1 2 Previous Next 17 Replies Latest reply on Nov 12, 2004 1:31 PM by pablojavierpy

    Principal=null.... please help me

    craig1980

      Hi all; i'm using a great WfMS called wfmOpen; now i have a problem.. i must call a secure EJB; this EJB is in a secure domain called "danet-workflow"; all the "people" who can call it must have a role: "StaffManagementRole_0"; now i have created a my web appplication; i have a login.jsp page, a filter, a servlet, and a java class; now the java code of the filter is:

      import java.io.IOException;
      
      import java.lang.reflect.InvocationTargetException;
      import java.lang.reflect.Method;
      import java.security.PrivilegedAction;
      import java.security.PrivilegedActionException;
      import java.security.PrivilegedExceptionAction;
      
      import javax.security.auth.Subject;
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.callback.TextOutputCallback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      import javax.security.auth.login.LoginContext;
      import javax.security.auth.login.LoginException;
      import javax.servlet.Filter;
      import javax.servlet.FilterChain;
      import javax.servlet.FilterConfig;
      import javax.servlet.ServletException;
      import javax.servlet.ServletRequest;
      import javax.servlet.ServletResponse;
      import javax.servlet.http.HttpServletRequest;
      
      public class LoginFilter implements Filter {
      
       private String applicationPolicy = null;
       private static final org.apache.commons.logging.Log logger
       = org.apache.commons.logging.LogFactory.getLog
       (LoginFilter.class);
      
       /**
       * Simple login context for authentication.
       */
       private static class LoginFilterLoginContext extends LoginContext {
      
       private static class CBH implements CallbackHandler {
       private String userName = null;
       private String password = null;
      
       public CBH(String userName, String password) {
       this.userName = userName;
       this.password = password;
       }
      
       public void handle(Callback[] callbacks) throws
       UnsupportedCallbackException, IOException {
       for (int i = 0; i < callbacks.length; i++) {
       if (callbacks instanceof TextOutputCallback) {
       // display the message according to the specified type
       TextOutputCallback toc
       = (TextOutputCallback) callbacks;
       switch (toc.getMessageType()) {
       case TextOutputCallback.INFORMATION:
       System.err.println(toc.getMessage());
       break;
       case TextOutputCallback.ERROR:
       System.err.println("ERROR: " + toc.getMessage());
       break;
       case TextOutputCallback.WARNING:
       System.err.println("WARNING: " + toc.getMessage());
       break;
       default:
       throw new IOException
       ("Unsupported message type: "
       + toc.getMessageType());
       }
       } else if (callbacks instanceof NameCallback) {
       // prompt the user for a username
       NameCallback nc = (NameCallback) callbacks;
       nc.setName(userName);
       } else if (callbacks instanceof PasswordCallback) {
       // prompt the user for sensitive information
       PasswordCallback pc = (PasswordCallback) callbacks;
       pc.setPassword(password.toCharArray());
       } else if (callbacks.getClass().getName().equals
       ("weblogic.security.auth.callback.URLCallback")) {
       } else {
       throw new UnsupportedCallbackException
       (callbacks, "Unrecognized Callback \""
       + callbacks.getClass().getName() + "\"");
       }
       }
       }
       }
      
      
       public LoginFilterLoginContext
       (String applicationPolicy, String userName, String password) throws
       LoginException {
       super(applicationPolicy, new CBH(userName, password));
       }
       }
      
      
       /** The WLS security class. Indicates if WLS security is used. */
       private Class wlsSec = null;
      
       /** The context used for the login and logout operations */
       private LoginContext loginContext;
      
       /**
       * Initialize the filter.
       *
       * @param filterConfig the filter configuration information
       * @throws ServletException if the login context cannot be created
       */
       public void init(FilterConfig filterConfig) throws ServletException {
       // first, find out if we have WLS security
       try {
       wlsSec = Thread.currentThread().getContextClassLoader()
       .loadClass("weblogic.security.Security");
       } catch (ClassNotFoundException e) {
       // OK, not WLS client
       logger.debug("No WLS security class, not using WLS security");
       }
      
       // now get the parameters
       applicationPolicy
       = filterConfig.getInitParameter("ApplicationPolicy");
       if (applicationPolicy == null) {
       applicationPolicy = "client-login";
       }
       }
      
       /**
       * Do nothing.
       */
       public void destroy() {}
      
       /**
       * Perform a login, call the next filter on the filter chain and
       * perform a logout.
       *
       * @param request the request
       * @param response the response
       * @param chain the filter chain
       * @throws IOException IOException
       * @throws ServletException ServletException
       */
       public void doFilter
       (ServletRequest request, ServletResponse response,
       FilterChain chain) throws IOException, ServletException {
      
       HttpServletRequest req = ( ( HttpServletRequest )( request ) );
       String userName = req.getParameter("username");
       String password = req.getParameter("password");
       if (logger.isDebugEnabled()) {
       logger.debug("Configured to use application policy \""
       + applicationPolicy + "\", user name \""
       + userName + "\" and "
       + (password == null ? " no password."
       : "a (non-disclosed) password."));
       }
       System.out.println( "Username: "+ userName+ " password: "+ password );
       // finally, create login context
       try {
       loginContext = new LoginFilterLoginContext
       (applicationPolicy, userName, password);
       } catch (LoginException e) {
       throw new ServletException
       ("Cannot create LoginContext: " + e.getMessage(), e);
       }
       try {
       loginContext.login();
       } catch (LoginException e) {
       throw new ServletException("Cannot login: " + e.getMessage(), e);
       }
       try {
       if (wlsSec != null) {
       // Use WLS security. Use reflection to avoid code
       // dependency on WLS
       try {
       Class[] ats = new Class[] {Subject.class, PrivilegedAction.class};
       Method m = wlsSec.getMethod("runAs", ats);
       final FilterChain chainArg = chain;
       final ServletRequest reqArg = request;
       final ServletResponse resArg = response;
       Object[] args = new Object[] {
       loginContext.getSubject(),
       new PrivilegedExceptionAction() {
       public Object run() throws Exception {
       chainArg.doFilter(reqArg, resArg);
       return null;
       }
       }
       } ;
       m.invoke(null, args);
       } catch (NoSuchMethodException e) {
       logger.error(e.getMessage(), e);
       throw new IllegalStateException(e.getMessage());
       } catch (SecurityException e) {
       logger.error(e.getMessage(), e);
       throw new IllegalStateException(e.getMessage());
       } catch (IllegalAccessException e) {
       logger.error(e.getMessage(), e);
       throw new IllegalStateException(e.getMessage());
       } catch (InvocationTargetException e) {
       if (e.getTargetException()
       instanceof PrivilegedActionException) {
       PrivilegedActionException pe
       = (PrivilegedActionException) e.
       getTargetException();
       if (pe.getException() instanceof IOException) {
       throw (IOException) pe.getException();
       }
       if (pe.getException() instanceof ServletException) {
       throw (ServletException) pe.getException();
       }
       }
       logger.error(e.getMessage(), e);
       throw new IllegalStateException(e.getMessage());
       }
       } else {
       // Use JBoss security.
       chain.doFilter(request, response);
       }
       } finally {
       try {
       loginContext.logout();
       } catch (LoginException e) {
       throw new ServletException
       ("Cannot logout: " + e.getMessage(), e);
       }
       }
       }
      
       }


      The sevlet code is:

      import java.lang.reflect.InvocationTargetException;
      import java.lang.reflect.Method;
      import java.security.PrivilegedAction;
      import java.security.PrivilegedActionException;
      import java.security.PrivilegedExceptionAction;
      
      import javax.security.auth.Subject;
      import javax.security.auth.callback.Callback;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.callback.NameCallback;
      import javax.security.auth.callback.PasswordCallback;
      import javax.security.auth.callback.TextOutputCallback;
      import javax.security.auth.callback.UnsupportedCallbackException;
      import javax.security.auth.login.LoginContext;
      import javax.security.auth.login.LoginException;
      import javax.servlet.Filter;
      import javax.servlet.FilterChain;
      import javax.servlet.FilterConfig;
      import javax.servlet.ServletException;
      import javax.servlet.ServletRequest;
      import javax.servlet.ServletResponse;
      import javax.servlet.http.HttpServletRequest;
      import javax.servlet.http.HttpServletResponse;
      import javax.servlet.http.HttpServlet;
      import javax.servlet.http.HttpSession;
      
      import java.io.IOException;
      
      public class Dispatcher extends HttpServlet {
      
       /** The WLS security class. Indicates if WLS security is used. */
       private Class wlsSec = null;
      
