-
1. Re: How to config auth.conf file into the client classpath?
wolfgangknauf May 27, 2011 9:29 AM (in response to fernandoaugusto)Hi,
in the "Run configuration" of your app, add this java argument (note: in a standard ApplicationClient project created by Eclipse, place the file in "appClientModule/META-INF/"):
-Djava.security.auth.login.config=appClientModule/META-INF/auth.conf
See this screenshot (as the containing page is in German, I directly link to the relevant image):
http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/security/appclientrun.png
Best regards
Wolfgang
-
2. Re: How to config auth.conf file into the client classpath?
fernandoaugusto May 27, 2011 12:08 PM (in response to wolfgangknauf)Hi
I set my appClientModule called contato-desktop like this: -Djava.security.auth.login.config=contato-desktop/META-INF/auth.conf
but did not work ! Still showing the exception javax.ejb.EJBAccessException: Invalid User.
Any suggestions?
-
3. Re: How to config auth.conf file into the client classpath?
wolfgangknauf May 27, 2011 6:28 PM (in response to fernandoaugusto)Well, "Invalid User" exception might have a whole lot of reasons ;-).
So, could you please provide more details about your project? How does the client log in? How is security configured?
You might also activate logging of the security layer. See http://community.jboss.org/wiki/SecurityFAQ - question 4. This might provide you more information on the login failure.
Best regards
Wolfgang
-
4. Re: How to config auth.conf file into the client classpath?
fernandoaugusto May 30, 2011 2:28 PM (in response to wolfgangknauf)Hi Wolfgang
Thanks for help until now.... ..
I've created an EJB application, JSF and swing desktop without authentication control and everything worked fine ..
After that, I decided to use JBOSS authentication and I set up aorg.jboss.security.auth.spi.DatabaseServerLoginModule. The JSF and EJB application started using authentication with no errors. Very good !!! The problem was then swing application that came to call the ejb layer authentication....
I did "Run configuration" -Djava.security.auth.login.config=contato-desktop/META-INF/auth.conf but still not working....
Now that I set up the log as you have mentioned, and now Jboss give messages the following log ..
15:07:19,541 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.contato-seg] Login failure: javax.security.auth.login.FailedLoginException: No matching username found in Principals
at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:184) [:3.0.0.CR2]
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) [:3.0.0.CR2]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_18]
My swing application is passing the credentials as follows:
try {
SecurityClient client = SecurityClientFactory.getSecurityClient();
client.setSimple("fernando", "123");
client.login();
} catch (Exception e1) {
e1.printStackTrace();
}
.......
try {
remote = (PessoaBeanRemote) Sistema.getIc().lookup("contato-full/PessoaBean/remote");
.......
List<Pessoa> colecao = remote.getPessoas();
...............
} catch (NamingException e) {
JOptionPane.showMessageDialog(this, e.getMessage());
}
I keep getting the exception - javax.ejb.EJBAccessException: Invalid User.
To me it seems that the swing application is not sending the credentials in the calling thread ejb layer .....
What I forgot to do
Regards.
-
5. Re: How to config auth.conf file into the client classpath?
wolfgangknauf May 30, 2011 4:00 PM (in response to fernandoaugusto)Hi,
the console log should also show the SQL statements of the DatabaseServerLoginModule. Maybe there's something wrong in the data?
Best regards
Wolfgang
-
6. Re: How to config auth.conf file into the client classpath?
fernandoaugusto May 31, 2011 9:17 AM (in response to wolfgangknauf)I think the data is ok because I'm using it (fernando, 123) to authenticate the JSF layer and everything works fine.....(I'm using HTTP BASIC)
I think I'm doing something wrong here in swing client layer....
-
7. Re: How to config auth.conf file into the client classpath?
wolfgangknauf May 31, 2011 11:07 AM (in response to fernandoaugusto)Hi Fernando,
I see that you use "setSimple" for the security client. Could you try a JAAS login (see http://community.jboss.org/wiki/SecurityFAQ - question 10).
And here is a small snippet which shows also the callback handler:
AppCallbackHandler callbackHandler = new AppCallbackHandler("user", "password");
LoginContext loginContext = new LoginContext ("name_from_auth_conf", callbackHandler);
loginContext.login();
And "auth.conf" might look like this:
name_from_auth_conf {
// jBoss LoginModule
org.jboss.security.ClientLoginModule required
;
};
It seems the simple login is just ignoring "auth.conf".
Hope this helps
Wolfgang
-
8. Re: How to config auth.conf file into the client classpath?
fernandoaugusto May 31, 2011 4:41 PM (in response to wolfgangknauf)Hi Wolfgang
I read and set up the call via JAAS like you told me...but still did not work .... now an exception occurs when loading the LoginContext here: LoginContext loginContext = new LoginContext ("loginconfigname", callbackHandler);
java.lang.SecurityException: D:\workspace\contato-desktop\META-INF\auth.conf (No such file or directory)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
at java.lang.Class.newInstance0(Class.java:355)
at java.lang.Class.newInstance(Class.java:308)
at javax.security.auth.login.Configuration$3.run(Configuration.java:247)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at contato.ContatoFrm.<init>(ContatoFrm.java:62)
at contato.Programa.main(Programa.java:6)
Caused by: java.io.IOException: D:\workspace\contato-desktop\META-INF\auth.conf (No such file or directory)
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:195)
at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91)
... 15 more
log4j:WARN No appenders could be found for logger (org.jnp.interfaces.TimedSocketFactory).
log4j:WARN Please initialize the log4j system properly.
