Cannot access username/password in custom login module
camueller Aug 24, 2006 10:56 AMHi,
I've written a custom login module using individual implementations for Principal/Group. Logins to the web container are propagated properly to the EJB container. However logins of remote EJB clients fail since username/password provided by the callbackhandler are null:
public boolean login() throws LoginException { try { log.info("login() called"); // Get user name and password from request log.info("Going to the build the name and password call back"); this.callbacks = new Callback[2]; this.callbacks[0] = new NameCallback("Username"); this.callbacks[1] = new PasswordCallback("Password", false); log.info("Trying to execute the callbacks using the call back handler"); this.callbackhandler.handle(this.callbacks);
The login performed by the remote EJB client looks like this:
Properties props = new Properties(); props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.JndiLoginInitialContextFactory"); props.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming.client"); props.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099"); props.setProperty(Context.SECURITY_PROTOCOL, "pve"); props.setProperty("j2ee.clientName", "PCA_CLI"); // must match display-name in application-client.xml props.put(Context.SECURITY_PRINCIPAL, "admin"); props.put(Context.SECURITY_CREDENTIALS, "pca"); this.context = new InitialContext(props); Object objref = context.lookup(jndiName);
The security-domain in jboss.xml is set to "pve":
<jboss> <security-domain>java:/jaas/pve</security-domain> [...]
The login-config.xml contains the following entries:
<policy> <!-- Used by clients within the application server VM such as mbeans and servlets that access EJBs. --> <application-policy name = "client-login"> <authentication> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> <!-- Any existing security context will be restored on logout --> <module-option name="restore-login-identity">true</module-option> </login-module> </authentication> </application-policy> <application-policy name = "pve"> <authentication> <login-module code = "com.wn.pve.security.jaas.PveLoginModule" flag = "required"> <module-option name = "principalClass">com.wn.pve.platform.jbossjaas.PvePrincipal</module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> </authentication> </application-policy> <!-- Security domain for JBossMQ --> <application-policy name = "jbossmq"> <authentication> <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required"> <module-option name = "unauthenticatedIdentity">guest</module-option> <module-option name = "dsJndiName">java:/DefaultDS</module-option> <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option> <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option> </login-module> </authentication> </application-policy> <!-- Security domains for testing new jca framework --> <application-policy name = "HsqlDbRealm"> <authentication> <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required"> <module-option name = "principal">sa</module-option> <module-option name = "userName">sa</module-option> <module-option name = "password"></module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option> </login-module> </authentication> </application-policy> <application-policy name = "JmsXARealm"> <authentication> <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required"> <module-option name = "principal">guest</module-option> <module-option name = "userName">guest</module-option> <module-option name = "password">guest</module-option> <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option> </login-module> </authentication> </application-policy> <!-- A template configuration for the jmx-console web application. This defaults to the UsersRolesLoginModule the same as other and should be changed to a stronger authentication mechanism as required. --> <application-policy name = "jmx-console"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">props/jmx-console-users.properties</module-option> <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option> </login-module> </authentication> </application-policy> <!-- A template configuration for the web-console web application. This defaults to the UsersRolesLoginModule the same as other and should be changed to a stronger authentication mechanism as required. --> <application-policy name = "$webConsoleDomain"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">web-console-users.properties</module-option> <module-option name="rolesProperties">web-console-roles.properties</module-option> </login-module> </authentication> </application-policy> <!-- A template configuration for the JBossWS web application (and transport layer!). This defaults to the UsersRolesLoginModule the same as other and should be changed to a stronger authentication mechanism as required. --> <application-policy name="JBossWS"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="usersProperties">props/jbossws-users.properties</module-option> <module-option name="rolesProperties">props/jbossws-roles.properties</module-option> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </authentication> </application-policy> </policy>
Anything I might try?
Axel