       /** The context used for the login and logout operations */
       private LoginContext loginContext;
       private static final org.apache.commons.logging.Log logger
       = org.apache.commons.logging.LogFactory.getLog
       (Dispatcher.class);
      
       private String applicationPolicy = "client-login";
      
       //Initialize global variables
       public void init() throws ServletException {
       }
      
       //Process the HTTP Get request
       public void doGet(HttpServletRequest request, HttpServletResponse response) throws
       ServletException, IOException {
       doPost( request, response );
       }
      
       //Process the HTTP Post request
       public void doPost(HttpServletRequest request, HttpServletResponse response) throws
       ServletException, IOException {
      
       String username = request.getParameter( "username" );
       String password = request.getParameter( "password" );
       System.out.println( "Tento login con username: ["+ username+ "] e password: ["+password+"]" );
       try {
       LoginContext log = new LoginFilterLoginContext(applicationPolicy,
       username, password);
       System.out.println( "LoginContext creato" );
       log.login();
       System.out.println( "Loggato vado al main" );
       HttpSession session = request.getSession();
       if( session == null ){
      
       session = request.getSession( true );
       }
       session.setAttribute( "usename", username );
       session.setAttribute( "password", password );
       response.sendRedirect( "processDef.jsp" );
       } catch (LoginException ex) {
      
       ex.printStackTrace();
       }
       }
      
       //Clean up resources
       public void destroy() {
       }
      
       private static class LoginFilterLoginContext extends LoginContext {
      
       private static class CBH implements CallbackHandler {
       private String userName = null;
       private String password = null;
      
       public CBH (String userName, String password) {
       this.userName = userName;
       this.password = password;
       }
      
       public void handle (Callback[] callbacks)
       throws UnsupportedCallbackException, IOException {
       for (int i = 0; i < callbacks.length; i++) {
       if (callbacks instanceof TextOutputCallback) {
       // display the message according to the specified type
       TextOutputCallback toc
       = (TextOutputCallback)callbacks;
       switch (toc.getMessageType()) {
       case TextOutputCallback.INFORMATION:
       System.err.println(toc.getMessage());
       break;
       case TextOutputCallback.ERROR:
       System.err.println("ERROR: " + toc.getMessage());
       break;
       case TextOutputCallback.WARNING:
       System.err.println("WARNING: " + toc.getMessage());
       break;
       default:
       throw new IOException
       ("Unsupported message type: "
       + toc.getMessageType());
       }
       } else if (callbacks instanceof NameCallback) {
       // prompt the user for a username
       NameCallback nc = (NameCallback)callbacks;
       nc.setName(userName);
       } else if (callbacks instanceof PasswordCallback) {
       // prompt the user for sensitive information
       PasswordCallback pc = (PasswordCallback)callbacks;
       pc.setPassword(password.toCharArray());
       } else if (callbacks.getClass().getName().equals
       ("weblogic.security.auth.callback.URLCallback")) {
       } else {
       throw new UnsupportedCallbackException
       (callbacks, "Unrecognized Callback \""
       + callbacks.getClass().getName() + "\"");
       }
       }
       }
       }
      
       public LoginFilterLoginContext
       (String applicationPolicy, String userName, String password)
       throws LoginException {
       super (applicationPolicy, new CBH(userName, password));
       }
       }
       }


      My java class that calls the EJB is this one:

      import java.util.Collection;
      
      import de.danet.an.workflow.api.WorkflowServiceFactory;
      import de.danet.an.workflow.api.WorkflowService;
      import de.danet.an.util.Util;
      
      import java.rmi.RemoteException;
      public class WorkflowInteraction {
       private WorkflowService wfServ;
       public WorkflowInteraction() {
      
       wfServ = WorkflowServiceFactory.newInstance().newWorkflowService();
       }
      
       public Collection getProcessDefinitions() throws RemoteException {
      
       return wfServ.processDefinitionDirectory().processDefinitions();
       }
      }


      This is my web.xml of my .war file that is in an .ear archive:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
      <web-app>
      <display-name>Demo Engineering</display-name>
      <description>Semplice demo per l'utilizzo di wfmOpen per Engineering Ingegneria Informatica</description>
      <filter>
      <filter-name>LoginFilter</filter-name>
      <description>
      </description>
      <filter-class>it.eng.nikko.demo.web.login.LoginFilter</filter-class>
      <init-param>
      <param-name>ApplicationPolicy</param-name>
      <param-value>client-login</param-value>
      </init-param>
      </filter>
      <filter-mapping>
      <filter-name>LoginFilter</filter-name>
      <servlet-name>dispatcher</servlet-name>
      </filter-mapping>
      <servlet>
      <servlet-name>dispatcher</servlet-name>
      <servlet-class>it.eng.nikko.demo.web.login.Dispatcher</servlet-class>
      <security-role-ref>
      <role-name>SecurityRoleRef1</role-name>
      <role-link>StaffManagementUser</role-link>
      </security-role-ref>
      </servlet>
      <servlet-mapping>
      <servlet-name>dispatcher</servlet-name>
      <url-pattern>/dispatcher</url-pattern>
      </servlet-mapping>
      <security-constraint>
      <display-name>SecurityConstraint1</display-name>
      <web-resource-collection>
      <web-resource-name>LoginFilterTestCollection</web-resource-name>
      <http-method>DELETE</http-method>
      <http-method>HEAD</http-method>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>PUT</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>StaffManagementUser</role-name>
      </auth-constraint>
      </security-constraint>
      <login-config>
      <auth-method>FORM</auth-method>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/error.html</form-error-page>
      </form-login-config>
      </login-config>
      <security-role>
      <description>Richiesto per l'EJB</description>
      <role-name>StaffManagementRole_0</role-name>
      </security-role>
      <security-role>
      <description>Default</description>
      <role-name>StaffManagementUser</role-name>
      </security-role>
      <ejb-ref>
      <description>Mi riferisco al workflow EJB</description>
      <ejb-ref-name>ejb/Engine</ejb-ref-name>
      <ejb-ref-type>Session</ejb-ref-type>
      <home>de.danet.an.workflow.ejbs.WorkflowEngineHome</home>
      <remote>de.danet.an.workflow.ejbs.WorkflowEngine</remote>
      <ejb-link>Engine</ejb-link>
      </ejb-ref>
      </web-app>


      This is the jboss-boss.xml of my .war archive:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
      <jboss-web>
      <security-domain>java:/jaas/danetworkflow</security-domain>
      <context-root>demo</context-root>
      <ejb-ref>
      <ejb-ref-name>ejb/Engine</ejb-ref-name>
      <jndi-name>jnp://localhost:1099/WorkflowEngine</jndi-name>
      </ejb-ref>
      </jboss-web>

      In my .ear archive there is this application.xml:
      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE application PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN" "http://java.sun.com/dtd/application_1_3.dtd">
      <application>
      <display-name>it.eng.demo.ContentEar</display-name>
      <module>
      <ejb>de.danet.an.wfcore-ejbs.jar</ejb>
      </module>
      <module>
      <ejb>de.danet.an.webform-ejbs.jar</ejb>
      </module>
      <module>
      <ejb>de.danet.an.util-ejbs.jar</ejb>
      </module>
      <module>
      <ejb>de.danet.an.staffmgmt-ejbs.jar</ejb>
      </module>
      <module>
      <web>
      <web-uri>it.eng.demo.ContentWar.war</web-uri>
      <context-root>demo</context-root>
      </web>
      </module>
      <security-role>
      <description>Role richiesto per il Principal</description>
      <role-name>StaffManagementRole_0</role-name>
      </security-role>
      <security-role>
      <description>Management Utente per il wf</description>
      <role-name>StaffManagementUser</role-name>
      </security-role>
      </application>


      and this jboss-app.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss-app PUBLIC "-//JBoss//DTD J2EE Application 1.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-app_3_2.dtd">
      <jboss-app>
      <loader-repository>workflow.demo.eng.it:loader=it.eng.demo.ContentEar.ear</loader-repository>
      <module>
      <service>destination-service.sar</service>
      </module>
      <module>
      <service>de.danet.an.util-ejbtimer.sar</service>
      </module>
      </jboss-app>


      Well......the deploy is good; i can call the login.jsp page by using this url:
      http://localhost:8080/demo/login.jsp; i insert ML/ML as username/password but when i click the submit i have this error:

