2 Replies Latest reply on Dec 22, 2004 2:56 PM by ricardoarguello

Problems with CallerIdentityLoginModule

rrhodes Nov 8, 2004 2:31 PM

I am trying to setup the CallerIdentityLoginModule to use with the JCA adapter for jakarta slide. I tested the ConfiguredIdentityLoginModule first, and that worked fine, but I keep getting a SecurityException when I switch to CallerIdentity.

I am using Slide as my user store, and I use a SlideLoginModule to authenticate the web applications. I want to then have the current logged-in user and credentials used whenever a JCA connection is created. I have verified that I am getting the correct principals from the SlideLoginModule.

I'm including here the error log and the login config.

Here is my login-config.xml. The configured identity is commented out.

<application-policy name = "myecaddyRealm">

<login-module code="com.greenmud.auth.SlideLoginModule" flag="required">
<module-option name="namespace">slide</module-option>
</login-module>

</application-policy>

<application-policy name = "webdavRealm">

<login-module code = "org.jboss.resource.security.CallerIdentityLoginModule" flag = "required">
<module-option name = "userName">root</module-option>
<module-option name = "password">root</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=WebDAV-Connector</module-option>
</login-module>

</application-policy>



Here is the error log:
java.lang.SecurityException: Invalid authentication attempt, principal=john
at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:666)
at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
at org.apache.webdav.connector.WebDAVConnectionFactory.getConnection(WebDAVConnectionFactory.java:56)
at org.apache.jsp.protected_.davtest_jsp._jspService(davtest_jsp.java:66)
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
at java.lang.Thread.run(Thread.java:595)

Thanks for any help
-Ryan Rhodes

1. Re: Bug in CallerIdentityLoginModule

rrhodes Nov 13, 2004 12:42 PM (in response to rrhodes)

I believe there is a bug in CallerIdentityLoginModule. I am using jboss-3.2.6. For testing, I switched to DatabaseServerLoginModule to authenticate the web application.

In the login method, on line 122, it has:
password = (char[]) o;

Everything worked when I changed this to:
String pass = (String) o;
password = pass.toCharArray();

Could someone confirm this?

Thanks for any help,
Ryan Rhodes
Actions
2. Re: Problems with CallerIdentityLoginModule

ricardoarguello Dec 22, 2004 2:56 PM (in response to rrhodes)

FIXED:
http://sourceforge.net/tracker/?group_id=22866&atid=376685&func=detail&aid=1067726
Actions

Go to original post