3 Replies Latest reply on Jan 7, 2010 5:12 PM by shavidh

[JBoss 6.0 M1] javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

longbeach Jan 1, 2010 7:25 AM

Hi,
Happy new year.

I have a problem when i try to log on a LDAP server through some Java code, using the LdapExtLoginModule login module in JBoss 6.O M1.

Here is my login-config.xml file :


<application-policy name="venteEnLigne_domaine_LDAP">  
         <authentication>  
             <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >  
                 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>  
                 <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>  
                 <module-option name="java.naming.security.authentication">simple</module-option>  
                 <module-option name="bindDN">uid=admin,ou=system</module-option>  
                 <module-option name="bindCredential">secret</module-option>  
                  <module-option name="baseCtxDN">ou=users,ou=system</module-option>  
                              <module-option name="baseFilter">(sAMAccountName={0})</module-option>  
                                  <module-option name="roleFilter">(member={1})</module-option>  
                 <module-option name="searchScope">ONELEVEL_SCOPE</module-option>  
                 <module-option name="allowEmptyPasswords">false</module-option>  
           </login-module>  
         </authentication>  
     </application-policy>

Here is my Java code to connect to the LDAP server :

 
SecurityClient securityClient;  
securityClient = SecurityClientFactory.getSecurityClient();  
securityClient.setSimple("log6", "pwd6");     
securityClient.login();

Here is the log of the server when i start it :


etAppConfigurationEntry(venteEnLigne_domaine_LDAP), authInfo=AppConfigurationEntry[]:  
[0]  
LoginModule Class: org.jboss.security.auth.spi.LdapExtLoginModule  
ControlFlag: LoginModuleControlFlag : required  
Options:  
name=baseFilter, value=(sAMAccountName={0})  
name=java.naming.security.authentication, value=simple  
name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory  
name=allowEmptyPasswords, value=false  
name=roleFilter, value=(member={1})  
name=bindCredential, value=****  
name=bindDN, value=uid=admin,ou=system  
name=java.naming.provider.url, value=ldap://localhost:10389  
name=baseCtxDN, value=ou=users,ou=system  
name=searchScope, value=ONELEVEL_SCOPE

And here is the log when i attempt to connect with the previous Java code :


2010-01-01 13:13:56,714 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) initialize  
2010-01-01 13:13:56,714 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) Security domain: venteEnLigne_domaine_LDAP  
2010-01-01 13:13:56,714 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) login  
2010-01-01 13:13:56,714 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) Authenticating as unauthenticatedIdentity=null  
2010-01-01 13:13:56,714 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) Bad password for username=null  
2010-01-01 13:13:56,715 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (WorkerThread#0[127.0.0.1:51632]) abort  
2010-01-01 13:13:56,715 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.venteEnLigne_domaine_LDAP] (WorkerThread#0[127.0.0.1:51632]) Login failure  
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required  
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)  
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)  
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)  
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)  
    at java.lang.reflect.Method.invoke(Unknown Source)  
    at javax.security.auth.login.LoginContext.invoke(Unknown Source)  
    at javax.security.auth.login.LoginContext.access$000(Unknown Source)  
    at javax.security.auth.login.LoginContext$4.run(Unknown Source)  
    at java.security.AccessController.doPrivileged(Native Method)  
    at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)  
    at javax.security.auth.login.LoginContext.login(Unknown Source)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)  
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)  
    at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:87)  
    at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:164)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:567)  
    at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)  
    at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)  
    at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)  
    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:897)  
    at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:768)  
    at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:721)  
    at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)  
    at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)  
2010-01-01 13:13:56,715 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.venteEnLigne_domaine_LDAP] (WorkerThread#0[127.0.0.1:51632]) End isValid, false  
2010-01-01 13:13:56,719 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (WorkerThread#0[127.0.0.1:51632]) [Error]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=sauver;  
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required  
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)  
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)  
    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)  
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)  
    at java.lang.reflect.Method.invoke(Unknown Source)  
    at javax.security.auth.login.LoginContext.invoke(Unknown Source)  
    at javax.security.auth.login.LoginContext.access$000(Unknown Source)  
    at javax.security.auth.login.LoginContext$4.run(Unknown Source)  
    at java.security.AccessController.doPrivileged(Native Method)  
    at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)  
    at javax.security.auth.login.LoginContext.login(Unknown Source)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)  
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)  
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)  
    at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:87)  
    at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:164)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86)  
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)  
    at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:567)  
    at org.jboss.ejb3.session.InvokableContextClassProxyHack._dynamicInvoke(InvokableContextClassProxyHack.java:53)  
    at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:91)  
    at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)  
    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:897)  
    at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:768)  
    at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:721)  
    at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548)  
    at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234)