      08:58:14,625 INFO [STDOUT] Username: ML password: ML
      08:58:14,625 INFO [STDOUT] Tento login con username: [ML] e password: [ML]
      08:58:14,635 INFO [STDOUT] LoginContext creato
      08:58:14,635 INFO [STDOUT] Loggato vado al main
      08:58:14,695 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      08:58:14,695 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
      at org.jboss.ejb.Container.invoke(Container.java:743)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy116.create(Unknown Source)
      at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:206)
      at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
      at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)
      08:58:14,705 ERROR [StandardWorkflowServiceFactory] EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      java.rmi.ServerException: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
      at org.jboss.ejb.Container.invoke(Container.java:743)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy116.create(Unknown Source)
      at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:206)
      at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
      at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)
      Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:230)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
      ... 59 more
      08:58:14,726 ERROR [Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
      de.danet.an.workflow.api.FactoryConfigurationError: Cannot create WorkflowEngineEJB: EJBException:; nested exception is:
      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
      Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
      at de.danet.an.workflow.ejbs.client.StandardWorkflowServiceFactory.newWorkflowService(StandardWorkflowServiceFactory.java:220)
      at it.eng.nikko.demo.wf.WorkflowInteraction.<init>(WorkflowInteraction.java:14)
      at org.apache.jsp.processDef_jsp._jspService(processDef_jsp.java:60)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)


      As you can see the principal is null.... how can i avoid this? How can i solve this problem? Can anybody give me a help, please? Thanks to all and i excuse if this post is too long, but i have tried to be as clear as possible. Thanks again


        • 1. Re: Principal=null.... please help me
          craig1980

          Hi again; i have forgotten that in the login-config.xml i have inserted this:

          <!-- Bind workflow security domain to staffmgmt authentication -->
          <application-policy name = "danetworkflow">
          <authentication>
          <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
          flag = "required">
          <module-option name = "moduleName">de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule</module-option>
          <module-option name = "unauthenticatedIdentity">nobody</module-option>
          <module-option name = "dsJndiName">java:/DefaultDS</module-option>
          <module-option name = "daemonUsername">daemon</module-option>
          <module-option name = "daemonPassword">Afaik,tiagp.</module-option>
          </login-module>
          </authentication>
          </application-policy>

          <!-- Bind workflow security domain to staffmgmt authentication -->
          <application-policy name = "danetworkflow-ia">
          <authentication>
          <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
          flag = "required">
          <module-option name = "moduleName">de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule</module-option>
          <module-option name = "dsJndiName">java:/DefaultDS</module-option>
          <module-option name = "Principal">StaffManagementRole_0</module-option>
          </login-module>
          </authentication>
          </application-policy>


          If you can, please help me.. thanks

          • 2. Re: Principal=null.... please help me
            craig1980

            Hi i haven't showed the de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule, here it is:

            import java.security.acl.Group;
            import java.util.Map;
            import java.util.List;
            import java.util.ArrayList;
            import java.sql.Connection;
            import java.sql.Statement;
            import java.sql.PreparedStatement;
            import java.sql.ResultSet;
            import java.sql.SQLException;
            import javax.sql.DataSource;
            import javax.naming.InitialContext;
            import javax.naming.NamingException;
            import javax.security.auth.Subject;
            import javax.security.auth.callback.CallbackHandler;
            import javax.security.auth.login.LoginException;
            import org.jboss.security.SimpleGroup;
            import org.jboss.security.SimplePrincipal;
            import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
            
            /**
             * A login module that uses methods from the staff management package
             * to authenticate the users.<P>
             *
             * The resulting LoginContext has as CallerPrincipal
             * "<code>StaffManagementMember_<i>DBId</i></code>" where
             * <code><i>DBId</i></code> is the primary key of the
             * <code>StaffManagementMember</code>.<P>
             *
             * Every authenticated user has a default role
             * "<code>StaffManagementUser</code>" assigned. Additional
             * roles are derived from the group memberships of the authenticated
             * member. Groups with primary keys less than 100 have role names
             * "<code>StaffManagementRole_<i>DBId</i></code>" where
             * <code><i>DBId</i></code> is the primary key of the
             * <code>StaffManagementGroup</code>. For other groups the group
             * name is used directly as role name.<P>
             *
             * Groups with primary keys below 100 are handled specially to simplify
             * internationalization. Those group ids are never assigned when a group
             * is created. Rather, those are predefined groups such as "administrators"
             * with permissions properly configured in the deployment descriptors.
             * By using "<code>StaffManagementRole_<i>DBId</i></code>" as role,
             * it is not necessary to modify the deployment descriptors when the
             * group name of those administrative groups is changed.
             */
            public class StaffMemberLoginModule extends UsernamePasswordLoginModule {
            
             private String dsJndiName;
             private String daemonUsername = null;
             private String daemonPassword = null;
            
             /**
             * Initialize this LoginModule.
             */
             public void initialize(Subject subject, CallbackHandler callbackHandler,
             Map sharedState, Map options) {
             super.initialize(subject, callbackHandler, sharedState, options);
            
             dsJndiName = (String) options.get("dsJndiName");
             if( dsJndiName == null ) {
             dsJndiName = "java:/DefaultDS";
             }
            
             daemonUsername = (String) options.get("daemonUsername");
             daemonPassword = (String) options.get("daemonPassword");
             }
            
             /**
             * Return <code>null</code> as the cleartext password is not available.
             * This is not a problem as we override <code>validatePassword</code>
             * as well.
             * @return null
             * @throws LoginException as defined by the interface, not really thrown.
             */
             protected String getUsersPassword() throws LoginException {
             return null;
             }
            
             /**
             * The validation of the input password against the expected password.
             * This version ignores the value of the expected password and uses
             * methods from staff management to verify the password.
             * @param inputPassword the password as given by the user.
             * @param expectedPassword the expected password, ignored.
             * @return true if the inputPassword is valid, false otherwise.
             */
             protected boolean validatePassword
             (String inputPassword, String expectedPassword) {
             if(getUsername() == null || inputPassword == null) {
             return false;
             }
             if (daemonUsername != null && getUsername().equals (daemonUsername)
             && daemonPassword != null
             && inputPassword.equals (daemonPassword)) {
             return true;
             }
             Connection con = null;
             PreparedStatement ps = null;
             ResultSet rs = null;
             try {
             InitialContext ctx = new InitialContext();
             DataSource ds = (DataSource) ctx.lookup(dsJndiName);
             con = ds.getConnection();
             // Get the password
             ps = con.prepareStatement
             ("SELECT PASSWORD FROM STAFFMEMBER WHERE MEMBERID = ?");
             ps.setString(1, getUsername());
             rs = ps.executeQuery();
             if(rs.next()) {
             return rs.getString(1).equals (inputPassword);
             }
             } catch(NamingException ex) {
             ex.printStackTrace();
             } catch(SQLException ex) {
             ex.printStackTrace();
             } finally {
             try {
             closeAll (rs, ps, con);
             } catch (SQLException ex) {
             ex.printStackTrace();
             }
             }
             return false;
             }
            
             /**
             * Overriden to return the Groups that correspond to the role sets
             * assigned to the user. Creates a Group named "Roles" that
             * contains the Role "StaffManagementUser". A second group is
             * "CallerPrincipal" that provides the
             * {@link de.danet.an.staffmgmt.domain.StaffMember#key
             * application identity} rather than the security domain identity.
             * @return Group[] containing the sets of roles
             * @throws LoginException as defined by the interface, not really thrown.
             */
             protected Group[] getRoleSets() throws LoginException {
             if (getUnauthenticatedIdentity() != null
             && getIdentity().equals (getUnauthenticatedIdentity())) {
             Group[] grps = new Group[0];
             return grps;
             }
             if (daemonUsername != null && getUsername().equals (daemonUsername)) {
             // Create Caller Principal
             SimpleGroup princip = new SimpleGroup("CallerPrincipal");
             princip.addMember
             (new SimplePrincipal ("StaffManagementMember_Daemon"));
             // create roles, start with default role
             Group roles = new SimpleGroup("Roles");
             SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
             roles.addMember(p);
             p = new SimplePrincipal("StaffManagementRole_Daemon");
             roles.addMember(p);
             Group[] grps = new Group[] { princip, roles };
             return grps;
             }
             List groups = new ArrayList();
             // gather information
             Connection con = null;
             try {
             // prepare db connection
             InitialContext ctx = new InitialContext();
             DataSource ds = (DataSource) ctx.lookup(dsJndiName);
             con = ds.getConnection();
             // Create Caller Principal
             long memberDBId = addCallerPrincipal (con, groups);
             // create roles, start with default role
             SimpleGroup rolesGroup = new SimpleGroup("Roles");
             groups.add (rolesGroup);
             SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
             rolesGroup.addMember(p);
             // add roles from db
             addGroupsAsRoles (con, rolesGroup, memberDBId, true);
             } catch(NamingException ex) {
             throw new LoginException(ex.toString(true));
             } catch(SQLException ex) {
             ex.printStackTrace();
             throw new LoginException(ex.toString());
             } finally {
             try {
             closeAll (null, null, con);
             } catch (SQLException ex) {
             ex.printStackTrace();
             throw new LoginException(ex.toString());
             }
             }
            
