5 Replies Latest reply on Nov 13, 2012 4:01 PM by rohit1183

    Problem with JBoss Negotiation 2.1

    unnijboss
    unnijboss Nov 1, 2011 4:05 PM

      My goal is simple. Just to get the windows user id from the browser on to the server.

       

      Tried successfully the Jboss Negotiation 2.0.3 SP2.

       

      Followed this link for the configuration.

      http://www.6footplus.com/238

       

      I am having a sample JSP for the test which will just display the user name

       

      <body>
      Hello <%= request.getRemoteUser() %> !
      </body>

       

       

      All works fine except for windows 7 and IE 8. As discussed in other threads, I moved to Jboss Negotiation 2.1.

      Just replaced the jar file and no configuration changes. Now the sample JSP not able to retrieve the user name from the browser.

       

      I tried the negotiation toolkit and the first two tests were ok and the third one fails. It prompts me to the login page and even after I enter the user id/password it fails.

       

      Any suggestions are welcome

      • 4573 Views
      • Tags:
        • 1. Re: Problem with JBoss Negotiation 2.1
          unnijboss
          unnijboss Nov 3, 2011 9:42 AM (in response to unnijboss)

          Is this an active forum?

            • Actions
          • 2. Re: Problem with JBoss Negotiation 2.1
            dlofthouse
            dlofthouse Nov 3, 2011 1:44 PM (in response to unnijboss)

            To unerstand the failure you are most likely going to need to enable TRACE logging for org.jboss.security, repeat your tests and show the output here.

              • Actions
            • 3. Re: Problem with JBoss Negotiation 2.1
              unnijboss
              unnijboss Nov 4, 2011 9:26 AM (in response to dlofthouse)

              Here is my logs for the negotiation toolkit secure test.

               

               

              2011-11-03 16:34:28,366 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:{}
              2011-11-03 16:34:28,368 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-0.0.0.0-38090-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
              2011-11-03 16:34:28,460 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:34:28,460 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:06,046 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:{}
              2011-11-03 16:35:06,047 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:06,047 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:07,513 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:{}
              2011-11-03 16:35:07,513 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-0.0.0.0-38090-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
              2011-11-03 16:35:07,515 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:07,515 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:14,054 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:{}
              2011-11-03 16:35:14,055 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-38090-1) Begin isValid, principal:Dfd, cache info: null
              2011-11-03 16:35:14,055 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-38090-1) defaultLogin, principal=Dfd
              2011-11-03 16:35:14,055 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-38090-1) Begin getAppConfigurationEntry(SPNEGO), size=15
              2011-11-03 16:35:14,055 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-38090-1) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
              ControlFlag: LoginModuleControlFlag: requisite
              Options:
              name=serverSecurityDomain, value=host
              name=password-stacking, value=useFirstPass
              [1]
              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
              ControlFlag: LoginModuleControlFlag: required
              Options:
              name=usersProperties, value=props/spnego-users.properties
              name=rolesProperties, value=props/spnego-roles.properties
              name=password-stacking, value=useFirstPass

              2011-11-03 16:35:14,055 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) initialize
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) Security domain: SPNEGO
              2011-11-03 16:35:14,056 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) removeRealmFromPrincipal=false
              2011-11-03 16:35:14,056 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) serverSecurityDomain=host
              2011-11-03 16:35:14,056 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) usernamePasswordDomain=null
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) login
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-38090-1) abort
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) initialize
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) Security domain: SPNEGO
              2011-11-03 16:35:14,056 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) findResource: null
              2011-11-03 16:35:14,057 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) Properties file=vfsfile:/C:/jboss-5.1.0.GA/server/myapp/conf/props/spnego-users.properties, defaults=null
              2011-11-03 16:35:14,059 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) Loaded properties, users=[user1@test.net, user2@test.net, user3@test.net, user4@test.net]
              2011-11-03 16:35:14,059 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) findResource: null
              2011-11-03 16:35:14,060 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) Properties file=vfsfile:/C:/jboss-5.1.0.GA/server/utc/conf/props/spnego-roles.properties, defaults=null
              2011-11-03 16:35:14,061 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) Loaded properties, users=[user1@test.net, user2@test.net, user3@test.net, user4@test.net]
              2011-11-03 16:35:14,061 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-38090-1) abort
              2011-11-03 16:35:14,061 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-38090-1) Login failure
              javax.security.auth.login.LoginException: No NegotiationContext and no usernamePasswordDomain defined.
              at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:187)
              at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:137)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
              at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
              at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
              at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
              at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
              at java.lang.Thread.run(Thread.java:662)
              2011-11-03 16:35:14,062 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-38090-1) End isValid, false
              2011-11-03 16:35:14,063 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null
              2011-11-03 16:35:14,063 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-38090-1) Setting threadlocal:null

               

              Thanks

                • Actions
              • 4. Re: Problem with JBoss Negotiation 2.1
                unnijboss
                unnijboss Nov 7, 2011 1:31 PM (in response to unnijboss)

                Any ideas?

                  • Actions
                • 5. Re: Problem with JBoss Negotiation 2.1
                  rohit1183
                  rohit1183 Nov 13, 2012 4:01 PM (in response to unnijboss)

                  This is your solution

                  https://issues.jboss.org/browse/SECURITY-439

                    • Actions