7 Replies Latest reply on Nov 16, 2014 10:25 PM by r225

Extending AbstractPasswordCredentialLoginModule

lduperval Mar 31, 2006 8:45 AM

Hi,

I want to create my own copy of SecureIdentityLoginModule where I only change the secrete key. I originally tried to create an exact copy of SecureIdentityLoginModule, built a jar with it and put it in server/lib. However, when I try to access it, I get an IllegalAccessError:

2006-03-30 17:26:35,026 DEBUG [org.jboss.security.plugins.JaasSecurityManager.EncryptDBPassword] Login failure

javax.security.auth.login.LoginException: java.lang.IllegalAccessError: tried to access class org.jboss.resource.security.SubjectActions from class org.jboss.resource.security.DbAccess

The reason is that the spec doesn't allow this.

So how can I change the secret key in the encode()/decode() routines? I am trying to avoid needing to distribute a custom version of JBoss. I want to be able to drop something in one of the directories and have JBoss use that instead.

Can anyone help me?

Thanks,

L

1. Re: Extending AbstractPasswordCredentialLoginModule

lduperval Mar 31, 2006 10:42 AM (in response to lduperval)

I forgot to mention that I am still at 3.2.5.

Thanks,

L
Actions
2. Re: Extending AbstractPasswordCredentialLoginModule

starksm64 Mar 31, 2006 1:16 PM (in response to lduperval)

You have to create your own priviledged actions. You should not be using an org.jboss.resource.security package name because you don't have permission to interact with other classes in the package if they are loaded by another class loader.
Actions
3. Re: Extending AbstractPasswordCredentialLoginModule

lduperval Mar 31, 2006 1:23 PM (in response to lduperval)

So if I take all the files in org.jboss.resource.security that are package protected, rebuild them to add my change (the secret key), I should be OK?

Is that still "fair use"?

L
Actions
4. Re: Extending AbstractPasswordCredentialLoginModule

starksm64 Mar 31, 2006 1:26 PM (in response to lduperval)

"lduperval" wrote:
So if I take all the files in org.jboss.resource.security that are package protected, rebuild them to add my change (the secret key), I should be OK?

Is that still "fair use"?

L

Yes
Actions
5. Re: Extending AbstractPasswordCredentialLoginModule

lduperval Mar 31, 2006 1:30 PM (in response to lduperval)

Excellent! Thanks!

L
Actions
6. Re: Extending AbstractPasswordCredentialLoginModule

nsayer Dec 17, 2008 12:20 PM (in response to lduperval)

I had this same problem and solved it by instead extending ConfiguredIdentityLoginModule. I overrode initialize() to fetch the password from the options map, decrypt it, then make a new hashmap (the old one is unmodifiable) with the options, replacing the password with the decrypted version, then calling super.initialize().
Actions
7. Re: Extending AbstractPasswordCredentialLoginModule

r225 Nov 16, 2014 10:25 PM (in response to nsayer)

@Nicholas Sayer, I tried the same with bunch of errors. Can you please share your sample code?
Actions

Go to original post