9 Replies Latest reply on May 3, 2006 2:47 PM by acoliver

    DynamicLoginConfig and UserRolesLoginModule

    acoliver

      I have this:

       <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
       name="jboss.mail:service=LoginConfig">
       <attribute name="PolicyConfig" serialDataType="jbxb">
       <jaas:policy
       xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
       xmlns:jaas="urn:jboss:security-config:4.1"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       >
       <jaas:application-policy name="jbms">
       <jaas:authentication>
       <jaas:login-module code="org.jboss.security.auth.spi.UserRolesLoginModule"
       flag="required">
       <jaas:module-option name="usersProperties">jbms-users.properties</jaas:module-option>
       <jaas:module-option name="rolesProperties">jbms-roles.properties</jaas:module-option>
       <jaas:module-option name="unauthenticatedIdentity">nobody</jaas:module-option>
       </jaas:login-module>
       </jaas:authentication>
       </jaas:application-policy>
       </jaas:policy>
       </attribute>
       <depends optional-attribute-name="LoginConfigService">
       jboss.security:service=XMLLoginConfig
       </depends>
       <depends optional-attribute-name="SecurityManagerService">
       jboss.security:service=JaasSecurityManager
       </depends>
       </mbean>
      


      I have verified that the displayAppConfig() of jboss.security:service:XMLLoginConfig
      displays this:

      LoginModule Class: org.jboss.security.auth.spi.UserRolesLoginModule
      
      ControlFlag: LoginModuleControlFlag: required
      
      Options:
      
       * name=rolesProperties, value=jbms-roles.properties
       * name=usersProperties, value=jbms-users.properties
       * name=unauthenticatedIdentity, value=nobody
      


      I have tried putting the users and roles files in:
      server/default/deploy/mail.ear
      server/default/deploy/mail.ear/META-INF
      server/default/deploy/mail.ear/mail.sar
      server/default/deploy/mail.ear/mail.sar/META-INF

      both WITH and WITHOUT the META-INF in the config.

      However even via the jmx console JAASSecurityManager the user is not found. No errors are thrown.

      I looked at the code to UserRolesLoginModule and it APPEARS to just load the properties with the thread context classloader... What am I missing?

        • 1. Re: DynamicLoginConfig and UserRolesLoginModule
          anil.saldhana

          Enable trace logging and see which users/roles.properties is being picked up and from which archive. That is usually the key to the answer.

          • 2. Re: DynamicLoginConfig and UserRolesLoginModule
            starksm64

            And where is the DynamicLoginConfig service descriptor deployed?

            • 3. Re: DynamicLoginConfig and UserRolesLoginModule
              acoliver

              in mail.ear/mail.sar/META-INF/jboss-service.xml

              • 4. Re: DynamicLoginConfig and UserRolesLoginModule
                acoliver

                Here is what I get if I try and use the login module in the normal way for JBMS:

                2006-05-02 16:39:46,797 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jbms), size=9
                2006-05-02 16:39:46,797 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jbms), authInfo=AppConfigurationEntry[]:
                [0]
                LoginModule Class: org.jboss.security.auth.spi.UserRolesLoginModule
                ControlFlag: LoginModuleControlFlag: required
                Options:name=rolesProperties, value=jbms-roles.properties
                name=usersProperties, value=jbms-users.properties
                name=unauthenticatedIdentity, value=nobody
                
                2006-05-02 16:39:46,800 ERROR [org.jboss.mail.userrepository.jaas.JaasUserRepository] Login failed for user tom
                


                However if I go to the jmx console and do jbms/tom in java.security.Principal getPrincipal() it goes to jmx-console for no obvious reason (it appears to ignore the first arguemnt). Nearly anything else I do from the console does that as well.

                I CAN get an error if I remove the schema tags from the above module-option tags (on a whim) that it can't load the properties files. However it appears that it is just ignoring my arguments.

                Any clues?




                • 5. Re: DynamicLoginConfig and UserRolesLoginModule
                  acoliver

                  deep down I get this in the debugger but it is swallowed as a root cause for a login exception

                  "unable to find LoginModule class: No ClassLoaders found for: org.jboss.security.auth.spi.UserRolesLoginModule"

                  2006-05-03 01:06:44,464 ERROR [STDERR] javax.security.auth.login.LoginException: unable to find LoginModule class: No ClassLoaders found for: org.jboss.security.auth.spi.UserRolesLoginModule
                  2006-05-03 01:06:44,465 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
                  2006-05-03 01:06:44,465 ERROR [STDERR] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                  2006-05-03 01:06:44,465 ERROR [STDERR] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                  2006-05-03 01:06:44,465 ERROR [STDERR] at java.security.AccessController.doPrivileged(Native Method)
                  2006-05-03 01:06:44,465 ERROR [STDERR] at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at org.jboss.mail.userrepository.jaas.JaasUserRepository.login(JaasUserRepository.java:111)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at org.jboss.mail.userrepository.jaas.JaasUserRepository.test(JaasUserRepository.java:94)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at java.lang.reflect.Method.invoke(Method.java:585)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
                  2006-05-03 01:06:44,466 ERROR [STDERR] at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:260)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:190)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at $Proxy166.test(Unknown Source)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mail.pop3.handlers.CmdPASS.handleRequest(CmdPASS.java:83)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mail.pop3.POP3ProtocolInstance.handleRequest(POP3ProtocolInstance.java:211)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mail.ConnectionHandler.runSocket(ConnectionHandler.java:205)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at org.jboss.mail.ConnectionHandler.run(ConnectionHandler.java:97)
                  2006-05-03 01:06:44,467 ERROR [STDERR] at EDU.oswego.cs.dl.util.concurrent.PooledExecutor$Worker.run(PooledExecutor.java:748)2006-05-03 01:06:44,467 ERROR [STDERR] at java.lang.Thread.run(Thread.java:595)
                  


                  Which I find odd.

                  • 6. Re: DynamicLoginConfig and UserRolesLoginModule
                    acoliver

                    wow the problem is that I can't freaking spell. Works now...sorry for the trouble.

                    • 7. Re: DynamicLoginConfig and UserRolesLoginModule
                      acoliver

                      (UserRolesLoginModule vs UsersRolesLoginModule)

                      • 8. Re: DynamicLoginConfig and UserRolesLoginModule
                        anil.saldhana

                        This constitutes enough cause for the whole "Collaboration Server" project to be shelved. :-)

                        Rather than a debugger, if you had enabled the trace logging, you should have seen the classnotfound error in the logs?

                        • 9. Re: DynamicLoginConfig and UserRolesLoginModule
                          acoliver

                          No. It did not show up in the log.