1 2 Previous Next 22 Replies Latest reply on Jun 8, 2011 3:37 PM by wolfgangknauf

    How to config auth.conf file into the client classpath?

    fernandoaugusto

      Hi folks

      I'm studing EJB and the book (JBoss AS Development) is telling me to config auth.conf file into the client classpath.

      other {
      org.jboss.security.ClientLoginModule required;
      };
      The org.jboss.security.ClientLoginModule is an implementation of a LoginModule used by JBoss clients for the establishment of the caller identity and credentials. The above configuration needs to be stored in an auth.conf file whose directory is included into the client classpath.

       

      I'm not generate jar file....I'm just running app client using eclipse....How do I do this?

      Best regards.

        • 1. Re: How to config auth.conf file into the client classpath?
          wolfgangknauf

          Hi,

           

          in the "Run configuration" of your app, add this java argument (note: in a standard ApplicationClient project created by Eclipse, place the file in "appClientModule/META-INF/"):

           

            -Djava.security.auth.login.config=appClientModule/META-INF/auth.conf

           

          See this screenshot (as the containing page is in German, I directly link to the relevant image):

          http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/security/appclientrun.png

           

          Best regards

           

          Wolfgang

          • 2. Re: How to config auth.conf file into the client classpath?
            fernandoaugusto

            Hi

             

            I set my appClientModule called contato-desktop like this: -Djava.security.auth.login.config=contato-desktop/META-INF/auth.conf

            but did not work !  Still showing the exception javax.ejb.EJBAccessException: Invalid User.

            Any suggestions?



            • 3. Re: How to config auth.conf file into the client classpath?
              wolfgangknauf

              Well, "Invalid User" exception might have a whole lot of reasons ;-).

               

              So, could you please provide more details about your project? How does the client log in? How is security configured?

               

              You might also activate logging of the security layer. See http://community.jboss.org/wiki/SecurityFAQ - question 4. This might provide you more information on the login failure.

               

              Best regards

               

              Wolfgang

              • 4. Re: How to config auth.conf file into the client classpath?
                fernandoaugusto

                Hi Wolfgang

                Thanks for help until now.... ..

                I've created an EJB application, JSF and swing desktop without authentication control and everything worked fine ..

                After that, I decided to use JBOSS authentication and I set up aorg.jboss.security.auth.spi.DatabaseServerLoginModule. The JSF and EJB application started using authentication with no errors. Very good !!! The problem was then swing application that came to call the ejb layer authentication....

                I did "Run configuration"  -Djava.security.auth.login.config=contato-desktop/META-INF/auth.conf  but still not working....

                Now that I set up the log as you have mentioned, and now Jboss give messages the following log ..

                 

                15:07:19,541 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.contato-seg] Login failure: javax.security.auth.login.FailedLoginException: No matching username found in Principals

                          at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:184) [:3.0.0.CR2]

                          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) [:3.0.0.CR2]

                          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_18]

                My swing application is passing the credentials as follows:

                                    try {

                                              SecurityClient client = SecurityClientFactory.getSecurityClient();

                                              client.setSimple("fernando", "123");

                                              client.login();

                                    } catch (Exception e1) {

                                              e1.printStackTrace();

                                    }

                                    .......

                                    try {

                                              remote = (PessoaBeanRemote) Sistema.getIc().lookup("contato-full/PessoaBean/remote");

                                              .......

                                              List<Pessoa> colecao = remote.getPessoas();

                                              ...............         

                                    } catch (NamingException e) {

                                              JOptionPane.showMessageDialog(this, e.getMessage());

                                    }

                 

                I keep getting the exception - javax.ejb.EJBAccessException: Invalid User.

                To me it seems that the swing application is not sending the credentials in the calling thread ejb layer .....

                What I forgot to do

                Regards.


                • 5. Re: How to config auth.conf file into the client classpath?
                  wolfgangknauf

                  Hi,

                   

                  the console log should also show the SQL statements of the DatabaseServerLoginModule. Maybe there's something wrong in the data?

