1 Reply Latest reply on Apr 28, 2011 10:29 AM by vejita_kc

    JBoss 4.2.3 -> 5.1.0, authentication problem

    vejita_kc

      Since it's my first post, I'd like to say "Hello everybody".

       

      Currently I'm migrating from JBoss 4.2.3 to JBoss 5.1.0 and I met problem with authentication. I have spent more than a week trying to solve it without result, so I decided to write here.

       

      I have application that uses JAAS to authentication. On server side there's custom module that extends UsernamePasswordLoginModule, there's also application's policy in login-config.xml that has defined this login-module.

      Standalone client uses ClientLoginModule, it uses this configuration: clientJaas { org.jboss.security.ClientLoginModule required; };

       

      Client is doing:

       

      LoginContext loginCtx = new LoginContext("clientJaas", someHandler);
      loginCtx.login();
      Subject subject = loginCtx.getSubject();
      subject.doAs(...) ;
      

       

      I copied application policy from 4.2.3, I upgraded client libraries using JBoss client directory.

       

      When I use my client app with JBoss 4.2.3, everything works fine, but problem appears when using JBoss 5.1.0. After starting client application, the first action is authenticated (also in log I can see my principal). But my second action always ends with 'Invalid User' exception. When tracing JBoss logs, I can see that this time it's null-principal (and exception is thrown in UserNamePasswordLoginModule)! When using JBoss 4 there is always correct principal in log.

       

      I'm really confused.. I heard about losing credentials because of bug in messaging, but installing HornetQ didn't help.

       

      I read security FAQ and I have a question: does using 'doAs' and LoginContext instead of SecurityClient still work? Or maybe there's another required step that slipped my mind?

       

      Please help me, I started losing my hair trying to find out what's wrong.

      Best regards,

      K.Cz.

        • 1. Re: JBoss 4.2.3 -> 5.1.0, authentication problem
          vejita_kc

          I found a solution, maybe it will help.

           

          Using subject.doAs(...) causes troubles. Each action to perform was provided as parameter to this method. First action allways succed but every next one - no. So it looks like jboss sx differs a little from its 4.2.3 implementation.

           

          Anyway the solution is not to use "subject.doAS"!

          Simply calling:

           

          loginContext.login();

           

          makes that every thread on client side is authenticated (more precisely: every thread in jvm instance - that's default value).

          And every next call will be authenticated..