3 Replies Latest reply on Jul 22, 2011 11:16 AM by wolfgangknauf

JBoss is use the false LoginModul

catares Jul 21, 2011 8:37 AM

Hello,

my problem is, that the server (jboss 6) try to find files like user.properties and roles.properties:

But I have implemented a my own LdapLoginModul but the server always use the UserRolesModul.

Any help for me?

1. Re: JBoss is use the false LoginModul

wolfgangknauf Jul 21, 2011 9:10 AM (in response to catares)

Hi,

activate logging of the security layer: http://community.jboss.org/wiki/SecurityFAQ - question 4.

This will reveal e.g. exceptions caused by configuration problems, and hopefully you will see whether your login module was detected or not.

Best regards

Wolfgang
Actions
2. Re: JBoss is use the false LoginModul

catares Jul 22, 2011 6:01 AM (in response to wolfgangknauf)

Hi,

I activate the logging for security. In the stacktrace I can see that the server can read the data out of the edesk-login-config.xml, where I defined my EdeskLdapLogin-Coonfiguration for the Ldap-Server Connection

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,598 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(edesk), size=12
11:46:56,599 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(edesk), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: de.xcom.edesk.jboss.EdeskLdapLoginModule
ControlFlag: Anmeldemodul-Steuerflag: required
Options:
name=userAttr1, value=companyname, Firma
name=userAttr2, value=mail, Email Adresse
name=userAttr3, value=
name=unauthenticatedIdentity, value=Nobody
name=userAttr8, value=
name=userAttr9, value=
name=userAttr4, value=
name=userAttr5, value=
name=userAttr6, value=
name=userUID, value=uid
name=userAttr7, value=
name=java.naming.security.authentication, value=simple
name=ExternalUserManagerJNDI, value=ejb3/edesk/LocalExternalUserManagerImpl
name=ldap.servers, value=10.40.21.32
name=java.naming.security.protocol, value=none

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

but the stacktrace also say:

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,007 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
    at org.jboss.security.auth.spi.Util.loadProperties(Util.java:201) [:3.0.0.CR2]
    at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) [:3.0.0.CR2]
    at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) [:3.0.0.CR2]
    at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) [:3.0.0.CR2]
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

But the server shoult use my own LoginModul (EdeskLdapLoginModul) instead of the UsersRolesLoginModule

The server also can't deploy my AdminService which I need for Login:

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
11:46:56,032 ERROR [AbstractKernelController] Error installing to Start: name=eDesk:service=Admin state=Create mode=Manual requiredState=Installed: javax.ejb.EJBAccessException: Invalid User
    at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:392) [:1.7.17]
    at org.jboss.ejb3.remoting.IsLocalInterceptor.invokeLocal(IsLocalInterceptor.java:88) [:1.7.17]
    at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:75) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143) [:1.7.17]
    at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]
    at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62) [:1.0.1.GA]
    at $Proxy296.invoke(Unknown Source)    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185) [:1.0.11]
    at $Proxy293.checkAndRepairDB(Unknown Source)    at de.xcom.edesk.jboss.AdminService.checkAndRepairDB(AdminService.java:149)
    at de.xcom.edesk.jboss.AdminService.startService(AdminService.java:127)
    at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:355) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

I dont' know what to do...please help
Actions
3. Re: JBoss is use the false LoginModul

wolfgangknauf Jul 22, 2011 11:16 AM (in response to catares)

Hi Carmen,

to come up with an older question ;-):
So, you have a service method "de.xcom.edesk.jboss.AdminService.checkAndRepairDB", which is called when the service is started? I assume that this method tries to call a secured EJB method, and this fails? Is this correct?

If yes: how does the service method log in to the server? How is EJB security (e.g. security domain) configured?

Best regards

Wolfgang
Actions

Go to original post