                   

                  Best regards

                   

                  Wolfgang

                  • 6. Re: How to config auth.conf file into the client classpath?
                    fernandoaugusto

                    I think the data is ok because I'm using it (fernando, 123) to authenticate the JSF layer and everything works fine.....(I'm using HTTP BASIC)

                    I think I'm doing something wrong here in swing client layer....

                    • 7. Re: How to config auth.conf file into the client classpath?
                      wolfgangknauf

                      Hi Fernando,

                       

                      I see that you use "setSimple" for the security client. Could you try a JAAS login (see http://community.jboss.org/wiki/SecurityFAQ - question 10).

                       

                      And here is a small snippet which shows also the callback handler:

                            AppCallbackHandler callbackHandler = new AppCallbackHandler("user", "password");

                            LoginContext loginContext = new LoginContext ("name_from_auth_conf", callbackHandler);

                            loginContext.login();

                       

                      And "auth.conf" might look like this:

                      name_from_auth_conf {

                         // jBoss LoginModule

                         org.jboss.security.ClientLoginModule  required

                         ;

                      };

                       

                      It seems the simple login is just ignoring "auth.conf".

                       

                      Hope this helps

                       

                      Wolfgang

                      • 8. Re: How to config auth.conf file into the client classpath?
                        fernandoaugusto

                        Hi Wolfgang

                         

                        I read and set up the call via JAAS like you told me...but still did not work .... now an exception occurs when loading the LoginContext here:  LoginContext loginContext = new LoginContext ("loginconfigname", callbackHandler);

                        java.lang.SecurityException: D:\workspace\contato-desktop\META-INF\auth.conf (No such file or directory)

                                  at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)

                                  at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                                  at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

                                  at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

                                  at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

                                  at java.lang.Class.newInstance0(Class.java:355)

                                  at java.lang.Class.newInstance(Class.java:308)

                                  at javax.security.auth.login.Configuration$3.run(Configuration.java:247)

                                  at java.security.AccessController.doPrivileged(Native Method)

                                  at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)

                                  at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)

                                  at java.security.AccessController.doPrivileged(Native Method)

                                  at javax.security.auth.login.LoginContext.init(LoginContext.java:234)

                                  at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)

                                  at contato.ContatoFrm.<init>(ContatoFrm.java:62)

                                  at contato.Programa.main(Programa.java:6)

                        Caused by: java.io.IOException: D:\workspace\contato-desktop\META-INF\auth.conf (No such file or directory)

                                  at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:195)

                                  at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)

                                  ... 15 more

                        log4j:WARN No appenders could be found for logger (org.jnp.interfaces.TimedSocketFactory).

                        log4j:WARN Please initialize the log4j system properly.

                        I tried to set the execution to find the file auth.conf several ways possible but did not work...My last attempt was: -

                        Djava.security.auth.login.config=${workspace_loc}\contato-desktop\META-INF\auth.conf

                         


                        I've tried to hard-code like this:

                         

                        Djava.security.auth.login.config=contato-desktop\META-INF\auth.conf

                        Sorry to bother you so much ... but I still can not make it work ...

                        Best Regard.


                        • 9. Re: How to config auth.conf file into the client classpath?
                          wolfgangknauf

                          Hi Fernando,

                           

                          every beginner asks "silly" questions at first - no problem ;-). Currently, I am in a similar situation for another JBoss subproject, where I started a long forum thread with a lot of beginner problems ;-).

                           

                          I assume that the file "D:\workspace\contato-desktop\META-INF\auth.conf" exists ;-)? And the content is valid?

                           

                          Do you use eclipse with the Web Tools Platform plugin (or something similar, like JBoss Tools)? If yes, then your application client project is probably of the "Application Client"? But your path does not match the paths for a "Application Client project". See e.g. this screenshot: http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/stateless/newapplication5.png - "StatelessClient" is such a client module, and here you see a directory "appClientModule" with a subdirectory "META-INF". Here the "auth.conf" should be placed.

