9 Replies Latest reply on Aug 28, 2002 4:41 AM by pvamstel

    javax.security.auth.login.FailedLoginException: Password In

    pvamstel

      I am deploying someone elses code. So this question is going to be very stupid.

      - I have addes users.properties and roles.properties to the server/deploy/conf directory.
      And i am trying all sorts of combinations of user names and passwords. But none of them seem to be correct. In which files do i need to add stuff.

      All hints / help are welcome

        • 1. Re:  javax.security.auth.login.FailedLoginException: Passwor

          If you are deploying you application in a jar-file, you might want to include your .properties files in this, without path. Since your .jar will be in the classpath when running in JBoss, your .properties files will also be found.

          • 2. Re:  javax.security.auth.login.FailedLoginException: Passwor
            pvamstel

            Jboss is finding my user.properties and roles.properties just fine. But he is not finding my user=password combinations ok

            users.properties

            sa=sa
            guest=rubadub
            user=password
            guest=guest

            roles.properties

            user=Admin
            sa=Admin
            guest=Admin

            I just want to be able tu use a very simple authentication something (Sorry but here my knwoledge stops.)

            Is there a default user / password combination

            • 3. Re:  javax.security.auth.login.FailedLoginException: Passwor

              What version are you running?
              There should be an auth.conf or login-config.xml (or both) in your ...server\default\conf-directory. This defines what login-module you are using.

              You must use a login-module that actually uses users.properties and roles.properties to authenticate and authorize. As an example the built in module "org.jboss.security.auth.spi.UsersRolesLoginModule"does that. Now your beans must be set up to use this login-module.

              The default login-config.xml has the following entry:

              <application-policy name = "other">

              <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required" />

              </application-policy>


              To use application-policy "other", and thereby the UsersRolesLoginModule, you need the following in your jboss.xml - deployment description:


              <security-domain>java:/jaas/other</security-domain>
              ...


              Hope this helps, and that my explanation is in some way understandable. I am not an expert in this myself :-)

              • 4. Re:  javax.security.auth.login.FailedLoginException: Passwor
                pvamstel

                I've done this.

                But jboss is still complaining about no matching user password. Which ones are valid

                Help Help Help Help

                (P.S. I'm using jboss 3)

                • 5. Re:  javax.security.auth.login.FailedLoginException: Passwor

                  How is your client doing the login?

                  • 6. Re:  javax.security.auth.login.FailedLoginException: Passwor
                    pvamstel

                    I've been reading and reading but it is still a puzzle
                    Here is the java class that initializes the login context and calls the login method.

                    And the call back handler....



                    package com.anachron.security.authentication;

                    import javax.security.auth.login.LoginContext;
                    import javax.security.auth.login.LoginException;
                    import javax.security.auth.*;

                    import java.util.*;

                    public class Authenticator {

                    private LoginContext m_loginContext;

                    public Authenticator(String moduleName, String loginName, String password, String siteName) throws LoginException {

                    System.out.println("Authenticator:init() - creating authenticator for " +
                    "moduleName = " + moduleName +
                    " loginName = " + loginName +
                    " password = " + password +
                    " siteName = " + siteName);
                    LoginContext lc = new LoginContext(moduleName, new AnachronCallbackHandler(loginName, password, siteName));

                    m_loginContext = lc;
                    if (lc == null)
                    {
                    System.out.println("Authenticator:init - login context is null");
                    }

                    System.out.println("Authenticator:init() - login context created");

                    }

                    public void login() throws LoginException {

                    System.out.println("Authenticator:login() - calling login on the login context");
                    try
                    {
                    m_loginContext.login();
                    }catch (LoginException le)
                    {
                    System.err.println("Authenticator:login - LoginException " + le.toString());
                    throw(le);
                    }
                    System.out.println("Authenticator:login - user logged in");

                    }

                    public void logout() throws LoginException {

                    m_loginContext.logout();

                    }

                    public AuthenticatedUser getAuthenticatedUser() {

                    Subject subject = m_loginContext.getSubject();

                    if (subject == null) {
                    return null;
                    }

                    Set principals = subject.getPrincipals(AnachronPrincipal.class);

                    if (principals == null || principals.size() == 0) {
                    return null;
                    }

                    return new AuthenticatedUser((AnachronPrincipal)principals.iterator().next());

                    }

                    public Subject getSubject() {

                    return m_loginContext.getSubject();

                    }

                    public static void main(String[] args) {

                    try {

                    Authenticator test = new Authenticator("Anachron", args[0], args[1], args[2]);
                    test.login();
                    System.out.println("Authentication succeeded for " + test.getAuthenticatedUser());
                    test.logout();

                    } catch (Exception e) {
                    e.printStackTrace();
                    }
                    }
                    }



                    package com.anachron.security.authentication;

                    import java.util.*;
                    import java.io.IOException;
                    import javax.security.auth.*;
                    import javax.security.auth.callback.*;
                    import javax.security.auth.login.*;
                    import javax.security.auth.spi.*;

                    public class AnachronCallbackHandler implements CallbackHandler {

                    private String m_loginName;

                    private String m_password;

                    private String m_siteName;

                    public AnachronCallbackHandler(String loginName, String password, String siteName) {
                    System.out.println("AnachronCallbackHandler::AnachronCallbackHandler() - init");
                    m_loginName = loginName;
                    m_password = password;
                    m_siteName = siteName;

                    }

                    public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
                    System.out.println("AnachronCallbackHandler::handle() - start");
                    for (int i = 0; i < callbacks.length; i++) {

                    if (callbacks instanceof NameCallback) {

                    NameCallback cb = (NameCallback)callbacks
                    ;
                    cb.setName(m_loginName);

                    } else if (callbacks instanceof PasswordCallback) {

                    PasswordCallback cb = (PasswordCallback)callbacks
                    ;
                    cb.setPassword(m_password.toCharArray());

                    } else if (callbacks instanceof SiteCallback) {

                    SiteCallback cb = (SiteCallback)callbacks
                    ;
                    cb.setSiteName(m_siteName);

                    } else {
                    throw new UnsupportedCallbackException(callbacks,
                    "AnachronCallbackHandler:handle - Unrecognized Callback " +
                    callbacks
                    .toString());

                    }

                    }

                    }
                    }

                    • 7. Re:  javax.security.auth.login.FailedLoginException: Passwor
                      pvamstel

                      Added the following lines to my login-config.xml

                      <application-policy name = "Anachron">

                      <login-module code = "org.jboss.security.ClientLoginModule"
                      flag = "required">
                      </login-module>

                      </application-policy>


                      And it seems to work a bit better.

                      But now i do not get back a subject.getPrincipals(Some class)

                      Any hints

                      I'll keep u posted

                      grt Patrick

                      • 8. Re:  javax.security.auth.login.FailedLoginException: Passwor
                        pvamstel

                        I'm still batteling along with the JAAS stuff

                        In the code is a line
                        Set principals = subject.getPrincipals(AnachronPrincipal.class);

                        This returns a null.

                        Where does JBOSS reads its principals from???

                        • 9. Re:  javax.security.auth.login.FailedLoginException: Passwor
                          pvamstel

                          Sorry my fault

                          I had to add the ldap module to the login.xml