request.getUserPrincipal() returns org.jboss.security.Simple
For reference, I posted about this on the JCA forum here:
http://www.jboss.org/?module=bb&op=viewtopic&t=56269
And bug report #1067726, here:
http://sourceforge.net/tracker/?group_id=22866&atid=376685&func=detail&aid=1067726
Adrian Brock suggested I post my config and a trace log on this list.
I'm using jboss v3.2.6, and I'm using the SimpleServerLoginModule to login a web application. I'm then using the CallerIdentityLoginModule to pass the same credentials on to a JCA connection. The CallerIdentityLoginModule throws a
SecurityException when it tries to get the login information from a web application to resuse with a JCA connection.
The real exception is a ClassCastException, but the
CallerIdentityLoginModule is catching it and rethrowing
SecurityException on line 137. The ClassCastException is here on line 122:
password = (char[]) o; // o is really a String
My web.xml has:
<security-role>
<role-name>user</role-name>
</security-role>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Myecaddy Realm</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>myecaddy</web-resource-name>
<url-pattern>/protected/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
<user-data-constraint>
Encryption is not required for the application in general.
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
My jboss-web.xml has:
<jboss-web>
<security-domain>java:/jaas/myecaddyRealm</security-domain>
</jboss-web>
My *-ds.xml has:
<tx-connection-factory>
<jndi-name>WebDAV-Connector</jndi-name>
<xa-transaction/>
<adapter-display-name>WebDAV-Connector</adapter-display-name>
<config-property name="ConnectionURL" type="java.lang.String">http://localhost:8080/webdav</config-property>
<config-property name="UserName" type="java.lang.String">root</config-property>
<config-property name="Password" type="java.lang.String">root</config-property>
<config-property name="Timeout" type="java.lang.Integer">10</config-property>
<security-domain>webdavRealm</security-domain>
</tx-connection-factory>
My login config has:
<application-policy name="myecaddyRealm">
<login-module code="org.jboss.security.auth.spi.SimpleServerLoginModule"
flag="required" />
</application-policy>
<application-policy name = "webdavRealm">
<login-module code = "org.jboss.resource.security.CallerIdentityLoginModule" flag = "required">
<module-option name = "userName">root</module-option>
<module-option name = "password">root</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=WebDAV-Connector</module-option>
</login-module>
</application-policy>
The trace log with the SecurityException:
2004-11-19 15:36:45,998 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@16c1227
2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManager.myecaddyRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@1be20c
2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@1be20c
2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added myecaddyRealm, org.jboss.security.plugins.SecurityDomainContext@959fa1 to map
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(myecaddyRealm), size=6
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(myecaddyRealm), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.SimpleServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] initialize
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] login
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] User 'root' authenticated, loginOk=true
2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] commit, loginOk=true
2004-11-19 15:36:46,029 TRACE [org.jboss.security.plugins.JaasSecurityManager.myecaddyRealm] updateCache, subject=Subject:
Principal: root
Principal: Roles(members:user,guest)
2004-11-19 15:36:52,841 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(webdavRealm), size=6
2004-11-19 15:36:52,841 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(webdavRealm), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.resource.security.CallerIdentityLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=managedConnectionFactoryName, value=jboss.jca:service=TxCM,name=WebDAV-Connector
name=password, value=root
name=userName, value=root
2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] initialize
2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.AbstractPasswordCredentialLoginModule] mcfname: jboss.jca:service=TxCM,name=WebDAV-Connector
2004-11-19 15:36:52,857 DEBUG [org.jboss.resource.security.CallerIdentityLoginModule] got default principal: root, username: root, password: ****
2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] Caller Association login called
2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] abort
2004-11-19 15:36:52,857 TRACE [org.jboss.security.plugins.JaasSecurityManager.webdavRealm] Login failure
javax.security.auth.login.LoginException: Unable to get the calling principal or its credentials for resource association
at org.jboss.resource.security.CallerIdentityLoginModule.login(CallerIdentityLoginModule.java:137)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:480)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:431)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:664)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
at org.apache.webdav.connector.WebDAVConnectionFactory.getConnection(WebDAVConnectionFactory.java:56)
at org.apache.jsp.protected_.davtest_jsp._jspService(davtest_jsp.java:66)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
2004-11-19 15:36:52,873 ERROR [org.jboss.web.localhost.Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
java.lang.SecurityException: Invalid authentication attempt, principal=root
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:666)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
at org.apache.webdav.connector.WebDAVConnectionFactory.getConnection(WebDAVConnectionFactory.java:56)
at org.apache.jsp.protected_.davtest_jsp._jspService(davtest_jsp.java:66)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