                           

                          Another thing you might try: is "contato-desktop" the name of your project? In this case, it might work if you use the relativ URL:

                          -Djava.security.auth.login.config=META-INF\auth.conf

                           

                          Hope this helps

                           

                          Wolfgang

                          • 10. Re: How to config auth.conf file into the client classpath?
                            fernandoaugusto

                            Hi Wolfgang

                             

                            yes... "contato-desktop" is the name of my project! After many attempts I set like this -Djava.security.auth.login.config=appClientModule/META-INF/auth.conf and the exception stop!!!!!!  but when I swing client an EJB method with @RolesAllowed.... keep getting the same exception Invalid User...

                             

                            13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
                            13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: contato-seg
                            13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/contatoDS
                            13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select passwd from USERS where login=?
                            13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select role, 'Roles' from USER_ROLES where login=?
                            13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true
                            13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
                            13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=null
                            13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
                            13:16:10,253 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: null
                            13:16:10,254 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db
                            13:16:10,254 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
                            13:16:10,266 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
                            13:16:10,266 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.contato-seg] Login failure: javax.security.auth.login.FailedLoginException: No matching username found in Principals
                                      at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:184) [:3.0.0.CR2]
                                      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) [:3.0.0.CR2]
                            
                            

                            Below is the log when I do the authentication via JSF .. see the User Name comes toJBoss ... but not when called by the swing.

                             

                            13:09:33,582 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: fernando
                            13:09:33,866 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password
                            13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction
                            13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'fernando' authenticated, loginOk=true
                            13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true
                            13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: select role, 'Roles' from USER_ROLES where login=?, username: fernando
                            13:09:33,874 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction
                            13:09:33,875 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select role, 'Roles' from USER_ROLES where login=?, with username: fernando
                            13:09:33,911 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role gerente
                            13:09:33,911 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role funcionario
                            


                            I would like to thank your patience and said that before beginning to use JBoss I read the books: JBoss Develpment and JBoss in Action. But we know very well how the books do not have all the details .....

                            Any suggest?

                             

                            Best Regards.

                            • 11. Re: How to config auth.conf file into the client classpath?
                              fernandoaugusto

                              Hi Wolfgang

                              I replied exactly what you suggested in this post here http://community.jboss.org/thread/44124?tstart=0... but still did not work .... only difference is thatI'm using JBoss 6 and not 5.

                              User name is not going in the EJB layer:

                               

                              13:16:10,253 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: null


                              • 12. Re: How to config auth.conf file into the client classpath?
                                wolfgangknauf

                                Hi Fernando,

                                 

                                I have to admit that my security sample is JBoss 5 based, I never tested it with AS6. But I hope there was no breaking change. I will give it a try the next few days and will come back to you (If I don't do, feel free to remind me ;-) - but it might last until Sunday or even later).

                                 

                                Could you try to test your sample on JBoss 5? This should be possible if you don't use e.g. JavaEE6 features. If this is impossible or the app just works fine there, you might also try to reduce it to a minimal app which could be posted here. Sometimes it helps to start with a complete new project and thus avoid errors contained in the previous sample ;-).

                                 

                                Best regards

                                 

                                Wolfgang

                                • 13. Re: How to config auth.conf file into the client classpath?
                                  fernandoaugusto

                                  Hi Wolfgang

                                   

                                  I'm not using any features of JEE 6 and I'll test in JBoss 5 ... I'll post the result. I appreciate your help.

                                  • 14. Re: How to config auth.conf file into the client classpath?
                                    wolfgangknauf

                                    Hi Fernando,

                                     

                                    "unfortunately" my own security sample works with JBoss 6, too. So let's continue to analyze your project. Maybe JBoss 5 provides a more meaningful error message when something is wrong, or you find a way to reproduce it in a small sample.

                                     

                                    My own security sample can be found here (source code is German, but it should be simple enough: one secured EJB, a web client and an app client which perform login and test access to secured methods): http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/security/Security.ear

                                     

                                    Best regards

                                     

                                    Wolfgang

                                    1 2 Previous Next