2 Replies Latest reply on May 31, 2006 12:16 PM by juergen.zimmermann

JBoss 4.0.4/EJB3: DynamicLoginConfig fails

juergen.zimmermann May 31, 2006 6:08 AM

I tried to switch from a static login configuration via conf/login-config.xml to a dynamic one. The static login configuration works without any problem.

However, I get this stacktrace using the DynamicLoginConfig:

11:39:14,652 INFO [EARDeployer] Started J2EE application: file:/C:/Programme/jboss/server/default/deploy/hska.ear
11:39:26,298 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
 at org.jboss.security.auth.spi.Util.loadProperties(Util.java:313)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
 at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
 at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121)
 at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
 at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
 at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:225)
 at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
 at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
 at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
 at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
 at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
 at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:398)
 at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)

The META-INF/jboss-service.xml of the SAR:

<?xml version="1.0" ?>

<server>
 <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
 name="hska:service=DynamicLoginConfig">
 <attribute name="AuthConfig">META-INF/hska-login-config.xml</attribute>
 <depends optional-attribute-name="LoginConfigService">
 jboss.security:service=XMLLoginConfig
 </depends>
 <depends optional-attribute-name="SecurityManagerService">
 jboss.security:service=JaasSecurityManager
 </depends>
 </mbean>

</server>

The META-INF/hska-login-config.xml of the SAR:

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
 <application-policy name="hska_beispiel">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag="required">
 <module-option name="dsJndiName">java:/hskaDS</module-option>
 <module-option name="unauthenticatedIdentity">gast</module-option>
 <module-option name="principalsQuery">SELECT password FROM hska_user WHERE username=?</module-option>
 <module-option name="rolesQuery">SELECT role, 'Roles' FROM hska_role WHERE username=?</module-option>
 <module-option name="hashAlgorithm">SHA-256</module-option>
 <module-option name="hashEncoding">base64</module-option>
 </login-module>
 </authentication>
 </application-policy>
</policy>

The META-INF/jboss-app.xml of the EAR:

<?xml version="1.0"?>

<!DOCTYPE jboss-app
 PUBLIC "-//JBoss//DTD J2EE Application 1.4//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-app_4_0.dtd">

<jboss-app>
 <security-domain>hska</security-domain>
 <module>
 <service>hska.sar</service>
 </module>
</jboss-app>

1. Re: JBoss 4.0.4/EJB3: DynamicLoginConfig fails

j2ee_junkie May 31, 2006 8:13 AM (in response to juergen.zimmermann)
Juergen,

Most likely the problem is that the security-domain defined in your jboss-app.xml file..
<jboss-app> <security-domain>hska</security-domain> <module> <service>hska.sar</service> </module> </jboss-app>

does not match the application-policy name defined in your hska-login-config.xml
<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <policy> <application-policy name="hska_beispiel"> <authentication> ...

This is causing the "other" application policy defined in conf/login-config.xml to be used.

cgriffith
Actions
2. Re: JBoss 4.0.4/EJB3: DynamicLoginConfig fails

juergen.zimmermann May 31, 2006 12:16 PM (in response to juergen.zimmermann)

Thank you for the hint! I didn't see the typo.
Actions

Go to original post