4 Replies Latest reply on Apr 7, 2011 4:40 PM by samyers

How to deploy a custom login module in JBoss AS 5.1

sacha Mar 1, 2011 4:42 AM

Hi all,

My problem is very simple. I use the JBoss LDAPLoginModule and it works i can see it in the log of my LDAP server. But when i try to use my own login module it does'nt work.

This is the code of my LoginModule he is very simple because i want to be sure that he works before implementing the complete methods :

import java.util.Map;
 
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;
import org.jboss.security.auth.spi.LdapLoginModule;
import org.Myapp.portal.logger.PortalLogger;
 
public class MyApp_LdapLoginModule extends LdapLoginModule 
{
    private static PortalLogger logger = new PortalLogger(MyLoginModule.class);
    @Override
    public boolean login() throws LoginException 
    {
        boolean response = super.login();
        logger.debug("Login");
        return response;
    }
 
    public void initialize(Subject subject, CallbackHandler CallbackHandler, Map sharedState, Map options)
    {
        logger.debug("Initialize");
        super.initialize(subject, CallbackHandler, sharedState, options);
    }
 
    public boolean commit() throws LoginException
    {
        logger.debug("Commit");
        return super.commit();
    }
 
    public boolean abort() throws LoginException
    {
        logger.debug("Abort");
        return super.abort();
    }    
 
    public boolean logout() throws LoginException
    {
        logger.debug("Logout");
        return super.logout();
    }
}

In the login-config.xml i've just replace this line :

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">

By this one :

<login-module code="org.MyApp.security.MyApp_LdapLoginModule" flag="required">

And my class MyApp_LdapLoginModule is in a Jar file. I've place this jar in JBoss_HOME/server/default/lib

The problem is that JBoss don't give me any error. He start normaly and when i start my application the Jboss server use the default policy for login.

<application-policy name="other">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>

</authentication>

</application-policy>

And never make any request to my loginModule or my LDAP server... I don't understand why the JBoss LoginModule works and mine don't.

I think JBoss can't find my Jar file. i have try all directory : default/deploy, JBoss_HOME/lib, common/lib etc...

Have you any idea ?

Best regards

1. How to deploy a custom login module in JBoss AS 5.1

wolfgangknauf Mar 1, 2011 11:34 AM (in response to sacha)

Hi,

first step to do would be: activate logging of the security layer. See here, question 4: http://community.jboss.org/wiki/SecurityFAQ
This should tell you whether there were e.g. configuration errors in the login config.

Best regards
1 of 1 people found this helpful
Actions

2. Re: How to deploy a custom login module in JBoss AS 5.1

sacha Mar 2, 2011 4:37 AM (in response to wolfgangknauf)

Hi,

Thanks for your reply.

I activate the logging. I have add this line in my jboss-log4J.xml

</category>

</category>

</category>

I get this log : Jboss can't initialize my LoginModule...

LoginModule Class: org.openea.security.OpenEA_LdapLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:
name=uidAttributeID, value=member
name=java.naming.security.authentication, value=simple
name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory
name=matchOnUserDN, value=true
name=java.naming.provider.url, value=ldap://192.168.254.129/
name=searchTimeLimit, value=5000
name=rolesCtxDN, value=ou=Roles,dc=arismore,dc=com
name=principalDNSuffix, value=,ou=People,dc=arismore,dc=com
name=principalDNPrefix, value=uid=
name=roleAttributeIsDN, value=false
name=searchScope, value=ONELEVEL_SCOPE
name=roleAttributeID, value=cn
 
2011-03-02 10:32:58,478 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-2) Setting threadlocal:null
2011-03-02 10:32:58,478 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-2) Setting threadlocal:null
2011-03-02 10:32:58,478 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-0.0.0.0-8080-2) Une exception ou une erreur s'est produite dans le conteneur durant le traitement de la requï¿½te
java.lang.NoClassDefFoundError: Could not initialize class org.openea.security.OpenEA_LdapLoginModule
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:247)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:619)

If you have any idea...

Best regards

1 of 1 people found this helpful

3. Re: How to deploy a custom login module in JBoss AS 5.1

sacha Mar 2, 2011 5:14 AM (in response to sacha)

Hi,

I have found my error. The problem come from the creation of Logger class. She was not in the Jar. That is why JBoss can not instantiate my login module
who use this logger. My Login module works now.

Thanks you for your help Wolfgang

Best regards
Actions
4. Re: How to deploy a custom login module in JBoss AS 5.1

samyers Apr 7, 2011 4:40 PM (in response to sacha)

Hi, I'm getting the same error that says JBoss can not load my custom LoginModule. Where did you put your JAR, in the EAR or the app server lib directory? and what did you add to your EAR so the class loader could load your LoginModule? Thanks,

-- Steve
Actions

Go to original post