That's very strange because i can connect with that use using

DirContext context = new InitialDirContext(env); // env is an Hashmap with the correct options

How come it ignores the password, says it's incorrect / missing ?

Thanks for helping.

1. Re: [JBoss 6.0 M1] javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

longbeach Jan 1, 2010 7:35 AM (in response to longbeach)

Also, here is the LDFI that I injected in Apache DS :

# Utilisateur: log1

dn: uid=log1,ou=users,ou=system
cn: Jean Azerty
sn: Azerty
givenname: Jean
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Ressources Humaines
ou: Personnes
l: Versailles
uid: system
mail: log1@eni.fr
telephonenumber: +1 43 56 33 33
facsimiletelephonenumber: +1 43 51 33 33
roomnumber: 1233
userPassword: pwd1

# Utilisateur: log2

dn: uid=log2,ou=users,ou=system
cn: Jeanne Cleter
sn: Cleter
givenname: Jeanne
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Ressources Humaines
ou: Personnes
l: Tours
uid: log2
mail: log2@eni.fr
telephonenumber: +1 41 56 33 33
facsimiletelephonenumber: +1 40 51 33 33
roomnumber: 4613
userPassword: pwd2

# Utilisateur: log6

dn: uid=log6,ou=users,ou=system
cn: Bob qwerty
sn: qwerty
givenname: Bob
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Ressources Humaines
ou: Personnes
l: Bordeaux
uid: log6
mail: log6@eni.fr
telephonenumber: +1 42 56 73 33
facsimiletelephonenumber: +1 48 56 33 33
roomnumber: 6592
userPassword: pwd6

# Utilisateur: log7

dn: uid=log7,ou=users,ou=system
cn: Marc Doter
sn: Doter
givenname: Bob
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Ressources Humaines
ou: Personnes
l: Clamart
uid: log7
mail: log7@eni.fr
telephonenumber: +1 42 56 73 33
facsimiletelephonenumber: +1 48 56 33 33
roomnumber: 6592
userPassword: pwd7

# Groupe: administrateur A

dn: cn=A,ou=groups,ou=system
objectClass: groupOfUniqueNames
uniqueMember: uid=log6,ou=users,ou=system
cn: A

# Groupe: Gestionnaire G

dn: cn=G,ou=groups,ou=system
objectClass: groupOfUniqueNames
uniqueMember: uid=log7,ou=users,ou=system
cn: G

# Groupe: client C

dn: cn=C,ou=groups,ou=system
objectClass: groupOfUniqueNames
uniqueMember: uid=log1,ou=users,ou=system
uniqueMember: uid=log2,ou=users,ou=system
cn: C

Thanks for helping
Actions
2. Re: [JBoss 6.0 M1] javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

longbeach Jan 1, 2010 1:53 PM (in response to longbeach)

I fixed it, the login-config.xml was not well configured.
Actions
3. Re: [JBoss 6.0 M1] javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

shavidh Jan 7, 2010 5:12 PM (in response to longbeach)

I am having a similar issue with the ldap module. what fix did you make in the login-config.xml to correct it ?

Thanks.
Actions

Go to original post