8 Replies Latest reply on Mar 6, 2002 9:29 PM by cookman

    JAAS Servlet examples doesn't work!!

    danmartin

      I downloaded jaas_howto.zip and used ant to deploy EJB and Servlets. This worked fine.
      The standalone client worked fine too (ant example<1|2>-test).

      On the contrary, Servlet clients didn't work: I opened the URL
      http://localhost:8080/jaas-example1/restricted/SecureServlet (and jaas-example2, too)
      and entered username and password as suggested (scott->echoman and stark->javaman), but it didn't work. Netscape does not recognize my user data!

      Is there anybody who used this example? Did it work?
      Maybe I'm missing something in Tomcat configuration: actually I'm using JBoss 2.4.1 with Tomcat 3.2.3.

      It's really important for us to get it, since we must develop a Secure Servlet to access our application. Any idea??? Thanks ....
      Daniele

        • 1. Re: JAAS Servlet examples doesn't work!!
          pitdingo

          i just tries it too and could not get it to work. Same version of jboss and tomcat. Something must have changed since the version that was originally written for. I am going to try jboss-2.4.0.26_Tomcat-3.2.3

          • 2. Re: JAAS Servlet examples doesn't work!!
            pitdingo

            further clarification of this. This is the based on the article on JavaWorld titled: "Integrate security infrastructures with JBossSX"

            I tried it with the same release of JBoss/Tomcat that the author used and it worked. The newest release of JBoss 2.4.1 and Tomcat 3.2.3 does not work.

            I am not sure what exactly changed in JBoss. The specs on JAAS integrating with J2EE are not final so this sort of thing should be expected.

            Anyone know what needs to be changed to get that demo working?

            • 3. Re: JAAS Servlet examples doesn't work!!
              starksm64

              There was a problem with the 2.4.1 JBoss/Tomcat bundle. Get the 2.4.1a patch bundle from here:

              http://prdownloads.sourceforge.net/jboss/JBoss-2.4.1a_Tomcat-3.2.3.zip

              • 4. Re: JAAS Servlet examples doesn't work!!
                danmartin

                I'm sorry, but it still does not work ....
                I switched to JBoss&Jetty bundle and it worked fine.
                Can you please check the Tomcat bundle??? I think a new 2.4.1 release is necessary ....

                Notice: build.xml file in examples/org/jboss/doc/jaas/howto is incorrect!

                Target "war2" copies SecureEJBServlet.class without the right directory structure.
                The right copy target is the same used in "war1" target.

                • 5. Re: JAAS Servlet examples doesn't work!!
                  nathanf

                  I had the same troubles with the JBoss/Tomcat bundles. After nearly a week of banging my head off the wall I downloaded JBoss 2.4.3/Jetty and dropped in my unchanged EAR and it worked perfectly. I'm wondering what it takes to get security working in Tomcat with JBoss seamlessly because I really like Tomcat and it seems that the project has a lot of momentum. The trouble I had was that Tomcat wasn't sending the principal-credentials back to JBoss. Again, it just worked "out of the box" with Jetty. Previously I thought I had auth.conf not configured correctly. If anyone has any idea on how to get this working with Tomcat please let us know. Thanks.

                  • 6. Re: JAAS Servlet examples doesn't work!!
                    starksm64

                    It works for me. The username and password you have listed are not correct. The correct username and password are java and echoman. I performed the following steps on a Linux box in a /tmp/test directory to verify the JBoss-2.4.1a_Tomcat-3.2.3 bundle:

                    test 1210>wget http://prdownloads.sourceforge.net/jboss/JBoss-2.4.1a_Tomcat-3.2.3.zip
                    test 1211>jar -xf JBoss-2.4.1a_Tomcat-3.2.3.zip
                    test 1212>wget http://www.javaworld.com/javaworld/jw-08-2001/jaas/jw-0831-jaas.zip
                    test 1213>jar -xf jw-0831-jaas.zip
                    test 1214>ls
                    build.xml JBoss-2.4.1_Tomcat-3.2.3/ org/
                    JBoss-2.4.1a_Tomcat-3.2.3.zip jw-0831-jaas.zip resources/
                    test 1215>ant -Ddist.root=/tmp/test/JBoss-2.4.1_Tomcat-3.2.3
                    test 1216>cd JBoss-2.4.1_Tomcat-3.2.3/jboss/bin/
                    bin 1217>chmod +x run_with_tomcat.sh
                    bin 1218>./run.sh jaas_howto

                    test 1050>wget http://java:echoman@localhost:8080/jaas-example1/restricted/SecureServlet
                    --22:39:42-- http://java:xxxxxxx@localhost:8080/jaas-example1/restricted/Securt
                    => `SecureServlet'
                    Connecting to localhost:8080... connected!
                    HTTP request sent, awaiting response... 401 Unauthorized
                    Connecting to localhost:8080... connected!
                    HTTP request sent, awaiting response... 200 OK
                    Length: unspecified [text/html]

                    0K ->

                    22:39:42 (192.38 KB/s) - `SecureServlet' saved [197]

                    • 7. Re: JAAS Servlet examples doesn't work!!
                      rphall

                      For what it is worth, I just tried the JAAS examples with the JBoss-2.4.4_Tomcat-4.0.1 bundle. I wasn't able to get either servlet example (jaas-example1 or jaas-example2) to work until I removed "unauthenticatedIdentity=nobody" lines from the $JBOSS_DIST/conf/jaas_howto/auth.conf files.

