-
1. Re: JBoss is use the false LoginModul
wolfgangknauf Jul 21, 2011 9:10 AM (in response to catares)Hi,
activate logging of the security layer: http://community.jboss.org/wiki/SecurityFAQ - question 4.
This will reveal e.g. exceptions caused by configuration problems, and hopefully you will see whether your login module was detected or not.
Best regards
Wolfgang
-
2. Re: JBoss is use the false LoginModul
catares Jul 22, 2011 6:01 AM (in response to wolfgangknauf)Hi,
I activate the logging for security. In the stacktrace I can see that the server can read the data out of the edesk-login-config.xml, where I defined my EdeskLdapLogin-Coonfiguration for the Ldap-Server Connection
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,598 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(edesk), size=12
11:46:56,599 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(edesk), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: de.xcom.edesk.jboss.EdeskLdapLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:
name=userAttr1, value=companyname, Firma
name=userAttr2, value=mail, Email Adresse
name=userAttr3, value=
name=unauthenticatedIdentity, value=Nobody
name=userAttr8, value=
name=userAttr9, value=
name=userAttr4, value=
name=userAttr5, value=
name=userAttr6, value=
name=userUID, value=uid
name=userAttr7, value=
name=java.naming.security.authentication, value=simple
name=ExternalUserManagerJNDI, value=ejb3/edesk/LocalExternalUserManagerImpl
name=ldap.servers, value=10.40.21.32
name=java.naming.security.protocol, value=none
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
but the stacktrace also say:
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,007 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:201) [:3.0.0.CR2]
at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) [:3.0.0.CR2]
at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) [:3.0.0.CR2]
at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) [:3.0.0.CR2]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
But the server shoult use my own LoginModul (EdeskLdapLoginModul) instead of the UsersRolesLoginModule
The server also can't deploy my AdminService which I need for Login:
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,032 ERROR [AbstractKernelController] Error installing to Start: name=eDesk:service=Admin state=Create mode=Manual requiredState=Installed: javax.ejb.EJBAccessException: Invalid User
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:392) [:1.7.17]
at org.jboss.ejb3.remoting.IsLocalInterceptor.invokeLocal(IsLocalInterceptor.java:88) [:1.7.17]
at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:75) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143) [:1.7.17]
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62) [:1.0.1.GA]
at $Proxy296.invoke(Unknown Source) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185) [:1.0.11]
at $Proxy293.checkAndRepairDB(Unknown Source) at de.xcom.edesk.jboss.AdminService.checkAndRepairDB(AdminService.java:149)
at de.xcom.edesk.jboss.AdminService.startService(AdminService.java:127)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:355) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
I dont' know what to do...please help
-
3. Re: JBoss is use the false LoginModul
wolfgangknauf Jul 22, 2011 11:16 AM (in response to catares)Hi Carmen,
to come up with an older question ;-):
So, you have a service method "de.xcom.edesk.jboss.AdminService.checkAndRepairDB", which is called when the service is started? I assume that this method tries to call a secured EJB method, and this fails? Is this correct?
If yes: how does the service method log in to the server? How is EJB security (e.g. security domain) configured?
Best regards
Wolfgang