-
1. Re: UsernamePasswordLoginModule
luke_t Dec 28, 2001 11:12 AM (in response to snorman)
> I am stuck because I am not sure how to assign the role of "Echo" to the username "java".
Hi,
You want to change your getRoleSets() implementation to something like:
public Group[] getRoleSets()
{
SimpleGroup groups[] = new SimpleGroup[1];
groups[0] = new SimpleGroup("Roles");
groups[0].addMember(new SimplePrincipal("Echo"));
return groups;
}
You then have a single group called "Roles" which contains one principal - the role "Echo". This is the standard pattern used by JBoss to store the rolenames.
Remember that this is not actually specified by JAAS - this is just how JBoss uses JAAS.
You then have every user with the password "password" and the role "Echo". Is this what you were after?
Luke. -
2. Re: UsernamePasswordLoginModule
snorman Dec 28, 2001 4:56 PM (in response to snorman)Thanks for your reply Luke!
The info you provided has helped me understand how Jboss implements JAAS... I have made the changes but, I still am having a problem. I am getting the following message:
[Jetty] Authenticating access, username: java
[Jetty] User: java is NOT authenticated
[Jetty] AUTH FAILURE: user java
I do not think that Jboss is using my custom login module define in auth.conf. If I use a fictious class name in this file I get the same error.
I put my login module in a jar file that I then put into my jboss classpath... should that work?
Thanks for any help anyone can provide...
Steve -
3. Re: UsernamePasswordLoginModule
luke_t Dec 29, 2001 12:38 PM (in response to snorman)Hi,
Have you specified a security domain for your application? You need to do this, otherwise your
application will just end up using the "other" entry in auth.conf.
You should do this in both your jboss.xml (if you have EJBs) and jboss-web.xml files. Each should contain the following:
<security-domain>java:/jaas/other</security-domain>
with "other" changed to the name of your configuration (e.g. "example1").
If you get errors, can you post the exceptions which are output by the server. Check the server log, not just the console output.
Luke. -
4. Re: UsernamePasswordLoginModule
snorman Jan 2, 2002 12:05 PM (in response to snorman)Luke,
Thanks for the info it helped...
My security domain is "example1", because I was not looking at the server log I was not seeing the full error message. First, I was getting an error because I did not have a no argument constructor for my custom login module. I created an empty no argument constructor which removed that error but, now I am getting the following:
[Service Control] Started 54 services
[Default] JBoss 2.4.1 Started in 0m:10s
[Jetty] +++ JBossUserRealm.getUser, username=java
[Jetty] Authenticating access, username: java
[example1] Login failure
javax.security.auth.login.LoginException: unable to access LoginModule: null
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:635)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:361)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:328)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
at org.jboss.jetty.JBossUserRealm$User.authenticate(JBossUserRealm.java:58)
at org.mortbay.http.handler.SecurityHandler.basicAuthenticated(SecurityHandler.java:378)
at org.mortbay.http.handler.SecurityHandler.authenticatedInRole(SecurityHandler.java:296)
at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:263)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1027)
at org.mortbay.http.HandlerContext.handle(HandlerContext.java:982)
at org.mortbay.http.HttpServer.service(HttpServer.java:674)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:732)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:889)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:746)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:146)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
at org.mortbay.util.ThreadPool$PoolThreadRunnable.run(ThreadPool.java:613)
at java.lang.Thread.run(Thread.java:484)
[Jetty] User: java is NOT authenticated
Thanks for the help! -
5. Re: UsernamePasswordLoginModule
luke_t Jan 2, 2002 2:39 PM (in response to snorman)What does your auth.conf file look like now?
Have you tried the same app with JBoss/Tomcat, and a newer JBoss/Jetty bundle to see if it works with either of them?
Luke. -
6. Re: UsernamePasswordLoginModule
snorman Jan 3, 2002 8:57 AM (in response to snorman)I've upgraded and tried with both
Jboss 2.4.4-Jetty-3.1.3-1 and
Jboss 2.4.4-Tomcat-4.0.1
and I am still getting the same error.
The following is my auth.conf
// The JBoss server side JAAS login config file for the examples
example1 {
MemberLoginModule required
unauthenticatedIdentity=nobody
debug="true"
;
};
Also, here is some more messages from the server log in case it helps:
09:05:10,971,Default] lookup securityDomain manager name: java:/jaas/example1
[09:05:11,051,JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@4391c3
[09:05:11,061,JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@758500
[09:05:11,061,example1] CachePolicy set to: org.jboss.util.TimedCachePolicy@758500
[09:05:11,061,JaasSecurityManagerService] Added example1, org.jboss.security.plugins.SecurityDomainContext@6ed322 to map
[09:05:11,192,Default] lookup securityDomain manager name: java:/jaas/example1
[09:05:11,282,StatelessSessionContainer] Binding securityDomain: java:/jaas/example1 to JDNI ENC as: security/security-domain
[09:05:11,342,StatefulSessionContainer] Binding securityDomain: java:/jaas/example1 to JDNI ENC as: security/security-domain
[09:05:12,283,EmbeddedCatalinaServiceSX] Linking security/securityMgr to JNDI name: java:/jaas/example1
[09:05:12,944,EmbeddedCatalinaServiceSX] Binding security/securityMgr to NullSecurityManager
[09:05:13,064,Default] JBoss-2.4.4 Started in 0m:6s.609
[09:05:22,578,example1] Login failure
javax.security.auth.login.LoginException: unable to access LoginModule: null
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:635)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:394)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:361)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:217)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:253)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)
THANKS! -
7. Re: UsernamePasswordLoginModule
luke_t Jan 5, 2002 9:37 PM (in response to snorman)Hmmm. I dunno. Where are you putting your login module class? Even if that's not found, I wouldn't expect an error like the one you're seeing.
I've mainly used the tomcat 3.2 bundles so perhaps you could try it with that. Otherwise could you send me a copy of the example you have that reproduces the problem?
Luke.