3 Replies Latest reply on Sep 13, 2006 9:27 AM by markash

    JAAS Active Directory Login Obscure Serialization Error

    schuller007
    schuller007 May 17, 2006 12:31 PM

      jboss version: 4.0.4 GA

      I have a Swing Rich Client implementing JAAS and invoking EJB3 stateless session beans. The session beans are secured against Active Directory.

      Whenever I enter bad credentials an exception thrown, which is expected. The side effect serialization exception is not.

      What is the meaning LdapCtx not being serializable? It is more of an annoyance since the behaviour on the client is not affected.
      I do not recall getting this error in previous versions of JBOSS, although I will verify.

      2006-05-17 09:11:40,656 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=dd
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ]
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
      at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
      at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
      at javax.naming.InitialContext.init(Unknown Source)
      at javax.naming.ldap.InitialLdapContext.(Unknown Source)
      at org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:307)
      at org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:239)
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.access$000(Unknown Source)
      at javax.security.auth.login.LoginContext$4.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
      at javax.security.auth.login.LoginContext.login(Unknown Source)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:225)
      at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
      at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
      at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
      at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
      at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
      at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
      at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
      2006-05-17 09:11:40,734 ERROR [org.jboss.remoting.transport.socket.ServerThread] failed
      java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx       at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteObject(Unknown Source)
      at java.lang.Throwable.writeObject(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at java.io.ObjectStreamClass.invokeWriteObject(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteObject(Unknown Source)
      at java.lang.Throwable.writeObject(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at java.io.ObjectStreamClass.invokeWriteObject(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.writeObject(Unknown Source)
      at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.sendObject(JavaSerializationManager.java:81)
      at org.jboss.remoting.marshal.serializable.SerializableMarshaller.write(SerializableMarshaller.java:84)
      at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:381)
      at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
      at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
      2006-05-17 09:11:40,750 DEBUG [org.jboss.remoting.transport.socket.ServerThread] begin thread wait


      Client jaas.config

      allora-server {
 org.jboss.security.ClientLoginModule required debug=true;
};



      Server login-config.xml 

       <application-policy name="xyz">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
 <module-option name="java.naming.provider.url">ldap://ad/</module-option>
 <module-option name="rolesCtxDN">cn=Users,dc=xty,dc=aaa,dc=com</module-option>
 <module-option name="matchOnUserDN">false</module-option>
 <module-option name="principalDNSuffix">@zxx.vv.com</module-option>
 <module-option name="uidAttributeID">sAMAccountName</module-option>
 <module-option name="roleAttributeID">memberOf</module-option>
 <module-option name="roleAttributeIsDN">true</module-option>
 </login-module>
 </authentication>
 </application-policy>


      • 5930 Views
      • Tags:
        • 1. Re: JAAS Active Directory Login Obscure Serialization Error
          schuller007
          schuller007 May 25, 2006 5:05 PM (in response to schuller007)

          Anyone?

            • Actions
          • 2. Re: JAAS Active Directory Login Obscure Serialization Error
            rknechtel
            rknechtel Sep 7, 2006 2:02 PM (in response to schuller007)

            Yes, anyone?
            I'm having the exact same problem..

            Thanks,

              • Actions
            • 3. Re: JAAS Active Directory Login Obscure Serialization Error
              markash
              markash Sep 13, 2006 9:27 AM (in response to schuller007)

              Good Day,

              This is a flaw in the UsernamePasswordLoginModule that raises LoginExceptions encountered by subclasses even though the exception is a LoginException.

              Part 01
              I have customised the UsenamePasswordLoginModule to look for the LoginException when validating the password and if encountered re-raises that exception.

              Part 02
              I customised the password checking in LDAPExtLoginModule to determine if the login failed because of one of the pre-defined LDAP login errors
              which are raised with a AuthenticationException and then to raise a property decendant of LoginException that indicates the problem.

              The LDAP errors are 525, 52e, 530, 532, 533, 701, 773, 775. If one of these codes are in the message of the authentication exception then there was a problem authenticating the user in LDAP.

              O and the problem with LDAPCtx is that it is not serializable so the exception that is raised cannot be serialized to the calling code.


                • Actions