3 Replies Latest reply on Oct 12, 2001 4:48 AM by rndgatewaynet

JSP custom taglib/security context problem

rndgatewaynet Oct 11, 2001 10:20 AM

Hi ,
i have made my own taglib in order to facilitate page layout with templates.
I every page i have
- header
- sidebar
- content
- footer

My taglib code that does the actual insertion has as follows:
pageContext.include(<a url>);

Now the problem.

I access beans, which access EJBs, from the content JSP page.
When this JSP page is the *first* jsp page included (inserted) (that is,
every other page is HTML), then everything is ok.
If there is a JSP page (e.g header) inserted before my content JSP page,
then the security context is not propagated from the web container (tomcat)
to the EJB container (jboss).

Anyone had similar problems??
Any (direct) clues for debugging??

jboss.log
=========

[JBossSecurityMgrRealm] Authenticating access, username: amantzio R( /sma + /mc/viewall + null)
[JBossSecurityMgrRealm] ClassLoader: AdaptiveClassLoader( ):1504437
[JBossSecurityMgrRealm] Servlet ClassLoader: AdaptiveClassLoader( ):1504437
[Default] Logging into LDAP server, env={userSrchBase=o=hermes, java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, principalDNPrefix=CN=, java.naming.security.principal=amantzio, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,o=hermes, rolesCtxDN=, java.naming.provider.url=ldap://hermes/, uidAttributeID=member, java.naming.security.authentication=simple, java.naming.security.credentials=}
[Default] Logged into LDAP server, javax.naming.ldap.InitialLdapContext@412978
[Default] User 'amantzio' authenticated.
[JBossSecurityMgrRealm] Username: amantzio is authenticated
[JBossSecurityMgrRealm] Authorizing access, username: amantzio R( /sma + /mc/viewall + null)
[JBossSecurityMgrRealm] ClassLoader: AdaptiveClassLoader( ):1504437
[JBossSecurityMgrRealm] Servlet ClassLoader: AdaptiveClassLoader( ):1504437
[JBossSecurityMgrRealm] User: amantzio is authorized
[Default] ejbFindByname amantzio
[pgsql] Resource 'org.jboss.pool.jdbc.xa.wrapper.XAResourceImpl@5d89f9' enlisted for 'org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@3020ad'.
[pgsql] Pool pgsql [1/1/10] gave out pooled object: org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@3020ad
[pgsql] Pool pgsql [0/1/10] returned object org.jboss.pool.jdbc.xa.wrapper.XAConnectionImpl@3020ad to the pool.
[Default] Bad password for username=null
[Default] javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
[Default] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:107)
[Default]
[Default] at java.lang.reflect.Method.invoke(Native Method)
[Default]
[Default] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
[Default]
[Default] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
[Default]
[Default] at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
[Default]
[Default] at java.security.AccessController.doPrivileged(Native Method)
[Default]
[Default] at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
[Default]
[Default] at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
[Default]
[Default] at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:362)
[Default]
[Default] at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:328)
[Default]
[Default] at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
[Default]
[Default] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
[Default]
[Default] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:92)
[Default]
[Default] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:106)
[Default]
[Default] at org.jboss.ejb.EntityContainer.invokeHome(EntityContainer.java:342)
[Default]
[Default] at org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:437)
[Default]
[Default] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invokeHome(HomeProxy.java:237)
[Default]
[Default] at org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:182)
[Default]
[Default] at $Proxy5.findByName(Unknown Source)
[Default]
[Default] at mgmtcomp._0002fmgmtcomp_0002ffooviewall_0002ejspfooviewall_jsp_9._jspService(_0002fmgmtcomp_0002ffooviewall_0002ejspfooviewall_jsp_9.java:93)
[Default]
[Default] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet$JspCountedServlet.service(JspServlet.java:130)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:282)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:429)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:500)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
[Default]
[Default] at org.apache.tomcat.core.Handler.service(Handler.java:287)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
[Default]
[Default] at org.apache.tomcat.facade.RequestDispatcherImpl.doInclude(RequestDispatcherImpl.java:400)
[Default]
[Default] at org.apache.tomcat.facade.RequestDispatcherImpl.include(RequestDispatcherImpl.java:270)
[Default]
[Default] at org.apache.jasper.runtime.PageContextImpl.include(PageContextImpl.java:414)
[Default]
[Default] at com.dynacom.taglib.InsertTag.doEndTag(InsertTag.java:51)
[Default]
[Default] at MCtmpls._0002fMCtmpls_0002ftemplate_0002ejsptemplate_jsp_49._jspService(_0002fMCtmpls_0002ftemplate_0002ejsptemplate_jsp_49.java:527)
[Default]
[Default] at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet$JspCountedServlet.service(JspServlet.java:130)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:282)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:429)
[Default]
[Default] at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:500)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
[Default]
[Default] at org.apache.tomcat.core.Handler.service(Handler.java:287)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
[Default]
[Default] at org.apache.tomcat.facade.RequestDispatcherImpl.doForward(RequestDispatcherImpl.java:222)
[Default]
[Default] at org.apache.tomcat.facade.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:162)
[Default]
[Default] at MCDispatcher.doGet(MCDispatcher.java:9)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
[Default]
[Default] at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:405)
[Default]
[Default] at org.apache.tomcat.core.Handler.service(Handler.java:287)
[Default]
[Default] at org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372)
[Default]
[Default] at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:812)
[Default]
[Default] at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
[Default]
[Default] at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
[Default]
[Default] at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
[Default]
[Default] at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
[Default]
[Default] at java.lang.Thread.run(Thread.java:484)
[Default]
[mgmtcompany] Authentication exception, principal=null

1. Re: JSP custom taglib/security context problem

rndgatewaynet Oct 11, 2001 10:29 AM (in response to rndgatewaynet)

Just to add that in all cases (working or not),
the request.getUserPrincipal()
returns right information.
In the working case EntityContext.getCallerPrincipal
returns as expeceted ok.
Actions
2. I also have similar problems (+)

ko5tik Oct 12, 2001 4:33 AM (in response to rndgatewaynet)

It seems that jboss 2.4.2 with tomcat had some
integration problems ( in security part ) -
there was something about JNDI bindings which
were resetted if there were nested contexts.

( it looked like sporadic loss of auth info )

JBoss 2.4.3 + Tomcat had fixed this problem
Actions
3. Re: I also have similar problems (+)

rndgatewaynet Oct 12, 2001 4:48 AM (in response to rndgatewaynet)

Thanx i'll give it a try
Actions

Go to original post