I tried to set the execution to find the file auth.conf several ways possible but did not work...My last attempt was: -
Djava.security.auth.login.config=${workspace_loc}\contato-desktop\META-INF\auth.conf
I've tried to hard-code like this:
Djava.security.auth.login.config=contato-desktop\META-INF\auth.conf
Sorry to bother you so much ... but I still can not make it work ...
Best Regard.
-
9. Re: How to config auth.conf file into the client classpath?
wolfgangknauf Jun 1, 2011 3:32 AM (in response to fernandoaugusto)Hi Fernando,
every beginner asks "silly" questions at first - no problem ;-). Currently, I am in a similar situation for another JBoss subproject, where I started a long forum thread with a lot of beginner problems ;-).
I assume that the file "D:\workspace\contato-desktop\META-INF\auth.conf" exists ;-)? And the content is valid?
Do you use eclipse with the Web Tools Platform plugin (or something similar, like JBoss Tools)? If yes, then your application client project is probably of the "Application Client"? But your path does not match the paths for a "Application Client project". See e.g. this screenshot: http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/stateless/newapplication5.png - "StatelessClient" is such a client module, and here you see a directory "appClientModule" with a subdirectory "META-INF". Here the "auth.conf" should be placed.
Another thing you might try: is "contato-desktop" the name of your project? In this case, it might work if you use the relativ URL:
-Djava.security.auth.login.config=META-INF\auth.conf
Hope this helps
Wolfgang
-
10. Re: How to config auth.conf file into the client classpath?
fernandoaugusto Jun 1, 2011 12:23 PM (in response to wolfgangknauf)Hi Wolfgang
yes... "contato-desktop" is the name of my project! After many attempts I set like this -Djava.security.auth.login.config=appClientModule/META-INF/auth.conf and the exception stop!!!!!! but when I swing client an EJB method with @RolesAllowed.... keep getting the same exception Invalid User...
13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize 13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Security domain: contato-seg 13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/contatoDS 13:16:10,251 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select passwd from USERS where login=? 13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select role, 'Roles' from USER_ROLES where login=? 13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendResume=true 13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login 13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Authenticating as unauthenticatedIdentity=null 13:16:10,252 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction 13:16:10,253 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: null 13:16:10,254 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Query returned no matches from db 13:16:10,254 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction 13:16:10,266 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort 13:16:10,266 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.contato-seg] Login failure: javax.security.auth.login.FailedLoginException: No matching username found in Principals at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:184) [:3.0.0.CR2] at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) [:3.0.0.CR2]
Below is the log when I do the authentication via JSF .. see the User Name comes toJBoss ... but not when called by the swing.
13:09:33,582 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: fernando 13:09:33,866 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Obtained user password 13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] resumeAnyTransaction 13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] User 'fernando' authenticated, loginOk=true 13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] commit, loginOk=true 13:09:33,867 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] getRoleSets using rolesQuery: select role, 'Roles' from USER_ROLES where login=?, username: fernando 13:09:33,874 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] suspendAnyTransaction 13:09:33,875 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select role, 'Roles' from USER_ROLES where login=?, with username: fernando 13:09:33,911 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role gerente 13:09:33,911 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Assign user to role funcionario
I would like to thank your patience and said that before beginning to use JBoss I read the books: JBoss Develpment and JBoss in Action. But we know very well how the books do not have all the details .....
Any suggest?
Best Regards.
-
11. Re: How to config auth.conf file into the client classpath?
fernandoaugusto Jun 1, 2011 1:50 PM (in response to fernandoaugusto)Hi Wolfgang
I replied exactly what you suggested in this post here http://community.jboss.org/thread/44124?tstart=0... but still did not work .... only difference is thatI'm using JBoss 6 and not 5.
User name is not going in the EJB layer:
13:16:10,253 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Excuting query: select passwd from USERS where login=?, with username: null
-
12. Re: How to config auth.conf file into the client classpath?
wolfgangknauf Jun 1, 2011 6:04 PM (in response to fernandoaugusto)Hi Fernando,
I have to admit that my security sample is JBoss 5 based, I never tested it with AS6. But I hope there was no breaking change. I will give it a try the next few days and will come back to you (If I don't do, feel free to remind me ;-) - but it might last until Sunday or even later).
Could you try to test your sample on JBoss 5? This should be possible if you don't use e.g. JavaEE6 features. If this is impossible or the app just works fine there, you might also try to reduce it to a minimal app which could be posted here. Sometimes it helps to start with a complete new project and thus avoid errors contained in the previous sample ;-).
Best regards
Wolfgang
-
13. Re: How to config auth.conf file into the client classpath?
fernandoaugusto Jun 2, 2011 8:05 AM (in response to wolfgangknauf)Hi Wolfgang
I'm not using any features of JEE 6 and I'll test in JBoss 5 ... I'll post the result. I appreciate your help.
-
14. Re: How to config auth.conf file into the client classpath?
wolfgangknauf Jun 2, 2011 10:51 AM (in response to fernandoaugusto)Hi Fernando,
"unfortunately" my own security sample works with JBoss 6, too. So let's continue to analyze your project. Maybe JBoss 5 provides a more meaningful error message when something is wrong, or you find a way to reproduce it in a small sample.
My own security sample can be found here (source code is German, but it should be simple enough: one secured EJB, a web client and an app client which perform login and test access to secured methods): http://www.cs.hs-rm.de/~knauf/KomponentenArchitekturen2008/security/Security.ear
Best regards
Wolfgang