4 Replies Latest reply on Nov 21, 2006 4:31 AM by matthieugd

Form and custom LoginModule : ClassCastException

matthieugd Nov 20, 2006 7:45 PM

I want to use a custom LoginModule within a webapp with the FORM auth-method.

I write a LoginModule that extends AbstractServerLoginModule and configure the login module :

web.xml :

<login-config>
 <auth-method>FORM</auth-method>
 <realm-name>TestJaasLdapRealm</realm-name>
 <form-login-config>
 <form-login-page>/loginModule.jsp</form-login-page>
 <form-error-page>/loginError.jsp</form-error-page>
 </form-login-config>
 </login-config>

jboss-web.xml :

<jboss-web>
 <security-domain>java:/jaas/TestJaasLdapRealm</security-domain>
</jboss-web>

ga-login-config-service.xml :

<server>
 <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
 name="jboss:service=DynamicLoginConfig">
 <attribute name="AuthConfig">ga-login-config.xml</attribute>
 <depends optional-attribute-name="LoginConfigService">
 jboss.security:service=XMLLoginConfig
 </depends>
 <depends optional-attribute-name="SecurityManagerService">
 jboss.security:service=JaasSecurityManager
 </depends>
 </mbean>
 </server>

ga-login-config.xml :

<policy>

 <application-policy name = "TestJaasLdapRealm">
 <authentication>
 <login-module code = "com.sample.security.TestLoginModule" flag = "required">
 <module-option name="additionalRole">Authenticated</module-option>
 </login-module>
 <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
 </authentication>
 </application-policy>

</policy>

But when I submit the form after being redirected I've this exception :

java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
 at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
 at java.lang.Thread.run(Thread.java:595)

And in the server.log :

2006-11-21 01:29:39,601 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@16e1111
2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@12277ed
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false)
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.TimedCachePolicy, false)
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.util.TimedCachePolicy)
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@1e4605c
2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.CachePolicy, false)
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.util.CachePolicy)
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@1e4605c
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.InvalidNameException, false)
2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.Subject, false)
2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@33cf0f
2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@33cf0f
2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added TestJaasLdapRealm, org.jboss.security.plugins.SecurityDomainContext@15ef45a to map
2006-11-21 01:29:39,616 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
2006-11-21 01:29:39,616 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
 at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
 at java.lang.Thread.run(Thread.java:595)

I try and succed to use my custom LoginModule in a action struts trough the LoginContext("TestJaasLdapRealm", ...) object. But I would like to use a automatic feature within the webcontainer.

Matthieu

1. Re: Form and custom LoginModule : ClassCastException

jaikiran Nov 21, 2006 12:36 AM (in response to matthieugd)
Is there any specific reason why you are creating your own service and a separate login config file. Usaully, if a custom login module has to be implemented then it is mentioned in the login-config.xml file which is present in the %JBOSS_HOME%/server/default/conf folder. Just add your application policy to the existing list in that file and start using it. Something like:
<application-policy name = "TestJaasLdapRealm"> <authentication> <login-module code = "com.sample.security.TestLoginModule" flag = "required"> <module-option name="additionalRole">Authenticated</module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> </authentication> </application-policy>

You will not need those ga-login-config-service.xml and ga-login-config.xml files. Just my thoughts. However, if you have a specific requirement of using those files do let us know.
Actions
2. Re: Form and custom LoginModule : ClassCastException

matthieugd Nov 21, 2006 1:50 AM (in response to matthieugd)

"jaikiran" wrote:
Is there any specific reason why you are creating your own service and a separate login config file. Usaully, if a custom login module has to be implemented then it is mentioned in the login-config.xml file which is present in the %JBOSS_HOME%/server/default/conf folder. Just add your application policy to the existing list in that file and start using it. Something like:

Thx for your answer, I can try but I would like to not modify a jboss installation file and keep my application settings file apart from them.
Actions
3. Re: Form and custom LoginModule : ClassCastException

matthieugd Nov 21, 2006 4:25 AM (in response to matthieugd)

I made the change but I get the ClassCastException :( Maybe Tomcat don't see my custom LoginModule class ? I put with other class in my WEB-INF/classes directory of my webapp.
Actions
4. Re: Form and custom LoginModule : ClassCastException

matthieugd Nov 21, 2006 4:31 AM (in response to matthieugd)

I've find my problem : I change the UseJBossWebLoader attribut to true in the jboss-service.xml file from the jbossweb-tomcat55.sar\META-INF directory to be sure that Tomcat can load my class.

From documentation :
http://wiki.jboss.org/wiki/Wiki.jsp?page=ClassLoadingConfiguration

Matthieu
Actions

Go to original post