RMIAdaptor and JAAS
still_aimless Sep 24, 2005 8:03 AMI'm trying to configure JAAS for a remote client calling MBeans via RMIAdaptor server. I'm using DatabaseServerLoginModule for authentication with a DB. This module was tested and works fine for session beans (using LoginContext). Looking through the logs, I can see that the correct security domain module is being invoked (in my case that's the DatabaseServerLoginModule) and that the DB call is made to get the userId. However, it looks like the credencial field is empty and the authentication process fails. Here are the relevent traces from the log:
2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Begin isValid, cache info: null 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(kyoto), size=9 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(kyoto), authInfo=AppConfigurationEntry[]: [0] LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule ControlFlag: LoginModuleControlFlag: required Options:name=rolesQuery, value=select roles, 'Roles' from users where userId=? name=principalsQuery, value=select password 'Password' from users where userId=? name=unauthenticatedIdentity, value=guest name=dsJndiName, value=java:/kyotoDS 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/kyotoDS 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select password 'Password' from users where userId=? 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select roles, 'Roles' from users where userId=? 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort 2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Login failure javax.security.auth.login.FailedLoginException: No matching username found in Principals at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:111)
and here's the client code:
env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory"); env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/"); env.setProperty(Context.SECURITY_CREDENTIALS, "userName"); env.setProperty(Context.SECURITY_PRINCIPAL, "1"); env.setProperty(Context.SECURITY_PROTOCOL, "kyoto"); try { setAuthConfig(AUTH_CONFIG); // using ClientLoginModule InitialContext ctx = new InitialContext(env); RMIAdaptor server = (RMIAdaptor) ctx.lookup("jmx/rmi/RMIAdaptor"); server.getDomains(); // failure } . . .
I'm sure, being a complete JBoss newb (with full 48 hours worth of experience :), I've missed something obvious. However I couldn't find a good example, which uses both JMX invoker service with security domains on a remote client (SWT in my case).