             Group[] roleSets = new Group[groups.size()];
             groups.toArray(roleSets);
             return roleSets;
             }
            
             /**
             * Adds the "CallerPrincipal" group with the autheticated user as
             * principal to the groups.
             *
             * @param con the connection to the database.
             * @param groups the groups.
             * @return the DBId of the authenticated user.
             */
             private long addCallerPrincipal (Connection con, List groups)
             throws SQLException, LoginException {
             PreparedStatement ps = null;
             ResultSet rs = null;
             long dbid = 0;
             try {
             ps = con.prepareStatement
             ("SELECT DBID FROM STAFFMEMBER WHERE MEMBERID = ?");
             ps.setString(1, getUsername());
             rs = ps.executeQuery();
             if(! rs.next()) {
             throw new LoginException
             ("Authenticated user vanished from table");
             }
             dbid = rs.getLong(1);
             SimpleGroup rolesGroup = new SimpleGroup("CallerPrincipal");
             groups.add(rolesGroup);
             rolesGroup.addMember
             (new SimplePrincipal
             ("StaffManagementMember_" + dbid));
             } finally {
             closeAll (rs, ps, null);
             }
             return dbid;
             }
            
             /**
             * Adds the roles derived from the groups in the database.
             *
             * @param con the connection to the database.
             * @param roles the groups.
             * @param id the dbid for which to add the groups.
             * @param isMember <code>true</code> if <code>id</code> is a
             * staff member id (not a staff group id).
             * @return the DBId of the authenticated user.
             */
             private void addGroupsAsRoles (Connection con, SimpleGroup roles,
             long id, boolean isMember)
             throws SQLException, LoginException {
             PreparedStatement ps = null;
             ResultSet rs = null;
             try {
             String type = "M";
             if (!isMember) {
             type = "G";
             }
             ps = con.prepareStatement
             ("SELECT GROUPID FROM STAFFMAP "
             + "WHERE CONTAINED = ? AND TYPE = ?");
             ps.setLong(1, id);
             ps.setString(2, type);
             rs = ps.executeQuery();
             while(rs.next()) {
             long grpId = rs.getLong(1);
             if (grpId < 100) {
             roles.addMember (new SimplePrincipal
             ("StaffManagementRole_" + grpId));
             } else {
             roles.addMember
             (new SimplePrincipal (lookupGroup (con, grpId)));
             }
             addGroupsAsRoles (con, roles, grpId, false);
             }
             } finally {
             closeAll (rs, ps, null);
             }
             }
            
             /**
             * Looks up the group name for a given group id.
             *
             * @param con the connection to the database.
             * @param id the group id
             * @return the group name.
             */
             private String lookupGroup (Connection con, long grpId)
             throws SQLException, LoginException {
             PreparedStatement ps = null;
             ResultSet rs = null;
             try {
             ps = con.prepareStatement
             ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?");
             ps.setLong(1, grpId);
             rs = ps.executeQuery();
             if (!rs.next()) {
             throw new LoginException
             ("Group vanished from table");
             }
             return rs.getString(1);
             } finally {
             closeAll (rs, ps, null);
             }
             }
            
             /**
             * Close a connection, a prepared statement or a statement and a
             * result set, if allocated, i.e. if != null.
             * @param rs a result set or null.
             * @param st a prepared statement, statement or null
             * @param con a connection or null.
             * @throws SQLException if a sql error occurs.
             */
             private void closeAll (ResultSet rs, Statement st,
             Connection con) throws SQLException {
             if (rs != null) {
             rs.close ();
             }
             if (st != null) {
             st.close ();
             }
             if (con != null) {
             con.close ();
             }
             }
            }


            • 3. Re: Principal=null.... please help me
              craig1980

              Hi again.. well i have changed my servlet code; now it's this one:

              import java.lang.reflect.InvocationTargetException;
              import java.lang.reflect.Method;
              import java.security.PrivilegedAction;
              import java.security.PrivilegedActionException;
              import java.security.PrivilegedExceptionAction;
              import java.security.Principal;
              
              import java.util.Set;
              import java.util.Iterator;
              
              import javax.security.auth.Subject;
              import javax.security.auth.callback.Callback;
              import javax.security.auth.callback.CallbackHandler;
              import javax.security.auth.callback.NameCallback;
              import javax.security.auth.callback.PasswordCallback;
              import javax.security.auth.callback.TextOutputCallback;
              import javax.security.auth.callback.UnsupportedCallbackException;
              import javax.security.auth.login.LoginContext;
              import javax.security.auth.login.LoginException;
              import javax.servlet.Filter;
              import javax.servlet.FilterChain;
              import javax.servlet.FilterConfig;
              import javax.servlet.ServletException;
              import javax.servlet.ServletRequest;
              import javax.servlet.ServletResponse;
              import javax.servlet.http.HttpServletRequest;
              import javax.servlet.http.HttpServletResponse;
              import javax.servlet.http.HttpServlet;
              import javax.servlet.http.HttpSession;
              
              import java.io.IOException;
              
              public class Dispatcher extends HttpServlet {
              
               /** The WLS security class. Indicates if WLS security is used. */
               private Class wlsSec = null;
              
               /** The context used for the login and logout operations */
               private LoginContext loginContext;
               private static final org.apache.commons.logging.Log logger
               = org.apache.commons.logging.LogFactory.getLog
               (Dispatcher.class);
              
               private String applicationPolicy = "client-login";
              
               //Initialize global variables
               public void init() throws ServletException {
               }
              
               //Process the HTTP Get request
               public void doGet(HttpServletRequest request, HttpServletResponse response) throws
               ServletException, IOException {
               doPost( request, response );
               }
              
               //Process the HTTP Post request
               public void doPost(HttpServletRequest request, HttpServletResponse response) throws
               ServletException, IOException {
              
               String username = request.getParameter( "username" );
               String password = request.getParameter( "password" );
               System.out.println( "Tento login con username: ["+ username+ "] e password: ["+password+"]" + " Il principal è nullo? "+ ( request.getUserPrincipal() ) );
               request.getRequestDispatcher( "/processDef.jsp" ).forward( request, response );
               //response.sendRedirect( "processDef.jsp" );
              
               }
              
               //Clean up resources
               public void destroy() {
               }
              }


              While my filter code is:

              import java.io.IOException;
              
              import java.util.Set;
              import java.util.Iterator;
              import java.util.Enumeration;
              
              import java.lang.reflect.InvocationTargetException;
              import java.lang.reflect.Method;
              
              import java.security.PrivilegedAction;
              import java.security.PrivilegedActionException;
              import java.security.PrivilegedExceptionAction;
              import java.security.Principal;
              
              
              import javax.security.auth.Subject;
              import javax.security.auth.callback.Callback;
              import javax.security.auth.callback.CallbackHandler;
              import javax.security.auth.callback.NameCallback;
              import javax.security.auth.callback.PasswordCallback;
              import javax.security.auth.callback.TextOutputCallback;
              import javax.security.auth.callback.UnsupportedCallbackException;
              import javax.security.auth.login.LoginContext;
              import javax.security.auth.login.LoginException;
              
              import javax.servlet.Filter;
              import javax.servlet.FilterChain;
              import javax.servlet.FilterConfig;
              import javax.servlet.ServletException;
              import javax.servlet.ServletRequest;
              import javax.servlet.ServletResponse;
              import javax.servlet.http.HttpServletRequest;
              
              import org.jboss.security.SimplePrincipal;
              
              import de.danet.an.workflow.api.WorkflowServiceFactory;
              import de.danet.an.workflow.api.WorkflowService;
              
              public class LoginFilter implements Filter {
              
               private String applicationPolicy = null;
               private static final org.apache.commons.logging.Log logger
               = org.apache.commons.logging.LogFactory.getLog
               (LoginFilter.class);
              
