Hello,

I am using Jboss Sx for JAAS Authentication, I have 3 LoginModule i.e. DatabaseServerLoginModule , ClientLoginModule and UsernamePasswordLoginModule.

I get authenticate when I in login into the application with the DatabaseServerLoginModule. After which when I do doesUserHaveRole on JaasSecurityManagerServiceMBean, and I supply the principal. I get a NullPointerException thrown from the UsernamePasswordLoginModule.

I have enabled useFirstPass on DatabaseServerLoginModule and UsernameLoginModule, but not enabled the same on ClientLoginModule.

After the NullPointer exception the abort method is invoked.

I have extended the UsernameLoginModule and overriden "getUsersPassword" and "getRolesSet".

I am using Jboss.5.1.0 server and the jbosssx-client.jar version is 2.0.3 SP1.

Please find the stack trace attached.

2010-07-29 19:42:36,335 TRACE [RMI TCP Connection(386)-172.21.176.180]-[org.jboss.security.plugins.auth.JaasSecurityManagerBase.main] Login failure
javax.security.auth.login.LoginException: java.lang.NullPointerException
    at org.jboss.security.auth.spi.Util.createPasswordHash(Util.java:382)
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:457)
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:243)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
    at org.jboss.security.plugins.JaasSecurityManagerService.doesUserHaveRole(JaasSecurityManagerService.java:393)
    at sun.reflect.GeneratedMethodAccessor745.invoke(Unknown Source)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
    at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
    at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
    at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
    at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:288)
    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
    at $Proxy348.doesUserHaveRole(Unknown Source)

Please find my jaas:application properties.

<jaas:application-policy name="main">
       <jaas:authentication>                   
      <jaas:login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"  flag="required">
        <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
        <jaas:module-option name="hashAlgorithm">MD5</jaas:module-option>
        <jaas:module-option name="hashEncoding">base64</jaas:module-option>
        <jaas:module-option name="dsJndiName">java:/jdbc/testDB</jaas:module-option>
        <jaas:module-option name="principalsQuery">select password from User where binary name = ?</jaas:module-option>
        <jaas:module-option name="rolesQuery">select r.name, 'Roles' from Role,User u where u.name = ?</jaas:module-option>
      </jaas:login-module>
      <!--  Logging to a log file -->
      <jaas:login-module code="com.security.usermanagement.impl.LoggingLoginModule"
         flag="required">
         <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
      </jaas:login-module>
      <!--  Keeps #failedLogins,lastFailedLoginDate and lastSuccessLoginDate up to date -->
      <jaas:login-module code="com.security.usermanagement.impl.UpdateUserInfoLoginModule"
         flag="required">
         <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
         <jaas:module-option name="dsJndiName">java:/jdbc/testDB</jaas:module-option>
      </jaas:login-module>
      <!-- Associates the credentials to the current thread, we need this -->
      <jaas:login-module code="org.jboss.security.ClientLoginModule"
         flag="required">
         <!-- it will look for an existing password and not go for authentication -->
      </jaas:login-module>
       </jaas:authentication>
    </jaas:application-policy>

Can you please give me some clue why this behaviour.

Thanks & Warm Regards,

Anand.