndpointFactory.createEndpoint(EndpointFactory.java:217)
 at com.sun.xml.ws.api.server.WSEndpoint.create(WSEndpoint.java:467)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parseAdapters(DeploymentDescriptorParserExt.java:295)
 at org.jboss.wsf.stack.metro.DeploymentDescriptorParserExt.parse(DeploymentDescriptorParserExt.java:171)
 at org.jboss.wsf.stack.metro.metadata.RuntimeModelDeploymentAspect.start(RuntimeModelDeploymentAspect.java:109)
 ... 28 more
Caused by: java.lang.RuntimeException: WSSTUBE0027: Error in configuring Server Security Callback Handler.
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:739)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.<init>(SecurityServerTube.java:150)
 ... 36 more
Caused by: com.sun.xml.wss.impl.XWSSecurityRuntimeException: Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider
 at com.sun.xml.wss.RealmAuthenticationAdapter.newInstance(RealmAuthenticationAdapter.java:109)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.getRealmAuthenticationAdapter(SecurityServerTube.java:767)
 at com.sun.xml.wss.jaxws.impl.SecurityServerTube.configureServerHandler(SecurityServerTube.java:733)
 ... 37 more
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloader.spi.base.BaseClassLoaderDomain] (HDScanner) ClassLoaderDomain@1916b85{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/} unregisterClassLoader BaseClassLoader@29fe15{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/}
2009-04-09 01:45:31,781 DEBUG [org.jboss.mx.loading.UnifiedLoaderRepository3] (HDScanner) UnifiedLoaderRepository removed(false) null
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloader.spi.base.BaseClassLoaderPolicy] (HDScanner) VFSClassLoaderPolicy@e819e9{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/} shutdown!
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloader.spi.base.BaseClassLoader] (HDScanner) BaseClassLoader@29fe15{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/} shutdown!
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloader.spi.base.BaseClassLoaderDomain] (HDScanner) ClassLoaderDomain@1916b85{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/} shutdown!
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloader.spi.ClassLoaderSystem] (HDScanner) DefaultClassLoaderSystem@24de7d unregistered domain=ClassLoaderDomain@1916b85{name=vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/ parentPolicy=AFTER_BUT_JAVA_BEFORE parent=ClassLoaderDomain@8b058b{DefaultDomain}}
2009-04-09 01:45:31,781 DEBUG [org.jboss.classloading.spi.dependency.Domain] (HDScanner) org.jboss.classloading.spi.dependency.Domain@10f14ba{vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/} remove module VFSDeploymentClassLoaderPolicyModule vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/:0.0.0
2009-04-09 01:45:31,781 DEBUG [org.jboss.deployers.vfs.plugins.classloader.InMemoryClassesDeployer] (HDScanner) Removing dynamic class root for vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/
2009-04-09 01:45:31,781 WARN [org.jboss.system.server.profileservice.hotdeploy.HDScanner] (HDScanner) Failed to process changes
org.jboss.deployers.client.spi.IncompleteDeploymentException: Summary of incomplete deployments (SEE PREVIOUS ERRORS FOR DETAILS):

DEPLOYMENTS IN ERROR:
 Deployment "vfszip:/C:/development/jboss-5.0.1.GA-jdk6/server/default/deploy/MutualCertTestApp.war/" is in error due to the following reason(s): com.sun.xml.wss.impl.XWSSecurityRuntimeException: Class :org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator is not a valid RealmAuthenticationProvider

 at org.jboss.deployers.plugins.deployers.DeployersImpl.checkComplete(DeployersImpl.java:863)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.checkComplete(MainDeployerImpl.java:806)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.scan(HDScanner.java:293)
 at org.jboss.system.server.profileservice.hotdeploy.HDScanner.run(HDScanner.java:221)
 at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:441)
 at java.util.concurrent.FutureTask$Sync.innerRunAndReset(FutureTask.java:317)
 at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:150)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$101(ScheduledThreadPoolExecutor.java:98)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.runPeriodic(ScheduledThreadPoolExecutor.java:181)
 at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:205)
 at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
 at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
 at java.lang.Thread.run(Thread.java:619)
 ...