               /**
               * Simple login context for authentication.
               */
               private static class LoginFilterLoginContext extends LoginContext {
              
               private static class CBH implements CallbackHandler {
               private String userName = null;
               private String password = null;
              
               public CBH(String userName, String password) {
               this.userName = userName;
               this.password = password;
               }
              
               public void handle(Callback[] callbacks) throws
               UnsupportedCallbackException, IOException {
              
               for (int i = 0; i < callbacks.length; i++) {
               if (callbacks instanceof TextOutputCallback) {
               // display the message according to the specified type
               TextOutputCallback toc
               = (TextOutputCallback) callbacks;
               switch (toc.getMessageType()) {
               case TextOutputCallback.INFORMATION:
               System.err.println(toc.getMessage());
               break;
               case TextOutputCallback.ERROR:
               System.err.println("ERROR: " + toc.getMessage());
               break;
               case TextOutputCallback.WARNING:
               System.err.println("WARNING: " + toc.getMessage());
               break;
               default:
               throw new IOException
               ("Unsupported message type: "
               + toc.getMessageType());
               }
               } else if (callbacks instanceof NameCallback) {
               // prompt the user for a username
               NameCallback nc = (NameCallback) callbacks;
               nc.setName(userName);
               } else if (callbacks instanceof PasswordCallback) {
               // prompt the user for sensitive information
               PasswordCallback pc = (PasswordCallback) callbacks;
               pc.setPassword(password.toCharArray());
               } else if (callbacks.getClass().getName().equals
               ("weblogic.security.auth.callback.URLCallback")) {
               } else {
               throw new UnsupportedCallbackException
               (callbacks, "Unrecognized Callback \""
               + callbacks.getClass().getName() + "\"");
               }
               }
               }
               }
              
              
               public LoginFilterLoginContext
               (String applicationPolicy, String userName, String password) throws
               LoginException {
               super(applicationPolicy, new CBH(userName, password));
               }
               }
              
              
               /** The WLS security class. Indicates if WLS security is used. */
               private Class wlsSec = null;
              
               /** The context used for the login and logout operations */
               private LoginContext loginContext;
              
               /**
               * Initialize the filter.
               *
               * @param filterConfig the filter configuration information
               * @throws ServletException if the login context cannot be created
               */
               public void init(FilterConfig filterConfig) throws ServletException {
               // first, find out if we have WLS security
               try {
               wlsSec = Thread.currentThread().getContextClassLoader()
               .loadClass("weblogic.security.Security");
               } catch (ClassNotFoundException e) {
               // OK, not WLS client
               logger.debug("No WLS security class, not using WLS security");
               }
              
               // now get the parameters
               applicationPolicy
               = filterConfig.getInitParameter("ApplicationPolicy");
               if (applicationPolicy == null) {
               applicationPolicy = "client-login";
               }
               }
              
               /**
               * Do nothing.
               */
               public void destroy() {}
              
               /**
               * Perform a login, call the next filter on the filter chain and
               * perform a logout.
               *
               * @param request the request
               * @param response the response
               * @param chain the filter chain
               * @throws IOException IOException
               * @throws ServletException ServletException
               */
               public void doFilter
               (ServletRequest request, ServletResponse response,
               FilterChain chain) throws IOException, ServletException {
              
               HttpServletRequest req = ((HttpServletRequest) (request));
               String userName = req.getParameter("username");
               String password = req.getParameter("password");
               if (logger.isDebugEnabled()) {
               logger.debug("Configured to use application policy \""
               + applicationPolicy + "\", user name \""
               + userName + "\" and "
               + (password == null ? " no password."
               : "a (non-disclosed) password."));
               }
               System.out.println("Username: " + userName + " password: " + password +
               " applicationPolicy: " + applicationPolicy);
               // finally, create login context
               try {
               loginContext = new LoginFilterLoginContext
               (applicationPolicy, userName, password);
               } catch (LoginException e) {
               throw new ServletException
               ("Cannot create LoginContext: " + e.getMessage(), e);
               }
               try {
               loginContext.login();
               System.out.println("Login in LoginFilter ok");
               Subject subject = loginContext.getSubject();
               Set principals = subject.getPrincipals();
               Principal princ = null;
               for (Iterator prinIter = principals.iterator(); prinIter.hasNext(); ) {
              
               princ = ((Principal) (prinIter.next()));
               System.out.println(" Nome principal in LoginFilter: " +
               princ.getName() + " ed è in ruolo? " +
               req.isUserInRole("StaffManagementRole_0"));
               }
               } catch (LoginException e) {
               throw new ServletException("Cannot login: " + e.getMessage(), e);
               }
               try {
               if (wlsSec != null) {
               // Use WLS security. Use reflection to avoid code
               // dependency on WLS
               try {
               Class[] ats = new Class[] {Subject.class, PrivilegedAction.class};
               Method m = wlsSec.getMethod("runAs", ats);
               final FilterChain chainArg = chain;
               final ServletRequest reqArg = request;
               final ServletResponse resArg = response;
               Object[] args = new Object[] {
               loginContext.getSubject(),
               new PrivilegedExceptionAction() {
               public Object run() throws Exception {
               chainArg.doFilter(reqArg, resArg);
               return null;
               }
               }
               } ;
               m.invoke(null, args);
               } catch (NoSuchMethodException e) {
               logger.error(e.getMessage(), e);
               throw new IllegalStateException(e.getMessage());
               } catch (SecurityException e) {
               logger.error(e.getMessage(), e);
               throw new IllegalStateException(e.getMessage());
               } catch (IllegalAccessException e) {
               logger.error(e.getMessage(), e);
               throw new IllegalStateException(e.getMessage());
               } catch (InvocationTargetException e) {
               if (e.getTargetException()
               instanceof PrivilegedActionException) {
               PrivilegedActionException pe
               = (PrivilegedActionException) e.
               getTargetException();
               if (pe.getException() instanceof IOException) {
               throw (IOException) pe.getException();
               }
               if (pe.getException() instanceof ServletException) {
               throw (ServletException) pe.getException();
               }
               }
               logger.error(e.getMessage(), e);
               throw new IllegalStateException(e.getMessage());
               }
               } else {
               // Use JBoss security.
               chain.doFilter(request, response);
               }
               } finally {
               try {
               loginContext.logout();
               } catch (LoginException e) {
               throw new ServletException
               ("Cannot logout: " + e.getMessage(), e);
               }
               }
               }
               }


              Well i have noted that after the filter the servlet is called and this is good, but the principal in the servlet is null; infact my stack error trace is:

              17:54:50,801 INFO [STDOUT] Username: ML password: ML applicationPolicy: danetworkflow-ia
              17:54:50,841 INFO [STDOUT] Login in LoginFilter ok
              17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: ML ed è in ruolo? false
              17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: CallerPrincipal ed è in ruolo? false
              17:54:50,841 INFO [STDOUT] Nome principal in LoginFilter: Roles ed è in ruolo? false
              17:54:50,841 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il principal è nullo? null
              17:54:50,951 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
              17:54:50,951 ERROR [LogInterceptor] EJBException, causedBy:
              java.lang.SecurityException: Insufficient method permissions, principal=null, method=create, interface=HOME, requiredRoles=[StaffManagementRole_0], principalRoles=null
              at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
              at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:83)
              at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
              at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
              at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
              at org.jboss.ejb.Container.invoke(Container.java:743)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
              at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
              at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
              at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
              at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
              at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
              at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
              at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
              at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
              at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
              at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
              at $Proxy233.create(Unknown Source)
              .
              .
              .
              .
              .


