ClientLoginModule not throwing an exception
I can't seem to get my lc.login() method to throw a LoginException when a user login fails. I have a Java application that connects to a JBoss 3.2.3 app server. The app server reports the login fails, but the LoginContext.login() method just falls through like everything is great.
Here's my login code:
System.setProperty("java.security.auth.login.config", "auth.conf");
LoginContext lc = null;
try {
lc = new LoginContext("MyLogin",
new UsernamePasswordHandler(userInfo.getUsername(), userInfo.getPassword()));
lc.login();
} catch (LoginException e) {
// TODO: Flesh this out a bit and throw the correct security exceptions
throw new UserNotFoundException("Invalid user information.");
}
System.out.println("Login fell through.");
My auth.conf looks like:
MyLogin {
org.jboss.security.ClientLoginModule required;
};
Finally, my login-config.xml looks like this:
<application-policy name = "MyApplication"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/MyApplicationDS</module-option> <module-option name="principalsQuery">SELECT PASSWD FROM TOOL_USER WHERE NAME=?</module-option> <module-option name="rolesQuery"> SELECT USER_ROLES.TOOL_ROLE_NAME, 'Roles' FROM USER_ROLES, TOOL_USER WHERE TOOL_USER.NAME=? AND TOOL_USER.ID=USER_ROLES.TOOL_USER_ID </module-option> </login-module> </authentication> </application-policy>
I've tested the queries manually, and they all seem to work fine.
When I try to login with a bad user name, the server throws the following stack trace:
16:48:57,017 ERROR [LogInterceptor] EJBException, causedBy: java.lang.SecurityException: Authentication exception, principal=user at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164) at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81) at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120) at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93) at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319) at org.jboss.ejb.Container.invoke(Container.java:720) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284) at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546) at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:367) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261) at sun.rmi.transport.Transport$1.run(Transport.java:148) at java.security.AccessController.doPrivileged(Native Method) at sun.rmi.transport.Transport.serviceCall(Transport.java:144) at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460) at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701) at java.lang.Thread.run(Thread.java:534)
But the application returns:
Login fell through.
Shouldn't it be throwing a LoginException? Anybody have any idea what's going on?
Thanks,
Sean Bowman
