1 Reply Latest reply on May 23, 2005 6:02 PM by craig1980

ERROR [JaasSecurityManagerService] Failed to create sec mgr

craig1980 May 23, 2005 5:50 PM

Hi all; i'm using JBoss 3.2.6 on Windows XP sp 2 and SDK 1.4.2_07; i have created a my .ear and i have created a my security-domain; well i have modified the auth.conf file by adding:

eng {
 // jBoss LoginModule
 org.jboss.security.ClientLoginModule required;

 // Put your login modules that need jBoss here
};

Then i have modifed the login-config.xml in this way:

<authentication> <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
 flag = "required"> <module-option name = "moduleName"> </module-option> <module-option name = "unauthenticatedIdentity"> </module-option> <module-option name = "dsJndiName"> </module-option> <module-option name = "daemonUsername"> </module-option> <module-option name = "daemonPassword"> </module-option> </login-module> </authentication> </application-policy> <security-domain> </security-domain> <= 3.2.5 passes login principal
 ps = con.prepareStatement
 ("SELECT PASSWORD FROM STAFFMEMBER WHERE MEMBERID = ?");
 ps.setString(1, un);
 }
 rs = ps.executeQuery();
 if(rs.next()) {
 return rs.getString(1).equals (inputPassword);
 }
 } catch(NamingException ex) {
 ex.printStackTrace();
 } catch(SQLException ex) {
 ex.printStackTrace();
 } finally {
 try {
 closeAll (rs, ps, con);
 } catch (SQLException ex) {
 ex.printStackTrace();
 }
 }
 return false;
 */
 return true;
 }

 protected Group[] getRoleSets() throws LoginException {
 log.info( "getting rolesets" );
 if (getUnauthenticatedIdentity() != null
 && getIdentity().equals(getUnauthenticatedIdentity())) {
 Group[] grps = new Group[0];
 return grps;
 }
 if (daemonUsername != null && getUsername().equals(daemonUsername)) {
 // Create Caller Principal
 SimpleGroup princip = new SimpleGroup("CallerPrincipal");
 princip.addMember
 (new SimplePrincipal("StaffManagementMember_Daemon"));
 // create roles, start with default role
 Group roles = new SimpleGroup("Roles");
 SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
 roles.addMember(p);
 p = new SimplePrincipal("StaffManagementRole_Daemon");
 roles.addMember(p);
 Group[] grps = new Group[] {princip, roles};
 return grps;
 }
 List groups = new ArrayList();
 // gather information
 Connection con = null;
 try {
 // prepare db connection
 InitialContext ctx = new InitialContext();
 DataSource ds = (DataSource) ctx.lookup(dsJndiName);
 con = ds.getConnection();
 // Create Caller Principal
 long memberDBId = addCallerPrincipal(con, groups);
 // create roles, start with default role
 SimpleGroup rolesGroup = new SimpleGroup("Roles");
 groups.add(rolesGroup);
 SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
 rolesGroup.addMember(p);
 // add roles from db
 addGroupsAsRoles(con, rolesGroup, memberDBId, true);
 } catch (NamingException ex) {
 throw new LoginException(ex.toString(true));
 } catch (SQLException ex) {
 ex.printStackTrace();
 throw new LoginException(ex.toString());
 } finally {
 try {
 closeAll(null, null, con);
 } catch (SQLException ex) {
 ex.printStackTrace();
 throw new LoginException(ex.toString());
 }
 }

 Group[] roleSets = new Group[groups.size()];
 groups.toArray(roleSets);
 for( int i = 0; i < roleSets.length; i++ ){

 log.info( "Eleemnto:"+i+" "+roleSets );
 }
 return roleSets;
 }

 private long addCallerPrincipal(Connection con, List groups) throws
 SQLException, LoginException {
 /*
 PreparedStatement ps = null;
 ResultSet rs = null;
 long dbid = 0;
 try {
 String un = getUsername();
 if (un.startsWith ("StaffManagementMember_")) {
 // JBoss 3.2.6 passes EJB container principal
 return Long.parseLong (un.substring(22));
 }
 // JBoss <= 3.2.5 passes login principal
 ps = con.prepareStatement
 ("SELECT DBID FROM STAFFMEMBER WHERE MEMBERID = ?");
 ps.setString(1, un);
 rs = ps.executeQuery();
 if(! rs.next()) {
 throw new LoginException
 ("Authenticated user vanished from table");
 }
 dbid = rs.getLong(1);
 SimpleGroup rolesGroup = new SimpleGroup("CallerPrincipal");
 groups.add(rolesGroup);
 rolesGroup.addMember
 (new SimplePrincipal
 ("StaffManagementMember_" + dbid));
 } finally {
 closeAll (rs, ps, null);
 }
 return dbid;
 */
 log.info( "Ritorno 0" );
 return 0L;
 }

 private void addGroupsAsRoles(Connection con, SimpleGroup roles,
 long id, boolean isMember) throws
 SQLException, LoginException {
 /*
 PreparedStatement ps = null;
 ResultSet rs = null;
 try {
 String type = "M";
 if (!isMember) {
 type = "G";
 }
 ps = con.prepareStatement
 ("SELECT GROUPID FROM STAFFMAP "
 + "WHERE CONTAINED = ? AND TYPE = ?");
 ps.setLong(1, id);
 ps.setString(2, type);
 rs = ps.executeQuery();
 while(rs.next()) {
 long grpId = rs.getLong(1);
 if (grpId < 100) {
 roles.addMember (new SimplePrincipal
 ("StaffManagementRole_" + grpId));
 } else {
 roles.addMember
 (new SimplePrincipal (lookupGroup (con, grpId)));
 }
 addGroupsAsRoles (con, roles, grpId, false);
 }
 } finally {
 closeAll (rs, ps, null);
 }
 */
 log.info( "addGroupRoles" );
 for (int i = 0; i < 10; i++) {

 roles.addMember(new SimplePrincipal("StaffManagementRole_" + i));
 addGroupsAsRoles(con, roles, i, false);
 }
 }

 private String lookupGroup(Connection con, long grpId) throws SQLException,
 LoginException {
 PreparedStatement ps = null;
 ResultSet rs = null;
 try {
 ps = con.prepareStatement
 ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?");
 ps.setLong(1, grpId);
 rs = ps.executeQuery();
 if (!rs.next()) {
 throw new LoginException
 ("Group vanished from table");
 }
 return rs.getString(1);
 } finally {
 closeAll(rs, ps, null);
 }
 }


 private void closeAll(ResultSet rs, Statement st,
 Connection con) throws SQLException {
 if (rs != null) {
 rs.close();
 }
 if (st != null) {
 st.close();
 }
 if (con != null) {
 con.close();
 }
 }

 protected String getUsersPassword() throws LoginException {

 log.info( "Returning password" );
 return null;
 }
 }

It seems to me all well done.... can anybody help me?
As you can see this class i very simple... i have done nothing particular...
Thanks.

1. Re: ERROR [JaasSecurityManagerService] Failed to create sec

craig1980 May 23, 2005 6:02 PM (in response to craig1980)
I'm sorry i don't know why it has been created so bad formatted; this is what i have added to my auth.conf:

eng { // jBoss LoginModule org.jboss.security.ClientLoginModule required; // Put your login modules that need jBoss here };

This is what i have added to login-config.xml:

<application-policy name = "eng"> <authentication> <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule" flag = "required"> <module-option name = "moduleName"> it.eng.staffmngt.jbossx.StaffMemberLoginModule </module-option> <module-option name = "unauthenticatedIdentity">nobody</module-option> <module-option name = "dsJndiName">java:/DefaultDS</module-option> <module-option name = "daemonUsername">daemon</module-option> <module-option name = "daemonPassword">Afaik,tiagp.</module-option> </login-module> </authentication> </application-policy>

This is what i see whne start the application:

23:41:57,670 INFO [EJBDeployer] Deployed: file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/de.danet.an.util-ejbs.jar
23:41:57,850 INFO [StaffMemberLoginModule] Init of it.eng.staffmngt.jbossx.StaffMemberLoginModule
23:41:57,850 INFO [StaffMemberLoginModule] Returning password
23:41:57,850 INFO [StaffMemberLoginModule] validating password: Afaik,tiagp.
23:41:57,850 INFO [StaffMemberLoginModule] getting rolesets
23:41:58,141 WARN [TxConnectionManager] Prepare called on a local tx. Use of local transactions on a jta transaction with more than one branch may result in inconsistent data in some cases of failure.
23:41:58,451 INFO [EJBDeployer] Deployed: file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/de.danet.an.wfcore-ejbs.jar
23:41:58,581 INFO [TomcatDeployer] deploy, ctxPath=/WfmOpen, warUrl=file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/WfmOpen.war/

This is the error i have:

23:42:02,427 INFO [Server] JBoss (MX MicroKernel) [3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)] Started in 28s:151ms
23:42:44,928 ERROR [JaasSecurityManagerService] Failed to create sec mgr
java.lang.NullPointerException
at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:488)
at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:468)
at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:62)
at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:547)
at $Proxy125.lookup(Unknown Source)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:644)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:966)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:615)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:234)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
23:42:44,968 ERROR [JBossSecurityMgrRealm] Error during authenticate
javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null]
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:972)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:615)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:234)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:534)
Caused by: javax.naming.NamingException: Failed to create sec mgr:null
at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:501)
at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:468)
at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:62)
at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:547)
at $Proxy125.lookup(Unknown Source)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:644)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
at javax.naming.InitialContext.lookup(InitialContext.java:347)
at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:966)
... 22 more

And this is my java class:

import java.security.acl.Group; import java.util.Map; import java.util.List; import java.util.ArrayList; import java.sql.Connection; import java.sql.Statement; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import javax.sql.DataSource; import javax.naming.InitialContext; import javax.naming.NamingException; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; import org.apache.log4j.Logger; public class StaffMemberLoginModule extends UsernamePasswordLoginModule { private String dsJndiName; private String daemonUsername = null; private String daemonPassword = null; private static final String className = StaffMemberLoginModule.class.getName(); private static final Logger log = Logger.getLogger( className ); public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); log.info( "Init of "+ className ); dsJndiName = (String) options.get("dsJndiName"); if (dsJndiName == null) { dsJndiName = "java:/DefaultDS"; } daemonUsername = (String) options.get("daemonUsername"); daemonPassword = (String) options.get("daemonPassword"); } protected boolean validatePassword (String inputPassword, String expectedPassword) { log.info( "validating password: "+ inputPassword ); if (getUsername() == null || inputPassword == null) { return false; } if (daemonUsername != null && getUsername().equals(daemonUsername) && daemonPassword != null && inputPassword.equals(daemonPassword)) { return true; } return true; } protected Group[] getRoleSets() throws LoginException { log.info( "getting rolesets" ); if (getUnauthenticatedIdentity() != null && getIdentity().equals(getUnauthenticatedIdentity())) { Group[] grps = new Group[0]; return grps; } if (daemonUsername != null && getUsername().equals(daemonUsername)) { // Create Caller Principal SimpleGroup princip = new SimpleGroup("CallerPrincipal"); princip.addMember (new SimplePrincipal("StaffManagementMember_Daemon")); // create roles, start with default role Group roles = new SimpleGroup("Roles"); SimplePrincipal p = new SimplePrincipal("StaffManagementUser"); roles.addMember(p); p = new SimplePrincipal("StaffManagementRole_Daemon"); roles.addMember(p); Group[] grps = new Group[] {princip, roles}; return grps; } List groups = new ArrayList(); // gather information Connection con = null; try { // prepare db connection InitialContext ctx = new InitialContext(); DataSource ds = (DataSource) ctx.lookup(dsJndiName); con = ds.getConnection(); // Create Caller Principal long memberDBId = addCallerPrincipal(con, groups); // create roles, start with default role SimpleGroup rolesGroup = new SimpleGroup("Roles"); groups.add(rolesGroup); SimplePrincipal p = new SimplePrincipal("StaffManagementUser"); rolesGroup.addMember(p); // add roles from db addGroupsAsRoles(con, rolesGroup, memberDBId, true); } catch (NamingException ex) { throw new LoginException(ex.toString(true)); } catch (SQLException ex) { ex.printStackTrace(); throw new LoginException(ex.toString()); } finally { try { closeAll(null, null, con); } catch (SQLException ex) { ex.printStackTrace(); throw new LoginException(ex.toString()); } } Group[] roleSets = new Group[groups.size()]; groups.toArray(roleSets); for( int i = 0; i < roleSets.length; i++ ){ log.info( "Eleemnto:"+i+" "+roleSets ); } return roleSets; } private long addCallerPrincipal(Connection con, List groups) throws SQLException, LoginException { log.info( "Ritorno 0" ); return 0L; } private void addGroupsAsRoles(Connection con, SimpleGroup roles, long id, boolean isMember) throws SQLException, LoginException { log.info( "addGroupRoles" ); for (int i = 0; i < 10; i++) { roles.addMember(new SimplePrincipal("StaffManagementRole_" + i)); addGroupsAsRoles(con, roles, i, false); } } private String lookupGroup(Connection con, long grpId) throws SQLException, LoginException { PreparedStatement ps = null; ResultSet rs = null; try { ps = con.prepareStatement ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?"); ps.setLong(1, grpId); rs = ps.executeQuery(); if (!rs.next()) { throw new LoginException ("Group vanished from table"); } return rs.getString(1); } finally { closeAll(rs, ps, null); } } private void closeAll(ResultSet rs, Statement st, Connection con) throws SQLException { if (rs != null) { rs.close(); } if (st != null) { st.close(); } if (con != null) { con.close(); } } protected String getUsersPassword() throws LoginException { log.info( "Returning password" ); return null; } }

It seems to me all ok... why have i that error?
Thanks to all and stil excuse me for the previous message :-)
Actions