              I'm not able to understand why this happens.... can anybody show the right way in order to avoid this error? I have configured all the files named in the jaas how to.... bye

              • 4. Re: Principal=null.... please help me
                craig1980

                Hi all....again this error i'm becoming crazy... if i use a "client-login" module, i can log, the servlet works and i can call the EJB that shows to me all the processes; now if i want to start a process i click on the link, but again i have the exception principal=null; i post the full stack trace:

                10:00:49,841 INFO [STDOUT] Username: ML password: ML applicationPolicy: client-login
                10:00:49,851 INFO [STDOUT] Login in LoginFilter ok
                10:00:49,851 INFO [STDOUT] ML
                10:00:49,851 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il principal è nullo? null
                10:00:50,011 INFO [STDOUT] Setto interr in sessione
                10:00:50,011 INFO [STDOUT] Interr settato
                10:00:52,825 ERROR [SecurityInterceptor] Insufficient method permissions, principal=null, method=processDefinitionDirectory, interface=REMOTE, requiredRoles=[StaffManagementRole_0], principalRoles=null
                10:00:52,825 ERROR [LogInterceptor] EJBException, causedBy:
                java.lang.SecurityException: Insufficient method permissions, principal=null, method=processDefinitionDirectory, interface=REMOTE, requiredRoles=[StaffManagementRole_0], principalRoles=null
                at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:229)
                at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:109)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
                at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331)
                at org.jboss.ejb.Container.invoke(Container.java:723)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
                at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
                at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
                at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
                at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
                at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:100)
                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
                at $Proxy117.processDefinitionDirectory(Unknown Source)
                at de.danet.an.workflow.ejbs.client.StandardWorkflowService.processDefinitionDirectory(StandardWorkflowService.java:433)
                at it.eng.nikko.demo.wf.WorkflowInteraction.startProcess(WorkflowInteraction.java:35)
                at org.apache.jsp.startProcess_jsp._jspService(startProcess_jsp.java:53)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
                at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
                at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
                at java.lang.Thread.run(Thread.java:534)
                10:00:52,915 ERROR [Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
                java.rmi.ServerException: EJBException:; nested exception is:
                javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                Insufficient method permissions, principal=null, method=processDefinitionDirectory, interface=REMOTE, requiredRoles=[StaffManagementRole_0], principalRoles=null
                at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:347)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:195)
                at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:122)
                at org.jboss.ejb.StatelessSessionContainer.internalInvoke(StatelessSessionContainer.java:331)
                at org.jboss.ejb.Container.invoke(Container.java:723)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:61)
                at org.jboss.mx.server.Invocation.dispatch(Invocation.java:53)
                at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:185)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
                at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
                at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
                at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
                at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:53)
                at org.jboss.proxy.ejb.StatelessSessionInterceptor.invoke(StatelessSessionInterceptor.java:100)
                at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
                at $Proxy117.processDefinitionDirectory(Unknown Source)
                at de.danet.an.workflow.ejbs.client.StandardWorkflowService.processDefinitionDirectory(StandardWorkflowService.java:433)
                at it.eng.nikko.demo.wf.WorkflowInteraction.startProcess(WorkflowInteraction.java:35)
                at org.apache.jsp.startProcess_jsp._jspService(startProcess_jsp.java:53)
                at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
                at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
                at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
                at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
                at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
                at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:72)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.invoke(JBossSecurityMgrRealm.java:275)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:462)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
                at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
                at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
                at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
                at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
                at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
                at java.lang.Thread.run(Thread.java:534)
                Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                Insufficient method permissions, principal=null, method=processDefinitionDirectory, interface=REMOTE, requiredRoles=[StaffManagementRole_0], principalRoles=null
                at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:230)
                at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:109)
                at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:191)
                ... 59 more


                Well, when i log all is ok; infact i have this message:
                10:00:49,841 INFO [STDOUT] Username: ML password: ML applicationPolicy: client-login
                10:00:49,851 INFO [STDOUT] Login in LoginFilter ok
                10:00:49,851 INFO [STDOUT] ML
                10:00:49,851 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il principal è nullo? null

                But as you can see when i go to the servlet from the filter, the principal is null:

                10:00:49,851 INFO [STDOUT] Tento login con username: [ML] e password: [ML] Il principal è nullo? null


                Well, the processDefinitions.jsp page can call the EJB, but if i click on a link and i want to go to the processStart.jsp page, i have the error principal=null..... why does this happen? How can i solve it?

                • 5. Re: Principal=null.... please help me
                  gbrigand

                  Did you add a jboss.xml for your EJBs with a security domain entry ?
                  If not, JBoss won't know which Security Manager to instantiate for authenticating and authorizing the EJB invocation.

                  Your jboss.xml file should look something like this :

                  <?xml version="1.0" encoding="UTF-8"?>

                  <!DOCTYPE jboss PUBLIC
                  "-//JBoss//DTD JBOSS 3.0//EN"
                  "http://www.jboss.org/j2ee/dtd/jboss_3_0.dtd">


                  <security-domain>java:/jaas/danetworkflow</security-domain>

                  <enterprise-beans>

                  <ejb-name>...</ejb-name>

                  </enterprise-beans>

                  • 6. Re: Principal=null.... please help me
                    craig1980

                    Hi gbrigand; first of all thanks for your answer. I have this jboss-web.xml in my web-app:

                    <?xml version="1.0" encoding="UTF-8"?>
                    <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
                    <jboss-web>
                    <security-domain>java:/jaas/danetworkflow</security-domain> <context-root>demo</context-root>
                    <ejb-ref>
                    <ejb-ref-name>ejb/Engine</ejb-ref-name>
                    <jndi-name>jnp://localhost:1099/WorkflowEngine</jndi-name>
                    </ejb-ref>
                    </jboss-web>


                    my web.xml is:

                    <?xml version="1.0" encoding="UTF-8"?>
                    <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd">
                    <web-app>
                    <display-name>Demo Engineering</display-name>
                    <description>Semplice demo per l'utilizzo di wfmOpen per Engineering Ingegneria Informatica</description>
                    <filter>
                    <filter-name>LoginFilter</filter-name>
                    <filter-class>it.eng.nikko.demo.web.login.LoginFilter</filter-class>
                    <init-param>
                    <param-name>ApplicationPolicy</param-name>
                    <param-value>client-login</param-value>
                    </init-param>
                    </filter>
                    <filter-mapping>
                    <filter-name>LoginFilter</filter-name>
                    <servlet-name>dispatcher</servlet-name>
                    </filter-mapping>
                    <servlet>
                    <servlet-name>dispatcher</servlet-name>
                    <servlet-class>it.eng.nikko.demo.web.login.Dispatcher</servlet-class>
                    </servlet>
                    <servlet-mapping>
                    <servlet-name>dispatcher</servlet-name>
                    <url-pattern>/dispatcher</url-pattern>
                    </servlet-mapping>
                    <security-constraint>
                    <display-name>Restricted</display-name>
                    <web-resource-collection>
                    <web-resource-name>Restricted</web-resource-name>
                    <url-pattern>/*</url-pattern>
                    <http-method>DELETE</http-method>
                    <http-method>HEAD</http-method>
                    <http-method>GET</http-method>
                    <http-method>POST</http-method>
                    <http-method>PUT</http-method>
                    </web-resource-collection>
                    <auth-constraint>
                    <role-name>StaffManagementUser</role-name>
                    </auth-constraint>
                    </security-constraint>
                    <login-config>
                    <auth-method>FORM</auth-method>
                    <form-login-config>
                    <form-login-page>/login.jsp</form-login-page>
                    <form-error-page>/error.html</form-error-page>
                    </form-login-config>
                    </login-config>
                    <security-role>
                    <description>Default</description>
                    <role-name>StaffManagementUser</role-name>
                    </security-role>
                    <ejb-ref>
                    <description>Mi riferisco al workflow EJB</description>
                    <ejb-ref-name>ejb/Engine</ejb-ref-name>
                    <ejb-ref-type>Session</ejb-ref-type>
                    <home>de.danet.an.workflow.ejbs.WorkflowEngineHome</home>
                    <remote>de.danet.an.workflow.ejbs.WorkflowEngine</remote>
                    <ejb-link>Engine</ejb-link>
                    </ejb-ref>
                    </web-app>


                    All the EJB i want to use have a similar jboss.xml:
                    <jboss>

                    <security-domain>java:/jaas/danetworkflow</security-domain>

                    <enterprise-beans>

                    <!--
                    To add beans that you have deployment descriptor info for, add
                    a file to your XDoclet merge directory called jboss-beans.xml that contains
                    the <session></session>, <entity></entity> and <message-driven></message-driven>
                    markup for those beans.
                    -->

                    <entity>
                    <ejb-name>StaffMemberBean</ejb-name>
                    <jndi-name>StaffMemberBean</jndi-name>

                    </entity>
                    <entity>
                    <ejb-name>StaffGroupBean</ejb-name>
                    <jndi-name>StaffGroupBean</jndi-name>

                    </entity>

                    <session>
                    <ejb-name>StaffDirectory</ejb-name>
                    <jndi-name>de.danet.an.workflow.StaffDirectory</jndi-name>

                    </session>

                    </enterprise-beans>

                    <resource-managers>
                    <resource-manager res-class="org.jboss.ejb.deployment.JDBCResource">
                    <res-name>jdbc/StaffMgmt</res-name>
                    <res-jndi-name>java:/DefaultDS</res-jndi-name>
                    </resource-manager>
                    </resource-managers>

                    </jboss>


                    As you can see the security-domain are equals..... i'm becoming crazy to solve this error.... have you any ideas?
                    Thanks again...