                      I was able to repeat this result twice, each time starting with a clean installation of JBoss-2.4.4_Tomcat-4.0.1 and
                      jw-0831-jaas.zip (dowloaded from http://www.javaworld.com/javaworld/jw-08-2001/jaas/jw-0831-jaas.zip)

                      I am running JBoss on Redhat Linux 7.1:
                      Java version: 1.3.1,Sun Microsystems Inc.
                      Java VM: Java HotSpot(TM) Server VM 1.3.1-b24,Sun Microsystems Inc.
                      System: Linux 2.4.2-2smp,i386

                      The modified auth.conf file that works is:

                      // START OF auth.conf
                      // The JBoss server side JAAS login config file for the examples

                      example1 {
                      org.jboss.security.auth.spi.UsersRolesLoginModule required
                      ;
                      };

                      example2 {
                      org.jboss.security.auth.spi.DatabaseServerLoginModule required
                      dsJndiName="java:/DefaultDS"
                      principalsQuery="select Password from Principals where PrincipalID=?"
                      rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
                      ;
                      };

                      // END OF auth.conf

                      • 8. Re: JAAS Servlet examples doesn't work!!
                        cookman

                        Hi rphall,

                        I use the same bundle(JBoss-2.4.4_Tomcat-4.0.1) with
                        you,and i can build the ears without any error. But when
                        I run "ant example1-test0", I get errors. I seems that
                        client-side authentication don't pass.

                        Could you give me some advice?
                        thanks

                        the run log:

                        Buildfile: build.xml

                        example1-test0:

                        validate:

                        fail_if_not_valid:

                        init:
                        [echo] Using jboss.dist=d:\tangliang\easyinfo\jdhome/jboss
                        [echo] Using classpath=D:\tangliang\easyinfo\jdhome\jboss\client\jboss-j2ee.jar;D:\tangliang\easyinfo\jdhome\jboss\client\jaas.jar;D:\tangliang\easyinfo\jdhome\jboss\client\jbosssx-client.jar;D:\tangliang\easyinfo\jdhome\jboss\client\jboss-client.jar;D:\tangliang\easyinfo\jdhome\jboss\client\jnp-client.jar;D:\tangliang\easyinfo\jdhome\tomcat\common\lib\servlet.jar;D:\tangliang\jboss\jaas\build\classes

                        compile:

                        client-test0:
                        [java] +++ Running SessionClient with username=java, password=echoman, example=example1
                        [java] Created LoginContext
                        [java] Login failed
                        [java] javax.security.auth.login.LoginException: java.lang.NoClassDefFoundError: org/apache/log4j/Priority
                        [java] at java.lang.ClassLoader.defineClass0(Native Method)
                        [java] at java.lang.ClassLoader.defineClass(ClassLoader.java:509)
                        [java] at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:123)
                        [java] at java.net.URLClassLoader.defineClass(URLClassLoader.java:246)
                        [java] at java.net.URLClassLoader.access$100(URLClassLoader.java:54)
                        [java] at java.net.URLClassLoader$1.run(URLClassLoader.java:193)
                        [java] at java.security.AccessController.doPrivileged(Native Method)
                        [java] at java.net.URLClassLoader.findClass(URLClassLoader.java:186)
                        [java] at java.lang.ClassLoader.loadClass(ClassLoader.java:306)
                        [java] at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:265)
                        [java] at java.lang.ClassLoader.loadClass(ClassLoader.java:262)
                        [java] at org.jboss.security.Logger.initLog4j(Logger.java:293)
                        [java] at org.jboss.security.Logger.getLogger(Logger.java:80)
                        [java] at org.jboss.security.Logger.getLogger(Logger.java:74)
                        [java] at org.jboss.security.ClientLoginModule.initialize(ClientLoginModule.java:78)
                        [java] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        [java] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        [java] at java.lang.reflect.Method.invoke(Method.java:324)
                        [java] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:651)
                        [java] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
                        [java] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
                        [java] at java.security.AccessController.doPrivileged(Native Method)
                        [java] at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
                        [java] at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
                        [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:66)
                        [java]
                        [java] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:719)
                        [java] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
                        [java] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
                        [java] at java.security.AccessController.doPrivileged(Native Method)
                        [java] at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
                        [java] at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
                        [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:66)
                        [java] Found PublicSession home
                        [java] java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
                        [java] java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
                        [java] java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[Coder, Echo], principalRoles=[]
                        [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
                        [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                        [java] at java.security.AccessController.doPrivileged(Native Method)
                        [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                        [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                        [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                        [java] at java.lang.Thread.run(Thread.java:536)
                        [java] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
                        [java] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
                        [java] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
                        [java] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker_Stub.invokeHome(Unknown Source)
                        [java] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:258)
                        [java] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)
                        [java] at $Proxy0.create(Unknown Source)
                        [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:79)
                        [java] Caused by: java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
                        [java] java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[Coder, Echo], principalRoles=[]
                        [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:216)
                        [java] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:91)
                        [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:103)
                        [java] at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:268)
                        [java] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:387)
                        [java] at sun.reflect.GeneratedMethodAccessor22.invoke(Unknown Source)
                        [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        [java] at java.lang.reflect.Method.invoke(Method.java:324)
                        [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                        [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                        [java] at java.security.AccessController.doPrivileged(Native Method)
                        [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                        [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                        [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                        [java] at java.lang.Thread.run(Thread.java:536)
                        [java] Caused by: java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, requiredRoles=[Coder, Echo], principalRoles=[]
                        [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:215)
                        [java] ... 14 more
                        [java] Found PrivateSession home
                        [java] Failed to create PrivateSession as expected

                        BUILD SUCCESSFUL

                        Total time: 10 seconds