Bad password for user 'caller_java' in JaasHowto
redbeard15 Jan 15, 2005 12:10 AMI'm running the following system:
Linux Fedora FC/3 (kernel 2.6.9)
JBoss 3.2.6
I downloaded the 'jaashowto' example and tried to run it. I could start the application and display the index.html, but when tried to access the first link
('Invoke PublicSession.echo() as java, echoman'), I received the following traceback:
javax.servlet.ServletException: Failed to call SecuredEJB.echo org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:187) . . root cause java.rmi.AccessException: SecurityException; nested exception is: java.lang.SecurityException: Authentication exception, principal=caller_java
I restarted JBoss with DEBUG enabled in the 'log4j.conf' file and found more details when I tried to run the test. Note I added some debug statements to the EJBServlet.java and session beans. Note the 'UserPrincipal=caller_java' in the EJBServlet:
DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=caller_java DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=caller_java ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=caller_java
'Bad password for username=caller_java'?
I could get the example to work if (and only if) I changed the 'roles.properties' file by removing the following two lines:
java.CallerPrincipal=caller_java duke.CallerPrincipal=caller_duke
In that case, I see the following debug statments in the server.log. Note the 'UserPrincipal=java' in the EJBServlet:
DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=java DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] ejbCreate() called DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] echo(), arg=Hello
Why would the security mechanism be handed the 'caller_java' username and then try to authenticate it by verifying its password? I didn't change any other files in the example (other than to add debug statements to the code.
Hmmmm.