                    • 7. Re: Principal=null.... please help me
                      gbrigand

                      Ok, could be that the LoginModule de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule you are using is not building an authenticated Subject the way JBoss is expecting it.

                      I'd suggest you to change the debug level of the org.jboss.security.auth.spi package to TRACE. With this you will be able to see more details about whats happening in the Login Module. Would be usefull if you make a followup with it.

                      Another thing:
                      In your web tier if you do a 'request.getUserPrincipal()' what is the result ?
                      Do you get 'null' or a valid Principal ?
                      If you get 'null' here don't expect the Security Manager in your EJB tier, to know which is the username to be used when invoking the login module.

                      Regards.
                      Gianluca.

                      • 8. Re: Principal=null.... please help me
                        craig1980

                        HI; one question... are you italian o do you speak italian? If so the next time we can speack into italian because my english is tooo poor.
                        Well... when i log by calling 'request.getUserPrincipal() the first time i have ML; then the de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule creates a right Princiapl and i go to the Servlet, when i arrive to the servlet i have this principal

                        Tento login con username: [ML] e password: [ML] Il principal è nullo? null


                        As you can see even if username and password are what i have inserted.... the Principal is null and i don't know why; moreover:

                        I'd suggest you to change the debug level of the org.jboss.security.auth.spi package to TRACE. With this you will be able to see more details about whats happening in the Login Module. Would be usefull if you make a followup with it.


                        How can i do this? I'm newbie in JBoss. Thanks for your help..

                        • 9. Re: Principal=null.... please help me
                          gbrigand

                          Add the following to your $JBOSS_HOME/server/default/conf/log4j.xml file :

                           <appender name="SECURITYLOG" class="org.apache.log4j.FileAppender">
                           <param name="File" value="${jboss.server.home.dir}/log/security.log"/>
                           <param name="Append" value="false"/>
                          
                           <layout class="org.apache.log4j.PatternLayout">
                           <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
                           </layout>
                           </appender>
                          
                           <category name="org.jboss.security.auth">
                           <priority value="TRACE" class="org.jboss.logging.XLevel"/>
                           <appender-ref ref="SECURITYLOG"/>
                           </category>
                          


                          This will log in a file called security.log trace messages for the org.jboss.security.auth package.






                          • 10. Re: Principal=null.... please help me
                            craig1980

                            Hi; i have added the log4j for the security; this is mi security.log content:

                            2004-10-29 09:58:43,624,DEBUG,[main],[org.jboss.security.auth.login.XMLLoginConfig],Creating jboss.security:service=XMLLoginConfig
                            2004-10-29 09:58:43,624,DEBUG,[main],[org.jboss.security.auth.login.XMLLoginConfig],Created jboss.security:service=XMLLoginConfig
                            2004-10-29 09:58:43,854,DEBUG,[main],[org.jboss.security.auth.login.XMLLoginConfig],Starting jboss.security:service=XMLLoginConfig
                            2004-10-29 09:58:43,854,DEBUG,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Try loading config as XML, url=file:/C:/jboss-3.2.5/server/default/conf/login-config.xml
                            2004-10-29 09:58:43,874,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=client-login
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=jbossmq
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=HsqlDbRealm
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=FirebirdDBRealm
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=JmsXARealm
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=jmx-console
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=web-console
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=other
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=danetworkflow
                            2004-10-29 09:58:43,884,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],Parsing application-policy=danetworkflow-ia
                            2004-10-29 09:58:43,884,DEBUG,[main],[org.jboss.security.auth.login.XMLLoginConfig],Started jboss.security:service=XMLLoginConfig
                            2004-10-29 09:58:51,956,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(HsqlDbRealm), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.resource.security.ConfiguredIdentityLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=managedConnectionFactoryName, value=jboss.jca:service=LocalTxCM,name=DefaultDS
                            name=password, value=
                            name=userName, value=sa
                            name=principal, value=sa

                            2004-10-29 09:58:58,635,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(jbossmq), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=rolesQuery, value=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
                            name=principalsQuery, value=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
                            name=unauthenticatedIdentity, value=guest
                            name=dsJndiName, value=java:/DefaultDS

                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],initialize
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Saw unauthenticatedIdentity=guest
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],principalsQuery=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],rolesQuery=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],login
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Authenticating as unauthenticatedIdentity=guest
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],User 'guest' authenticated, loginOk=true
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],commit, loginOk=true
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role guest
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role j2ee
                            2004-10-29 09:58:58,645,TRACE,[main],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role john
                            2004-10-29 09:58:58,986,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(client-login), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.ClientLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:
                            2004-10-29 09:58:59,106,TRACE,[main],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(HsqlDbRealm), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.resource.security.ConfiguredIdentityLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=managedConnectionFactoryName, value=jboss.jca:service=LocalTxCM,name=DefaultDS
                            name=password, value=
                            name=userName, value=sa
                            name=principal, value=sa

                            2004-10-29 09:58:59,677,TRACE,[Thread-16],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(danetworkflow), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.auth.spi.ProxyLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=moduleName, value=de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule
                            name=daemonPassword, value=Afaik,tiagp.
                            name=unauthenticatedIdentity, value=nobody
                            name=daemonUsername, value=daemon
                            name=dsJndiName, value=java:/DefaultDS

                            2004-10-29 09:58:59,777,TRACE,[Thread-16],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(JmsXARealm), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.resource.security.ConfiguredIdentityLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=managedConnectionFactoryName, value=jboss.jca:service=TxCM,name=JmsXA
                            name=password, value=guest
                            name=userName, value=guest
                            name=principal, value=guest

                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(jbossmq), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=rolesQuery, value=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
                            name=principalsQuery, value=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
                            name=unauthenticatedIdentity, value=guest
                            name=dsJndiName, value=java:/DefaultDS

                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],initialize
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Saw unauthenticatedIdentity=guest
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],DatabaseServerLoginModule, dsJndiName=java:/DefaultDS
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],principalsQuery=SELECT PASSWD FROM JMS_USERS WHERE USERID=?
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],rolesQuery=SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],login
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],User 'guest' authenticated, loginOk=true
                            2004-10-29 09:58:59,787,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],commit, loginOk=true
                            2004-10-29 09:58:59,797,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role guest
                            2004-10-29 09:58:59,797,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role j2ee
                            2004-10-29 09:58:59,797,TRACE,[Thread-16],[org.jboss.security.auth.spi.DatabaseServerLoginModule],Assign user to role john
                            2004-10-29 09:59:17,342,TRACE,[http-0.0.0.0-8080-Processor21],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(client-login), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.ClientLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:
                            2004-10-29 09:59:18,314,TRACE,[http-0.0.0.0-8080-Processor21],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(danetworkflow), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.auth.spi.ProxyLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=moduleName, value=de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule
                            name=daemonPassword, value=Afaik,tiagp.
                            name=unauthenticatedIdentity, value=nobody
                            name=daemonUsername, value=daemon
                            name=dsJndiName, value=java:/DefaultDS

                            2004-10-29 09:59:18,314,TRACE,[http-0.0.0.0-8080-Processor21],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(HsqlDbRealm), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.resource.security.ConfiguredIdentityLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=managedConnectionFactoryName, value=jboss.jca:service=LocalTxCM,name=DefaultDS
                            name=password, value=
                            name=userName, value=sa
                            name=principal, value=sa

                            2004-10-29 09:59:22,209,TRACE,[http-0.0.0.0-8080-Processor21],[org.jboss.security.auth.login.XMLLoginConfigImpl],getAppConfigurationEntry(danetworkflow), authInfo=AppConfigurationEntry[]:
                            [0]
                            LoginModule Class: org.jboss.security.auth.spi.ProxyLoginModule
                            ControlFlag: LoginModuleControlFlag: required
                            Options:name=moduleName, value=de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule
                            name=daemonPassword, value=Afaik,tiagp.
                            name=unauthenticatedIdentity, value=nobody
                            name=daemonUsername, value=daemon
                            name=dsJndiName, value=java:/DefaultDS


                            and this is my login-config.xml:

                            <?xml version='1.0'?>
                            <!DOCTYPE policy PUBLIC
                            "-//JBoss//DTD JBOSS Security Config 3.0//EN"
                            "http://www.jboss.org/j2ee/dtd/security_config.dtd">

                            <!-- The XML based JAAS login configuration read by the
                            org.jboss.security.auth.login.XMLLoginConfig mbean. Add
                            an application-policy element for each security domain.

