2 Replies Latest reply on Jan 15, 2005 7:46 PM by redbeard15

Bad password for user 'caller_java' in JaasHowto

redbeard15 Jan 15, 2005 12:10 AM

I'm running the following system:

Linux Fedora FC/3 (kernel 2.6.9)
JBoss 3.2.6

I downloaded the 'jaashowto' example and tried to run it. I could start the application and display the index.html, but when tried to access the first link
('Invoke PublicSession.echo() as java, echoman'), I received the following traceback:

javax.servlet.ServletException: Failed to call SecuredEJB.echo
 org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:187)
 .
 .
root cause

java.rmi.AccessException: SecurityException; nested exception is:
 java.lang.SecurityException: Authentication exception, principal=caller_java

I restarted JBoss with DEBUG enabled in the 'log4j.conf' file and found more details when I tried to run the test. Note I added some debug statements to the EJBServlet.java and session beans. Note the 'UserPrincipal=caller_java' in the EJBServlet:

 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo
 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=caller_java
 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB
 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=caller_java
 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=caller_java

'Bad password for username=caller_java'?
I could get the example to work if (and only if) I changed the 'roles.properties' file by removing the following two lines:

java.CallerPrincipal=caller_java
duke.CallerPrincipal=caller_duke

In that case, I see the following debug statments in the server.log. Note the 'UserPrincipal=java' in the EJBServlet:

 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo
 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=java
 DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB
 DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] ejbCreate() called
 DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] echo(), arg=Hello

Why would the security mechanism be handed the 'caller_java' username and then try to authenticate it by verifying its password? I didn't change any other files in the example (other than to add debug statements to the code.

Hmmmm.

1. Re: Bad password for user 'caller_java' in JaasHowto

starksm64 Jan 15, 2005 6:03 PM (in response to redbeard15)

Its a bug that shows up when using the caller principal mapping that was fixed in the 3.2.7RC1 release.
Actions
2. Re: Bad password for user 'caller_java' in JaasHowto

redbeard15 Jan 15, 2005 7:46 PM (in response to redbeard15)

Ah. Thanks for the (very) quick response. I was pulling my hair out over this one -- and that's tough to do as I don't have much left ;)
Actions

Go to original post