3 Replies Latest reply on Jul 22, 2002 10:12 AM by jamarkha

IBM JAAS problem

jamarkha Jul 21, 2002 11:32 AM

In using JBoss 3.0 on Win2K, I can configure and use a DatabaseServerLoginModule just fine with Sun's JDK 1.4 but in using IBM's latest 1.3 with their JAAS, it doesn't work. Any ideas? I've placed IBM's jaas.jar into the lib directory and removed Sun's jaas.jar but no luck. There are also two other JAAS-related JAR files with IBM's JAAS that I've placed in the server's lib directory but again, no luck.

Has anybody successfully used JBoss 3.0 with IBM's JDK 1.3 and IBM's JAAS?

Thanks in advance.

Jeff Markham

1. Re: IBM JAAS problem

mattvincent Jul 21, 2002 7:31 PM (in response to jamarkha)

While I don't have an immediate solution, I did spend all weekend discovering a problem very similar to this. These posts sum it up: a classloader issue with jaas.jar that's fixed with JDK1.4. Once I figured out that my application would only work with 1.4, I did not investigate further how to structure the classloaders so that it would work with JDK 1.3.1. However I can offer you the command line that Netbeans 3.2 was using to successfully run my app with JDK 1.3.1 and Tomcat 3.2 (see Netbeans classpath below)

Could you do me a favor and post the solution you come up with (even if it is just going with JDK 1.4?) Thanks.

/////////////////
// Quote 1
/////////////////

The problem lies in the behavior of jaas loading LoginModule, and LoginConfiguration objects. It only looks on the system classpath. Therefore any LoginModule or loginConfiguration objects that lives in servlets (which are loaded by the servlet container's custom loader) will not be found, hence the error. The error is not very descriptive (class not found, or file not found, what load it's using?), so it took us a while to figure it out.

I also read this limitation will be lifted in 1.4. The temporary work around is to use some sort of a proxy to load the loginModule class from the Thread context ClassLoader, which JBoss app server actually implements.

////////////////
// QUOTE 2
////////////////

I have now got my JAAS realm working doing the
following

* Add jaas.jar to the system classpath in catalina.bat
* Put all the login module classes and additional classes they require
into some location and ensure that the classpath in catalina.bat points
to them too.

The error you had

java.lang.SecurityException: unable to instantiate LoginConfiguration

is because it cannot find the sun ConfigFile class. See the class
loader Tomcat 4 doc

http://jakarta.apache.org/tomcat/tomcat-4.0-doc/class-loader-howto.html

///////////////////////////
// NETBEANS CLASSPATH
///////////////////////////

I:\java\JDK13~1.1_0\jre\bin\java -Djava.security.auth.login.config=file:I:/AppServer/JBoss-2.4.4_Tomcat-3.2.3/jboss/client/auth.conf -cp "I:\ide\netbeans\modules\jsp-tomcat.jar;
I:\ide\netbeans\modules\jsp.jar;
I:\ide\netbeans\modules\ext\jasper.jar;
I:\ide\netbeans\modules\ext\webserver.jar;;
I:\ide\netbeans\lib\ext\xerces.jar;;
I:\Code\Research\JAAS\src\web\WEB-INF\classes;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\connector.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jaas.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss-j2ee.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jbossmq-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jbosssx-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jndi.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jnp-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\log4j.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jmxri.jar;
I:\Code\Research\JAAS\src\web;
I:\Code\Research\JAAS\lib\jboss.jar;
I:\Code\Research\JAAS\lib\jmxri.jar;
I:\Code\Research\JAAS\src\WEB-INF\classes;
I:\Code\Research\JAAS\src\java;
I:\Code\Research\JAAS\src\metadata;
I:\Code\Research\JAAS\src\web\WEB-INF\classes;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\connector.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jaas.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss-j2ee.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jboss.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jbossmq-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jbosssx-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jmxri.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jndi.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\jnp-client.jar;
I:\Code\Research\JAAS\src\web\WEB-INF\lib\log4j.jar;
I:\ide\netbeans\beans\TimerBean.jar;
I:\ide\netbeans\modules\ext\AbsoluteLayout.jar;
I:\ide\netbeans\modules\ext\servlet-2.2.jar;
I:\ide\netbeans\system;I:\ide\netbeans_userdir\system
" org.netbeans.modules.web.tomcat.WebAppMain
"I:\ide\netbeans_userdir\system\tomcat\server.xml"
"I:\ide\netbeans_userdir\system\tomcat"
Actions
2. Re: IBM JAAS problem

mattvincent Jul 21, 2002 7:35 PM (in response to jamarkha)

Also, I assume you've checked out this article?

http://www-106.ibm.com/developerworks/java/library/j-jaas/jaas-sidebar.html
Actions
3. Re: IBM JAAS problem

jamarkha Jul 22, 2002 10:12 AM (in response to jamarkha)

After monkeying with it for too long, I just uninstalled IBM's JDK and IBM's JAAS, reinstalled just the JDK and things are fine.

The article you pointed me to was somewhat helpful. I believe the example there might have worked had I been using auth.conf instead of login-config.xml.

Because the DatabaseServerLoginModule can work using just IBM's JDK without their JAAS plug-in, I'm inclined to think that it's not necessarily a class loader issue but an issue with their JAAS implementation. I have a client that switched from using Sun's JDK on a Linux server to IBM's JDK/JAAS combo and although the performance of the IBM JDK is fantastic, there are a few buggy JAAS issues. One example is that the 'flushAuthenticationCache' doesn't work anymore.

Thanks for your help,

Jeff Markham
Actions

Go to original post