3 Replies Latest reply on Feb 20, 2009 7:46 AM by wolfgangknauf

different security domain i servlet init method (deploy orde

mikala Feb 19, 2009 4:40 AM

Hello !!!

When I starting jboss 5.0GA with my ear deployed, and when servlet running init() method which calling ejb 2.0 session bean, jboss using different
login module (UsersRolesLoginModule) other then I defined for my application (MyLoginModule), but when I redeploy ear (application is deployed as unpacked ear) changing application.xml (adding space char) everything is OK.
Why jboss use different security domains ?
My servlet init code fragment:

...

Properties env = new Properties();
env.setProperty(Context.SECURITY_PRINCIPAL, "system");
env.setProperty(Context.SECURITY_CREDENTIALS, "...");
env.setProperty(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.security.jndi.JndiLoginInitialContextFactory");
InitialContext ctx = new InitialContext(env);
Object home = ctx.lookup(JNDI_NAME);

// here jboss uses "other" security domain:
executorEjb = ((CommandControllerLocalHome) home).create();


executorEjb.execute(".......");
...

<application-policy name="mydomain">
 <authentication>
 <login-module code="org.mikala.MyLoginModule" flag="required">
 <module-option name="unauthenticatedIdentity">anonymous</module-option>
 </login-module>
 </authentication>
</application-policy>

application.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-app
 PUBLIC "-//JBoss//DTD J2EE Application 1.4//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-app_4_0.dtd">
<jboss-app>
 <security-domain>java:/jaas/mydomain</security-domain>
</jboss-app>

jboss.xml:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss PUBLIC
 "-//JBoss//DTD JBOSS 4.0//EN"
 "http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
<jboss>
 <security-domain>java:/jaas/mydomain</security-domain>
 <enterprise-beans>
 <session>
 <ejb-name>MyCommandController</ejb-name>
 <jndi-name>my/CommandController</jndi-name>
 <local-jndi-name>my/CommandControllerLocal</local-jndi-name>
 </session>
 </enterprise-beans>
</jboss>

jboss-web.xml:

<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE jboss-web PUBLIC
 "-//JBoss//DTD Web Application 2.4//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
<jboss-web>
 <security-domain>java:/jaas/mydomain</security-domain>
 <ejb-ref>
 <ejb-ref-name>my/CommandController</ejb-ref-name>
 <jndi-name>my/CommandController</jndi-name>
 </ejb-ref>
 <ejb-local-ref>
<ejb-ref-name>my/CommandControllerLocal</ejb-ref-name>
<local-jndi-name>my/CommandControllerLocal</local-jndi-name>
 </ejb-local-ref>
<depends>jboss.j2ee:jndiName=my/CommandController,service=EJB</depends>
</jboss-web>

When I starting jboss, I heave exception:

09:16:19,837 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
 at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
 at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
 at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
 at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
 at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
 at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:76)
 at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:543)
 at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:541)
 at java.security.AccessController.doPrivileged(Native Method)
 at org.jboss.ejb.plugins.SecurityActions.isValid(SecurityActions.java:539)
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:314)
 at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
 at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)
 at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
 at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
 at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
 at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
 at org.jboss.ejb.Container.invoke(Container.java:1046)
 at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
 at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
 at $Proxy101.create(Unknown Source)
 at org.mikala.web.servlet.ControllerServlet.init(ControllerServlet.java:43)
 at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
 at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:950)
 at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4122)
 at org.apache.catalina.core.StandardContext.start(StandardContext.java:4421)
 at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:367)
 at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:146)
 at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:460)
 at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
 at org.jboss.web.deployers.WebModule.start(WebModule.java:96)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
 at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
 at $Proxy36.start(Unknown Source)
 at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
 at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
 at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
 at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
 at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
 at org.jboss.system.ServiceController.start(ServiceController.java:460)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy98.start(Unknown Source)
 at org.jboss.ejb.EjbModule.startService(EjbModule.java:511)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:322)
 at sun.reflect.GeneratedMethodAccessor106.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:585)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
 at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:189)
 at $Proxy36.start(Unknown Source)
 at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
 at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
 at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
 at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
 at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
 at org.jboss.system.ServiceController.start(ServiceController.java:460)
 at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:146)
 at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:104)
 at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:45)
 at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
 at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
 at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
 at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
 at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
 at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
 at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
 at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
 at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
 at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:545)
 at org.jboss.system.server.profileservice.ProfileServiceBootstrap.loadProfile(ProfileServiceBootstrap.java:304)
 at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:205)
 at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:405)
 at org.jboss.Main.boot(Main.java:209)
 at org.jboss.Main$1.run(Main.java:547)
 at java.lang.Thread.run(Thread.java:595)
09:16:19,847 ERROR [SecurityInterceptor] Error in Security Interceptor
java.lang.SecurityException: Authentication exception, principal=system
 at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)
 at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
 at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
 at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)

How to deploy my application ? Any idea ?

1. Re: different security domain i servlet init method (deploy

wolfgangknauf Feb 19, 2009 6:20 AM (in response to mikala)
Hi,

env.setProperty(Context.SECURITY_PRINCIPAL, "system"); env.setProperty(Context.SECURITY_CREDENTIALS, "..."); env.setProperty(Context.INITIAL_CONTEXT_FACTORY,"org.jboss.security.jndi.JndiLoginInitialContextFactory");

does not work any more in JBoss 5 as far as I know.

Use this:
SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("user", "mypass"); client.login()

(see http://www.jboss.org/index.html?module=bb&op=viewtopic&t=144021, third post)

Hope this helps

Wolfgang
Actions
2. Re: different security domain i servlet init method (deploy

mikala Feb 19, 2009 8:27 AM (in response to mikala)
"Wolfgang Knauf" wrote:

Use this:
SecurityClient client = SecurityClientFactory.getSecurityClient(); client.setSimple("user", "mypass"); client.login()

Thanks for reply
When I using your sample code I have the same exception:
13:36:54,291 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) . . .

When I call from servlet init my ejb session bean (ejb version 2!!!) I have security exception (jboss using different security domain,not which I declared).
I declared security domain "mydomain" with "MyLoginModule" (in jboss-app.xml and in jboss.xml, jboss-web.xml) but jboss using "other" security domain with "UsersRolesLoginModule".
I don't know why.

When I try to call ejb session bean (version 3) from servlet init method everything is ok.

When i have running jboss and i redeploy my application (on runnig jboss I change for example application.xml) servlet init CAN CALL !!! ejb 2 method using my security domain.

I thing, problem is, with deployment order ? I don't know.
Actions
3. Re: different security domain i servlet init method (deploy

wolfgangknauf Feb 20, 2009 7:46 AM (in response to mikala)

Sorry, I didn't see that you use a servlet, but thought it would be an application client (as creating an InitialContext with explicit properties is normally only used for remote clients).

With a servlet, you could use also the class "WebAuthentication", see
http://www.jboss.org/community/docs/DOC-12656

For the error message: take a look at the security FAQ (sticky post), question 4. This tells you how to activate TRACE logging for the security layer, and this logging should tell you why JBoss does not use your login module.

Maybe your servlet is deployed before the login module is initialized. If yes, you could define a deployment dependency using the @Depends annotation.

Best regards

Wolfgang
Actions

Go to original post