3 Replies Latest reply on May 16, 2002 8:59 AM by starksm64

Login Problem with JBoss 3.0 RC2

cumulus May 9, 2002 1:18 PM

Hi,

I'm trying to use the security system in RC2 but I keep getting an exception,
"javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.UsersRolesLoginModule"
This seems strange, so I was wondering if anyone else had
tried this?

Here is some configuration info for JBOSS:
2002-05-09 09:48:16,197 INFO [org.jboss.system.server.ServerInfo] Java version: 1.3.1,Sun Microsystems Inc.
2002-05-09 09:48:16,197 INFO [org.jboss.system.server.ServerInfo] Java VM: Java HotSpot(TM) Client VM 1.3.1-b24,Sun Microsystems Inc.
2002-05-09 09:48:16,197 INFO [org.jboss.system.server.ServerInfo] OS-System: Windows NT 4.0,x86
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] Full System Properties Dump
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] java.runtime.name: Java(TM) 2 Runtime Environment, Standard Edition
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] jboss.server.base.dir: C:\jboss-3.0.0RC2\server
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] sun.boot.library.path: C:\jdk131\jre\bin
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] jboss.server.lib.url: file:/C:/jboss-3.0.0RC2/server/roche/lib/
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] java.vm.version: 1.3.1-b24
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] java.vm.vendor: Sun Microsystems Inc.
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] java.vendor.url: http://java.sun.com/
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] path.separator: ;
2002-05-09 09:48:16,197 DEBUG [org.jboss.system.server.ServerInfo] java.vm.name: Java HotSpot(TM) Client VM
__________________________________________________________

Here is the jboss.xml configuration for the EJ bean
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC
"-//JBoss//DTD JBOSS 3.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss_3_0.dtd">

<security-domain>java:/jaas/ggb2</security-domain>

<enterprise-beans>

<ejb-name>ConfigMgr</ejb-name>
<jndi-name>ggb2/config/ConfigMgr</jndi-name>

</enterprise-beans>

__________________________________________________________

Here is the login_config.xml file info:

<application-policy name = "ggb2">

<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>
__________________________________________________________

I set up the users.properties and the roles.properties files in the /conf directory to contain the correct user and role.

__________________________________________________________

Here is the error message that is received by the client:

java.rmi.ServerException: RemoteException occurred in server thread; nested exception is:
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=oconnorp
java.rmi.RemoteException: checkSecurityAssociation; nested exception is:
java.lang.SecurityException: Authentication exception, principal=oconnorp
java.lang.SecurityException: Authentication exception, principal=oconnorp
at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:240)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:215)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:117)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:128)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:108)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:73)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:76)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:185)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
at $Proxy0.create(Unknown Source)
at ggb2.guitool.config.ConfigurePanel.main(ConfigurePanel.java:577)

The problem occurs when the create() method is invoked:
...
(574) Context ctx = new InitialContext(jndiProps);
(575) Object objHome = ctx.lookup("ggb2/config/ConfigMgr")
(576) IHmConfig ejbHome = (IHmConfig)PortableRemoteObject.narrow(objHome, IHmConfig.class);
(577) mgrConfig = (IRmConfig)ejbHome.create();
...
__________________________________________________________

The output from the server, after the server starts, is minimal (see last line):
09:49:06,239 INFO [URLDeploymentScanner] Started
09:49:06,239 INFO [MainDeployer] Successfully completed deployment of package: file:/C:/jboss-3.0.0RC2/server/roche/con
f/jboss-service.xml
09:49:06,239 INFO [Server] JBoss (MX MicroKernel) [3.0.0RC2 Date:200205012027] Started in 0m:50s:893ms
09:51:32,279 ERROR [SecurityInterceptor] Authentication exception, principal=oconnorp
__________________________________________________________

The server log file shows that the JBoss class cannot be
found. Is there some change that I can make, so that the JAAS package is able to find the JBoss LoginModule?

2002-05-09 09:49:06,239 INFO [org.jboss.deployment.scanner.URLDeploymentScanner] Started
2002-05-09 09:49:06,239 DEBUG [org.jboss.deployment.MainDeployer] Final (start) deployment step successfully completed on package: jboss-service.xml
2002-05-09 09:49:06,239 INFO [org.jboss.deployment.MainDeployer] Successfully completed deployment of package: file:/C:/jboss-3.0.0RC2/server/roche/conf/jboss-service.xml
2002-05-09 09:49:06,239 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [3.0.0RC2 Date:200205012027] Started in 0m:50s:893ms
2002-05-09 09:51:32,269 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ggb2-roche] Login failure
javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.UsersRolesLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:631)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:390)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:357)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:214)
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:165)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:93)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:109)
at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
at org.jboss.ejb.Container.invoke(Container.java:727)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:491)
at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:364)
at java.lang.reflect.Method.invoke(Native Method)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:241)
at sun.rmi.transport.Transport$1.run(Transport.java:152)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:148)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:465)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:706)
at java.lang.Thread.run(Thread.java:484)
2002-05-09 09:51:32,279 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=oconnorp

Any help/suggstions would be appreciated!

Thanks,
-- Peter

1. Re: Login Problem with JBoss 3.0 RC2

cumulus May 9, 2002 3:45 PM (in response to cumulus)

There is a typo in my message above, so that the security domain names don't seem to match, but when running my tests the security domain names did match.

In trying to diagnose this problem, the error messages indicate that the principal/credential info did move from the client to the server. The log file message also indicates that the server was able to successfully load the correct login configuration. What I don't understand is why the Java JAAS package was not able to find the JBoss <login-module> UsersRolesLoginModule. I thought that the new UnifiedClassLoader would solve this problem, but perhaps I am wrong?
Actions
2. Re: Login Problem with JBoss 3.0 RC2

cumulus May 15, 2002 2:01 PM (in response to cumulus)

I was finally able to resolve the problem that I was having with JBoss RC2.

I was receiving an error related to JAAS, "javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.UsersRolesLoginModule", and this seemed very strange.

What happened, was that I had placed a copy of the jaas.jar in my JDK directory at C:\jdk131\jre\lib\ext\jaas.jar a long time ago and forgotten about it. The JVM was loading and using this copy of jaas within JBoss. Everything else was loaded by the JBoss UniversalClassLoader, and the 2 classloaders were not able to see classes loaded by the other.

So this was a problem with my own configuration, that I would not expect others to encounter. However this does show that the JBoss UniversalClassLoader may still have problems if classes are loaded by the JVM before JBoss is invoked.
Actions
3. Re: Login Problem with JBoss 3.0 RC2

starksm64 May 16, 2002 8:59 AM (in response to cumulus)

There is nothing we can do to override class loading
done via Class.forName(String) when the classes reside on the system classpath or vm extension library.
Actions

Go to original post