Form and custom LoginModule : ClassCastException
matthieugd Nov 20, 2006 7:45 PMI want to use a custom LoginModule within a webapp with the FORM auth-method.
I write a LoginModule that extends AbstractServerLoginModule and configure the login module :
web.xml :
<login-config> <auth-method>FORM</auth-method> <realm-name>TestJaasLdapRealm</realm-name> <form-login-config> <form-login-page>/loginModule.jsp</form-login-page> <form-error-page>/loginError.jsp</form-error-page> </form-login-config> </login-config>
jboss-web.xml :
<jboss-web> <security-domain>java:/jaas/TestJaasLdapRealm</security-domain> </jboss-web>
ga-login-config-service.xml :
<server> <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig"> <attribute name="AuthConfig">ga-login-config.xml</attribute> <depends optional-attribute-name="LoginConfigService"> jboss.security:service=XMLLoginConfig </depends> <depends optional-attribute-name="SecurityManagerService"> jboss.security:service=JaasSecurityManager </depends> </mbean> </server>
ga-login-config.xml :
<policy> <application-policy name = "TestJaasLdapRealm"> <authentication> <login-module code = "com.sample.security.TestLoginModule" flag = "required"> <module-option name="additionalRole">Authenticated</module-option> </login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> </authentication> </application-policy> </policy>
But when I submit the form after being redirected I've this exception :
java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
And in the server.log :
2006-11-21 01:29:39,601 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing 2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler@16e1111 2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@12277ed 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false) 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory) 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.TimedCachePolicy, false) 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.util.TimedCachePolicy) 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@1e4605c 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.CachePolicy, false) 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.util.CachePolicy) 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@1e4605c 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.InvalidNameException, false) 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.Subject, false) 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@33cf0f 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@33cf0f 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added TestJaasLdapRealm, org.jboss.security.plugins.SecurityDomainContext@15ef45a to map 2006-11-21 01:29:39,616 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2006-11-21 01:29:39,616 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595)
I try and succed to use my custom LoginModule in a action struts trough the LoginContext("TestJaasLdapRealm", ...) object. But I would like to use a automatic feature within the webcontainer.
Matthieu