1 Reply Latest reply on Jul 15, 2011 3:40 PM by clewis

    Configuring JMX Remote Authenticaton

    clewis

      Hi,

       

      I have a web application running on JBoss AS 5.1.0 that makes some JMX calls. During development I had authentication turned off and everything was working fine. After enabling authentication I'm running into a problem.

       

      Here are the arguments supplied at server startup:

       

      -Dcom.sun.management.jmxremote.port=3000

      -Dcom.sun.management.jmxremote.authenticate=true

      -Dcom.sun.management.jmxremote.ssl=false

      -Djboss.platform.mbeanserver

      -Djavax.management.builder.initial=org.jboss.system.server.jmx.MBeanServerBuilderImpl

      -Dcom.sun.management.jmxremote.login.config=java:/jaas/jmx-console

       

      The server starts up clean, no errors. However, when I launch the web application it fails at the following line:

       

      Map<String, Object> envVars = new HashMap<String, Object>();

      envVars.put("com.sun.management.jmxremote.login.config", "java:/jaas/jmx-console");

      envVars.put("jmx.remote.credentials", new String[] { "admin", "admin" });

      try

      {

          connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), envVars);

      }

       

      I get the following error:

       

      javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.UsersRolesLoginModule

      javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)

      javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

      javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

      java.security.AccessController.doPrivileged(Native Method)

      javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

      javax.security.auth.login.LoginContext.login(LoginContext.java:579)

      com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:173)

      sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:201)

      javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)

      javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:180)

      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      java.lang.reflect.Method.invoke(Method.java:597)

      sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)

      sun.rmi.transport.Transport$1.run(Transport.java:159)

      java.security.AccessController.doPrivileged(Native Method)

      sun.rmi.transport.Transport.serviceCall(Transport.java:155)

      sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)

      sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)

      sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)

      java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

      java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

      java.lang.Thread.run(Thread.java:662)

       

       

      If I remove the line:

      envVars.put("jmx.remote.credentials", new String[] { "admin", "admin" });

       

      then I get:

       

      java.lang.SecurityException: Authentication failed! Credentials required

      com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticationFailure(JMXPluggableAuthenticator.java:193)

      com.sun.jmx.remote.security.JMXPluggableAuthenticator.authenticate(JMXPluggableAuthenticator.java:145)

      sun.management.jmxremote.ConnectorBootstrap$AccessFileCheckerAuthenticator.authenticate(ConnectorBootstrap.java:201)

      javax.management.remote.rmi.RMIServerImpl.doNewClient(RMIServerImpl.java:213)

      javax.management.remote.rmi.RMIServerImpl.newClient(RMIServerImpl.java:180)

      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

      java.lang.reflect.Method.invoke(Method.java:597)

      sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:305)

      sun.rmi.transport.Transport$1.run(Transport.java:159)

      java.security.AccessController.doPrivileged(Native Method)

      sun.rmi.transport.Transport.serviceCall(Transport.java:155)

      sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)

      sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)

      sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)

      java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)

      java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)

      java.lang.Thread.run(Thread.java:662)

      sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:255)

      sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:233)

      sun.rmi.server.UnicastRef.invoke(UnicastRef.java:142)

      javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)

      javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2327)

      javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:279)

      javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:248)

       

      .

      .

      .

       

      I would like to be able to configure the authentication to use the JAAS login modules.

       

      Thanks.

        • 1. Re: Configuring JMX Remote Authenticaton
          clewis

          I've modified the code slightly:

           

          Map<String, Object> envVars = new HashMap<String, Object>();

          envVars.put(JMXConnector.CREDENTIALS, new String[] { "admin", "admin" });

          try

          {

              connector = JMXConnectorFactory.connect(new JMXServiceURL(JMX_URL), envVars);

          }

           

           

           

          Still getting the error:

           

          javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.UsersRolesLoginModule

          .

          .

          .

           

           

          When I turn on tracing I see the following just before the stack trace:

           

          15:31:26,634 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(java:/jaas/jmx-console), size=16

          15:31:26,634 TRACE [XMLLoginConfigImpl] getAppConfigurationEntry(java:/jaas/jmx-console), no entry in appConfigs, tyring parentCont: null

          15:31:26,634 TRACE [XMLLoginConfigImpl] getAppConfigurationEntry(java:/jaas/jmx-console), no entry in parentConfig, trying: other

          15:31:26,634 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(java:/jaas/jmx-console), authInfo=AppConfigurationEntry[]:

          [0]

          LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule

          ControlFlag: LoginModuleControlFlag: required

          Options: