2 Replies Latest reply on Aug 15, 2005 6:25 AM by warnasweb

    Problems initializing LoginModule

    alexandre_correa

      Hi guys,

      I've been looking for a similar topic in this forum, but I didn't find any. I hope someone knows what I'm doing wrong.

      I'm trying to implement the authentication schema for the web module of my application. I've written a custom LoginModule and a custom passive CallbackHandler for this. I've no problem to deploy my application, and I got to see my login page, but when I try to login, I get a LoginException caused by a ClassCastException in login() method from my custom LoginModule.

      I've saw that the JBoss got to load my custom LoginModule, but can't initialized it with my custom CallbackHandler. Below is the part of my code that tries to perform the authentication:

       CallbackHandler cbh = new WebPasswordCallbackHandler(this.password);
       LoginContext lc = new LoginContext("auth-jndi", cbh);
       lc.login();
       subject = lc.getSubject();
      


      And now the related code from my custom LoginModule
       public void initialize(Subject sub, CallbackHandler cbh, Map sharedState,
       Map options) {
       this.subject = sub;
       this.callbackHandler = cbh;
      
       try {
       Context ctx = new InitialContext();
       ds = (DataSource) ctx.lookup("OracleDS");
       } catch (NamingException ne) {
      
       }
       }
      
      
       public boolean login() throws LoginException {
       if (ds == null) {
       throw new LoginException("Erro ao inicializar DataSource");
       }
      
       if (callbackHandler == null) {
       throw new LoginException("Nenhum CallbackHandler definido");
       }
      
       // Obtendo senha
       String password = ((WebPasswordCallbackHandler) callbackHandler)
       .getPassword();
       .
       .
       .
       }
      


      The problem is in the last line from the code above. When I try to get the password from the callbackHandler, because it is of type SecureCallbackHandler, even I have passed a WebPasswordCallbackHandler when creating the LoginContext (in the first code). So, I believe the problem is in the calling of the initialize method.

      I'm using JBoss 4.0.2, and my login configuration is being deployed together with my application, through a sar file. Below I'm showing the configuration files for my application:

      jboss-app.xml
      <jboss-app>
       <loader-repository>
       myApp:loader=myApp.ear
       <loader-repository-config>
       java2ParentDelegation=false
       </loader-repository-config>
       </loader-repository>
      
       <module>
       <service>authService.sar</service>
       </module>
      </jboss-app>
      


      jboss-web.xml
      <jboss-web>
       <security-domain>auth-jndi</security-domain>
      </jboss-web>
      


      jboss-service.xml
      <server>
       <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
       name="jboss:service=DynamicLoginConfig">
       <attribute name="AuthConfig">META-INF/login-config.xml</attribute>
      
       <depends optional-attribute-name="LoginConfigService">
       jboss.security:service=XMLLoginConfig
       </depends>
      
       <depends optional-attribute-name="SecurityManagerService">
       jboss.security:service=JaasSecurityManager
       </depends>
       </mbean>
      </server>
      


      login-config.xml
      <policy>
       <application-policy name="auth-jndi">
       <authentication>
       <login-module code="app.util.auth.LoginModule"
       flag="required" />
       </authentication>
       </application-policy>
      </policy>
      


      And here is the error from the jboss log file
      10:29:50,512 INFO [STDOUT] [123456] class javax.security.auth.login.LoginContext$SecureCallbackHandler
      10:29:50,533 ERROR [InvokeApplicationPhase] #{LoginModel.login}: javax.faces.el.EvaluationException: javax.security.auth.login.LoginException: java.lang.ClassCastException: javax.security.auth.login.LoginContext$SecureCallbackHandler
       at app.util.auth.LoginModule.login(LoginModule.java:76)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at app.util.auth.LoginModel.login(LoginModel.java:39)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:585)
       at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
       at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
       at javax.faces.component.UICommand.broadcast(UICommand.java:312)
       at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
       at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
       at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
       at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200)
       at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90)
       at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
       at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
       at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
       at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
       at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
       at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:153)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      



      Hope those information be useful. I'm stuck on this for many days. Any solution or hint is welcome.

      Thanks in advance,
      Alexandre