2 Replies Latest reply on Aug 20, 2009 10:57 AM by kapilnayar

RMIAdaptor and JAAS

still_aimless Sep 24, 2005 8:03 AM

I'm trying to configure JAAS for a remote client calling MBeans via RMIAdaptor server. I'm using DatabaseServerLoginModule for authentication with a DB. This module was tested and works fine for session beans (using LoginContext). Looking through the logs, I can see that the correct security domain module is being invoked (in my case that's the DatabaseServerLoginModule) and that the DB call is made to get the userId. However, it looks like the credencial field is empty and the authentication process fails. Here are the relevent traces from the log:

2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Begin isValid, cache info: null
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(kyoto), size=9
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(kyoto), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=rolesQuery, value=select roles, 'Roles' from users where userId=?
name=principalsQuery, value=select password 'Password' from users where userId=?
name=unauthenticatedIdentity, value=guest
name=dsJndiName, value=java:/kyotoDS

2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/kyotoDS
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select password 'Password' from users where userId=?
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select roles, 'Roles' from users where userId=?
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Login failure
javax.security.auth.login.FailedLoginException: No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:111)

and here's the client code:

env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
env.setProperty(Context.SECURITY_CREDENTIALS, "userName");
env.setProperty(Context.SECURITY_PRINCIPAL, "1");
env.setProperty(Context.SECURITY_PROTOCOL, "kyoto");

try {
 setAuthConfig(AUTH_CONFIG); // using ClientLoginModule
 InitialContext ctx = new InitialContext(env);
 RMIAdaptor server = (RMIAdaptor) ctx.lookup("jmx/rmi/RMIAdaptor");
 server.getDomains(); // failure
}
.
.
.

I'm sure, being a complete JBoss newb (with full 48 hours worth of experience :), I've missed something obvious. However I couldn't find a good example, which uses both JMX invoker service with security domains on a remote client (SWT in my case).

1. Re: RMIAdaptor and JAAS

still_aimless Sep 24, 2005 9:25 AM (in response to still_aimless)
env.setProperty(Context.SECURITY_CREDENTIALS, "userName"); env.setProperty(Context.SECURITY_PRINCIPAL, "1");

yes, I am a tool :D
Actions
2. Re: RMIAdaptor and JAAS

kapilnayar Aug 20, 2009 10:57 AM (in response to still_aimless)

Did you finally got this working - kindly post the solution if you did.

-Kapil
Actions

Go to original post