Jboss 3 Security failure
foglesa Nov 7, 2001 1:39 PMHi all,
I bit the bullet and decided to port my application to Jboss 3. ( yes yes I know it is in alpha) I am having some weird problems with security in 3.0 which worked fine in 2.4.3 (and still do :)
Whenever I go to a protected resource I get the login box, and login and get the following exception
[2001-11-07 02:03:57,829,Jetty,INFO] +++ JBossUserRealm.getUser, username=foglesa
[2001-11-07 02:03:57,869,Jetty,INFO] Authenticating access, username: foglesa
[2001-11-07 02:03:58,079,Default,INFO] Did not find the UCL resource com/sun/security/auth/Resources_en.properties
[2001-11-07 02:03:58,139,Default,INFO] Did not find the UCL resource com/sun/security/auth/Resources_en_US.properties
[2001-11-07 02:03:58,290,jdbclogin,DEBUG] Login failure
javax.security.auth.login.LoginException: java.lang.NoSuchMethodError
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:159)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:94)
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:664)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:385)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:352)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:208)
at org.jboss.jetty.JBossUserRealm$User.authenticate(JBossUserRealm.java:64)
at org.mortbay.http.handler.SecurityHandler.basicAuthenticated(SecurityHandler.java:397)
at org.mortbay.http.handler.SecurityHandler.authenticatedInRole(SecurityHandler.java:315)
at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:271)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1040)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:995)
at org.mortbay.http.HttpServer.service(HttpServer.java:683)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:732)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:889)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:746)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:146)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
at org.mortbay.util.ThreadPool$PoolThreadRunnable.run(ThreadPool.java:609)
at java.lang.Thread.run(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:719)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:385)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:352)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:208)
at org.jboss.jetty.JBossUserRealm$User.authenticate(JBossUserRealm.java:64)
at org.mortbay.http.handler.SecurityHandler.basicAuthenticated(SecurityHandler.java:397)
at org.mortbay.http.handler.SecurityHandler.authenticatedInRole(SecurityHandler.java:315)
at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:271)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1040)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:995)
at org.mortbay.http.HttpServer.service(HttpServer.java:683)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:732)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:889)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:746)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:146)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
at org.mortbay.util.ThreadPool$PoolThreadRunnable.run(ThreadPool.java:609)
at java.lang.Thread.run(Unknown Source)
[2001-11-07 02:03:58,290,Jetty,INFO] User: foglesa is NOT authenticated
[2001-11-07 02:03:58,290,Jetty,WARN] WARNING: AUTH FAILURE: user foglesa
if I take out the castor.jar i now get this....
[2001-11-07 13:21:43,583,ConnectionFactoryLoader,DEBUG] ConnectionFactoryLoader.getObjectInstance, name = 'multiDS'
[2001-11-07 13:21:43,583,multiDS,DEBUG] Pool multiDS [1/1/10] gave out pooled object: org.jboss.resource.adapter.jdbc.local.JDBCManagedConnection@5fd251
[2001-11-07 13:21:43,583,multiDS,DEBUG] Connection handle 'org.jboss.resource.adapter.jdbc.local.ConnectionInPool@6b51d8' issued by connection manager 'org.jboss.resource.connectionmanager.jboss.MinervaSharedLocalCM@3e2893' from mcf 'org.jboss.resource.adapter.jdbc.local.JDBCManagedConnectionFactory@a0544'
[2001-11-07 13:21:43,593,multiDS,DEBUG] Connection handle 'org.jboss.resource.adapter.jdbc.local.ConnectionInPool@6b51d8' closed from connection manager 'org.jboss.resource.connectionmanager.jboss.MinervaSharedLocalCM@3e2893' from mcf 'org.jboss.resource.adapter.jdbc.local.JDBCManagedConnectionFactory@a0544'
[2001-11-07 13:21:43,593,multiDS,DEBUG] Pool multiDS [0/1/10] returned object org.jboss.resource.adapter.jdbc.local.JDBCManagedConnection@5fd251 to the pool.
[2001-11-07 13:21:43,633,Jetty,INFO] User: foglesa is authenticated
[2001-11-07 13:21:43,633,Jetty,INFO] Authorizing access, username: foglesa
[2001-11-07 13:21:43,633,Jetty,INFO] User: foglesa is authorized
which seems to work, but then I get an error 403-forbidden error from the webserver.
Any clues??
Al