2 Replies Latest reply on Feb 13, 2006 2:05 AM by sea10

JaasSecurityManager.getActiveSubject(); retruns null

sea10 Feb 9, 2006 3:59 PM

Hello,
Im upgrading Jboss from (3.2.3+jetty) to JBoss 4.02
I have the following code, which worked fine, but not any more:

try {
JaasSecurityManager manager = (JaasSecurityManager) m_ctx.lookup("java:/jaas/" + policy);
final char[] passwordChar = password.toCharArray();
Principal user = new SimplePrincipal(userName);
if (manager.isValid(user, passwordChar)) {
Subject subject = manager.getActiveSubject();
SecurityAssociation.setCredential(passwordChar);
SecurityAssociation.setPrincipal(user);
SecurityAssociation.setSubject(subject);
request.getSession().setAttribute(__J_AUTHENTICATED, user);
request.getSession().setAttribute("j_subject", subject);
request.setAttribute("j_subject", subject);
return true;
...

The manager returns null in getActiveSubject();

I have added the trace for security in log4j.xml

and this is my TRACE;

2006-02-09 20:41:04,282 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1139517664282 sessioncount 1
2006-02-09 20:41:04,282 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 3CB6FD586FAB1C602148BD4D48D2322E
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /danbe
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
2006-02-09 20:41:27,636 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] getResourceAsStream(META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findResource(META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Resource not found, returning null
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader unconditionally java.net.FactoryURLClassLoader@157011e
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Returning stream from parent
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.xerces.parsers.XML11Configuration, false)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.xerces.parsers.XML11Configuration)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.xerces.parsers.XML11Configuration)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@157011e
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl, false)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl)
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@157011e
2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] Begin isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1ac9cff[Subject(24589693).principals=[dan, Roles(members:Purchaser,Controler,everyone,dan)],credential.class=[C@138093,expirationTime=1139519417914]
2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1ac9cff[Subject(24589693).principals=[dan, Roles(members:Purchaser,Controler,everyone,dan)],credential.class=[C@138093,expirationTime=1139519417914];credential.class=[C@138093
2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] End validateCache, isValid=true
2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] End isValid, true
2006-02-09 20:41:33,314 TRACE [org.jboss.security.SecurityAssociation] setPrincipal, p=dan, server=true
2006-02-09 20:41:33,314 TRACE [org.jboss.security.SecurityAssociation] setSubject, s=null, server=true
2006-02-09 20:41:34,777 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2006-02-09 20:41:34,777 TRACE [org.jboss.security.SecurityAssociation] clear, server=true

Can any one tell me If and where I was worng in the upgrade?
Is it a tomcat issue?

Thanks in advance,
Dan Berke

danbe@answers.com

1. Re: JaasSecurityManager.getActiveSubject(); retruns null

starksm64 Feb 10, 2006 1:49 PM (in response to sea10)

See "SecurityAssociation Changes" section of:
http://wiki.jboss.org/wiki/Wiki.jsp?page=402UpgradeIssues
Actions
2. Re: JaasSecurityManager.getActiveSubject(); retruns null

sea10 Feb 13, 2006 2:05 AM (in response to sea10)

Thanks scott,
It almost did it, I had to change a bit:

AuthenticationManager manager = (AuthenticationManager) m_ctx.lookup("java:/jaas/MyPolicy");
...
Principal user = new SimplePrincipal(userName);
Subject subject = new Subject();
// this method filled the current subject
// So I had to skip - (Subject) PolicyContext.getContext
(SUBJECT_CONTEXT_KEY);
// since the subject became NULL.
if (manager.isValid(user, password, subject)) {

And thats it,
thanks allot,

Dan Berke
Actions

Go to original post