                            The outline of the application-policy is:
                            <application-policy name="security-domain-name">
                            <authentication>
                            <login-module code="login.module1.class.name" flag="control_flag">
                            <module-option name = "option1-name">option1-value</module-option>
                            <module-option name = "option2-name">option2-value</module-option>
                            ...
                            </login-module>

                            <login-module code="login.module2.class.name" flag="control_flag">
                            ...
                            </login-module>
                            ...
                            </authentication>
                            </application-policy>

                            $Revision: 1.6.2.5 $
                            -->

                            <policy>
                            <!-- Used by clients within the application server VM such as
                            mbeans and servlets that access EJBs.
                            -->
                            <application-policy name = "client-login">
                            <authentication>
                            <login-module code = "org.jboss.security.ClientLoginModule"
                            flag = "required">
                            </login-module>
                            </authentication>
                            </application-policy>

                            <!-- Security domain for JBossMQ -->
                            <application-policy name = "jbossmq">
                            <authentication>
                            <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
                            flag = "required">
                            <module-option name = "unauthenticatedIdentity">guest</module-option>
                            <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                            <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
                            <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <!-- Security domains for testing new jca framework -->
                            <application-policy name = "HsqlDbRealm">
                            <authentication>
                            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                            flag = "required">
                            <module-option name = "principal">sa</module-option>
                            <module-option name = "userName">sa</module-option>
                            <module-option name = "password"></module-option>
                            <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <application-policy name = "FirebirdDBRealm">
                            <authentication>
                            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                            flag = "required">
                            <module-option name = "principal">sysdba</module-option>
                            <module-option name = "userName">sysdba</module-option>
                            <module-option name = "password">masterkey</module-option>
                            <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <application-policy name = "JmsXARealm">
                            <authentication>
                            <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
                            flag = "required">
                            <module-option name = "principal">guest</module-option>
                            <module-option name = "userName">guest</module-option>
                            <module-option name = "password">guest</module-option>
                            <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <!-- A template configuration for the jmx-console web application. This
                            defaults to the UsersRolesLoginModule the same as other and should be
                            changed to a stronger authentication mechanism as required.
                            -->
                            <application-policy name = "jmx-console">
                            <authentication>
                            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                            flag = "required">
                            <module-option name="usersProperties">jmx-console-users.properties</module-option>
                            <module-option name="rolesProperties">jmx-console-roles.properties</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <!-- A template configuration for the web-console web application. This
                            defaults to the UsersRolesLoginModule the same as other and should be
                            changed to a stronger authentication mechanism as required.
                            -->
                            <application-policy name = "web-console">
                            <authentication>
                            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                            flag = "required" />
                            </authentication>
                            </application-policy>

                            <!-- The default login configuration used by any security domain that
                            does not have a application-policy entry with a matching name
                            -->
                            <application-policy name = "other">
                            <!-- A simple server login module, which can be used when the number
                            of users is relatively small. It uses two properties files:
                            users.properties, which holds users (key) and their password (value).
                            roles.properties, which holds users (key) and a comma-separated list of
                            their roles (value).
                            The unauthenticatedIdentity property defines the name of the principal
                            that will be used when a null username and password are presented as is
                            the case for an unuathenticated web client or MDB. If you want to
                            allow such users to be authenticated add the property, e.g.,
                            unauthenticatedIdentity="nobody"
                            -->
                            <authentication>
                            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
                            flag = "required" />
                            </authentication>
                            </application-policy>


                            <!-- Contenuto del file del workflow:C:\WfmcOpen\wfmopen bin\wfmopen-1.2rc1\lib\login-config.xml.insert -->

                            <!-- Bind workflow security domain to staffmgmt authentication -->
                            <application-policy name = "danetworkflow">
                            <authentication>
                            <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
                            flag = "required">
                            <module-option name = "moduleName">de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule</module-option>
                            <module-option name = "unauthenticatedIdentity">nobody</module-option>
                            <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                            <module-option name = "daemonUsername">daemon</module-option>
                            <module-option name = "daemonPassword">Afaik,tiagp.</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>
                            <!-- Bind workflow security domain to staffmgmt authentication -->
                            <application-policy name = "danetworkflow-ia">
                            <authentication>
                            <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
                            flag = "required">
                            <module-option name = "moduleName">de.danet.an.staffmgmt.jbossx.StaffMemberLoginModule</module-option>
                            <module-option name = "dsJndiName">java:/DefaultDS</module-option>
                            <module-option name = "Principal">StaffManagementRole_0</module-option>
                            </login-module>
                            </authentication>
                            </application-policy>

                            <!-- Fine contenuto -->

                            </policy>


                            As you can see i have added only the last two application-policy; i think the problem borns from here... but i don't know why. Any ideas?


                            • 11. Re: Principal=null.... please help me
                              craig1980

                              Moreover.... but must my login.jsp page action be j_security_check? Can i use filter?; my login.jsp page is:

                              <html>
                              <head>
                              <title>login</title>
                              </head>
                              <body bgcolor="#ffffff">
                              <form method="post" action="dispatcher">
                              <table>
                               <tr>
                               <td>
                               <p>Username:</p>
                               </td>
                               <td>
                               <input type="text" name="username"/>
                               </td>
                               </tr>
                               <tr>
                               <td>
                               <p>Password:</p>
                               </td>
                               <td>
                               <input type="text" name="password"/>
                               </td>
                               </tr>
                              </table>
                              <br>
                              <br>
                              <input type="submit" name="Submit" value="Submit">
                              <input type="reset" value="Reset">
                              </form>
                              </body>
                              </html>


                              If i change it in:

                              <html>
                              <head>
                              <title>login</title>
                              </head>
                              <body bgcolor="#ffffff">
                              <form method="post" action='<%= response.encodeURL( "j_security_check" ) %>'>
                              <table>
                               <tr>
                               <td>
                               <p>Username:</p>
                               </td>
                               <td>
                               <input type="text" name="j_username"/>
                               </td>
                               </tr>
                               <tr>
                               <td>
                               <p>Password:</p>
                               </td>
                               <td>
                               <input type="text" name="j_password"/>
                               </td>
                               </tr>
                              </table>
                              <br>
                              <br>
                              <input type="submit" name="Submit" value="Submit">
                              <input type="reset" value="Reset">
                              </form>
                              </body>
                              </html>


                              But i have this erro when i click on the submit:
                              HTTP Status 400 - Invalid direct reference to form login page

                              --------------------------------------------------------------------------------

                              type Status report

                              message Invalid direct reference to form login page

                              description The request sent by the client was syntactically incorrect (Invalid direct reference to form login page).


                              --------------------------------------------------------------------------------

                              Apache Tomcat/5.0.26


                              My God... is it really so difficult to handle JAAS in JBoss?

                              • 12. Re: Principal=null.... please help me
                                craig1980

                                Another thing (by hoping that someone answers to me)... if i insert this url patterns: /*... when i do the login with the login.jsp page, i remain always in this page and i have non message form the console; instead if i don't put this URL, at least the first called to the EJB i can do.... when i call it a second time , i have the error prinsipal = null (if i do request.getUserPrincipal() ); instead if i do SecurityAssociation.getPrincipal, i have ML..... is it normal?

                                • 13. Re: Principal=null.... please help me
                                  gbrigand

                                  From the log you are posting, seems like the StaffMemberLoginModule is not being executed by the org.jboss.security.auth.spi.ProxyLoginModule.
                                  You should see traces at least like the following :

                                  [org.jboss.security.auth.spi.AbstractServerLoginModule] initialize
                                  [org.jboss.security.auth.spi.AbstractServerLoginModule] login

                                  Is the StaffMemberLoginModule class in your classpath ?


                                  • 14. Re: Principal=null.... please help me
                                    craig1980

                                    Hi; thanks again; yes.. this class is in my classpath because the first time i do the login even if the principal is ML, by using this class i can have StaffManagementRole_0.... i can see the first page that uses the EJB and the EJB is called with no problem; then i have some href that go to another page where the EJB is called... but here the principal is null and i have the exception... i don't understand why.

                                    1 2 Previous Next