              • Actions
            • 3. Re: RealmAuthenticator is not a valid RealmAuthenticationPro
              ropalka
              ropalka Apr 9, 2009 1:56 AM (in response to sun-certified)

              Hi,

              according to RealmAuthenticationAdapter.newInstance() method implementation containing the following code:

              public static RealmAuthenticationAdapter newInstance(Object context) {
              RealmAuthenticationAdapter adapter = null;
              URL url = null;

              if (context == null) {
              url = SecurityUtil.loadFromClasspath("META-INF/services/" + UsernameAuthenticator);
              } else {
              url = SecurityUtil.loadFromContext("/META-INF/services/" + UsernameAuthenticator, context);
              }

              if (url != null) {
              Object obj = SecurityUtil.loadSPIClass(url, UsernameAuthenticator);
              if ((obj != null) && !(obj instanceof RealmAuthenticationAdapter)) {
              throw new XWSSecurityRuntimeException("Class :" + obj.getClass().getName() + " is not a valid RealmAuthenticationProvider");
              }
              adapter = (RealmAuthenticationAdapter) obj;
              }

              if (adapter != null) {
              return adapter;
              }
              return new DefaultRealmAuthenticationAdapter();
              }


              The relevant piece of code is:

              if ((obj != null) && !(obj instanceof RealmAuthenticationAdapter)) {
              throw new XWSSecurityRuntimeException("Class :" +


              And because your RealmAuthenticator fulfils all preconditions:

              public class RealmAuthenticator extends RealmAuthenticationAdapter implements
              javax.security.auth.callback.CallbackHandler {
              ...
              }


              I bet this is the classloaders related issue.
              Remember that two classes equals if and only if:


              ClassA:ClassloaderForA instance of ClassB:ClassloaderForB <=>
              ClassA == ClassB && ClassloaderForA == ClassloaderForB


              How did you install Metro? Using our "ant deploy-jbossXYZ" way, right?

              Try the following steps and let me know if it will work:
              * Put your RealmAuthenticator to a jar, let's say it's name is my-authenticator.jar
              * Include META-INF/services/com.sun.xml.xwss.RealmAuthenticator file to refer to your impl in my-authenticator.jar
              * Copy my-authenticator.jar to jbossws.deployer directory

                • Actions
              • 4. Re: RealmAuthenticator is not a valid RealmAuthenticationPro
                sun-certified
                sun-certified Apr 9, 2009 9:52 AM (in response to sun-certified)

                 

                How did you install Metro? Using our "ant deploy-jbossXYZ" way, right?

                Try the following steps and let me know if it will work:
                * Put your RealmAuthenticator to a jar, let's say it's name is my-authenticator.jar
                * Include META-INF/services/com.sun.xml.xwss.RealmAuthenticator file to refer to your impl in my-authenticator.jar
                * Copy my-authenticator.jar to jbossws.deployer directory


                sincere thanks for your reply, richard. much appreciated.

                i installed metro with the ant deploy-jbossXXX command line in the root installation dir of the metro binary distribution (jbossws-metro-bin-dist). just like the instructions say.

                i followed alessio soldano's instructions on how to configure wsit in metro pretty closely. including, having the RealmAuthenticator in the exact location in the web service's war file that those instructions prescribe.

                i put my RealmAuthenicator class in a jar file (my-authenticator.jar) like you said. i also included in the jar file a META-INF/services/com.sun.xml.xwss.RealmAuthenticator file. here are the contents of that com.sun.xml.xwss.RealmAuthenticator file: 

                org.jboss.test.ws.jaxws.samples.wsse.RealmAuthenticator


                i put that jar file into jboss-5.0.1.GA-jdk6\server\default\deployers\jbossws.deployer

                to avoid ambiguity, i will make this clear: that RealmAuthenticator.class file is an entry in that jar file with the following path: 

                WEB-INF/classes/org/jboss/test/ws/jaxws/samples/wsse/RealmAuthenticator.class


                that is the location alessio soldano's instructions say it should be in. that is the location that the RealmAuthenticator is in in the war file i referred to in my original post (the war file that cause the problem in the first place).

                because you did not say specifically what the path of the RealmAuthenticator class should be in my-authenticator.jar, i also tried another jar (my-other_authenticator.jar) with the following path: 

                org/jboss/test/ws/jaxws/samples/wsse/RealmAuthenticator.class


                with both jars: nothing happened. no message from jboss. nothing.

                ...let me know if it will work...


                how do you know if it "works"? should anything in particular happen? what should i do next?

                thanks again for your help, richard


                  • Actions
                • 5. Re: RealmAuthenticator is not a valid RealmAuthenticationPro
                  ropalka
                  ropalka Apr 30, 2009 5:09 AM (in response to sun-certified)

                  The last thing that comes to my mind is to debug (exhaustively).

                    • Actions