5 Replies Latest reply on Feb 8, 2011 6:29 PM by richard.clayton

    JBoss 6 use of AuthenticatorBase

    javaspack

      I have a class that extends org.apache.catalina.authenticator.AuthenticatorBase. It has worked fine for JBoss 4.0, 4.2, 5.x and even 6 M1.

       

      But now it doesn't work in either 6 M2 or M3 and it appears it is because the signature for both the authenticate and register methods have changed. For both cases it appears the Response class has been changed to wanting an HttpServletResponse.

       

      Unfortunately, I haven't been able to actually find the source code that does this. I have downloaded the source code for all JBoss 6 milestones, but no AuthenticatorBase class. I even downloaded that latest source for JBossWeb, but the AuthenticatorBase class uses the signatures I expect.

       

       

       

      2010-05-25 18:13:13,237 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-10.5.37.89-8080-1) An exception or error occurred in the
      container during the request processing: java.lang.AbstractMethodError: org.apache.catalina.authenticator.AuthenticatorBase.authenticate
      (Lorg/apache/catalina/connector/Request;Ljavax/servlet/http/HttpServletResponse;Lorg/apache/catalina/deploy/LoginConfig;)Z
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.0.0.20100429-M3]
          at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:95) [:6.0.0.20100429-M3]

       

      Is there are a reason for this change? or is this a bug?

        • 1. Re: JBoss 6 use of AuthenticatorBase
          javaspack

          This change appears to be intentional, though I can't find any actual source. I assumed that JBoss AS was using the JBossWeb code for the jbossweb.sar that is uses. So I looked at the code for JBossWeb 2.1.4 and 2.1.2 (2.1.3 doesn't exist). That code all looks as I would expect.

           

          I even checked the Tomcat code that this is supposed to have forked from (6.0.13 and 6.0.16), but that code was the same.

           

          As a last resort, I have decompile the code from the jbossweb.jar that comes inside the jbossweb.sar that ships with JBoss 6. It shows that the AuthenticatorBase class has the new signature:

           

            protected abstract boolean authenticate(Request request, HttpServletResponse response, LoginConfig config)

          instead of the old signature:

           

            protected abstract boolean authenticate(Request request, Response response, LoginConfig config)

          Within that directory, the classes that extend AuthenticatorBase have been changed to handle this.

           

          The real question is this: Since org.apache.catalina.connector.Response (the original class) extends HttpServletResponse, this seems like a fairly minor change to break backward compatibility. Out so out of the blue between M1 and M2. Can it be changed back?

          • 2. Re: JBoss 6 use of AuthenticatorBase
            anil.saldhana

            I pinged and found that they (Tomcat folks) made this change for Servlet3.  The ship has sailed.  I wish they had introduced a new method and deprecated the previous method (rather than just changing the signature).

             

            Any time you do any server integration, you tend to code into the implementation specific api (such as AuthenticatorBase) and are prone to changes.

            • 3. JBoss 6 use of AuthenticatorBase
              richard.clayton

              Anil,

               

              I'm sure you guys are busy, but did the status on this bug change?  I've just encountered this using the JBoss Negotiation Toolkit on the JBoss AS 6.0.0.FINAL distrobution.

               

              Richard

              • 4. Re: JBoss 6 use of AuthenticatorBase
                richard.clayton

                To anyone having this issue [compatible with both AS 5.1 and 6], there is an easy fix, but it's ghetto.  I should also metion that this is not the right way to do it, but it works.  The problem is that JBoss AS 6 was built on some wierd branch of the catalina library (6.0.0-6.0.09) in Tomcat.  Subsequent Tomcat versions (6.0.1x) have reverted back to the original signature that JBoss AS 5 was built on.  Unfortunately, you will not be able to just swap out the dependency in AS 6 to get Negotiation to work.  All of the other JBoss Authenticators were built on this intermediate version of Tomcat and will break.  This following changes allows both implementations (methods with signatures using Response and HttpServletResponse) to coexist on the same server.

                 

                Grab the source for the Negotiation Toolkit and make modifications to the following class:

                 

                org.jboss.security.negotiation.NegotiationAuthenticator

                 

                Create a new method

                 

                 

                protected boolean authenticate(final Request request, final HttpServletResponse response, 
                                               final LoginConfig config) throws IOException  {
                
                     return authenticate(request, (Response)response, config);
                }
                

                 

                 

                Change the orginal authenticate method; the change is made at the very end:

                 

                 

                if(principal == null)
                {
                   response.sendError(Response.SC_UNAUTHORIZED);
                }
                else 
                {
                   //Here's the mod
                   try {
                        register(request, (HttpServletResponse)response, 
                                 principal, authenticationMethod, username, null);
                   } catch(NoSuchMethodError e){
                        register(request, response, principal, authenticationMethod, username, null);
                   }
                }
                
                return (principal != null);
                }
                

                 

                 

                When I get back from work tonight, I will submit a working version of the jar and the fixed class.

                • 5. Re: JBoss 6 use of AuthenticatorBase
                  richard.clayton

                  Sorry it tooks so long to upload these files.  I will be posting a more comprehensive article about this topic on my blog: http://www.gettingcirrius.com/

                   

                  You will find the Eclipse Project (zip without dependencies) and the fixed JAR attached to this post.