2 Replies Latest reply on Nov 21, 2011 2:47 AM by jaikiran

Error " java.lang.SecurityException: Authentication exception, principal=null"

fulgore11 Sep 21, 2011 11:21 AM

Hello,

I'm moving my EJB2 application from JBoss 4.2.2 to JBoss 5.1 . I have a Web/Tomcat client, the following exception is thrown in JBoss when the client invokes a remote method:

[SecurityInterceptor] Error in Security Interceptor

java.lang.SecurityException: Authentication exception, principal=null

at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)

at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)

at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)

at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)

at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)

at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)

at org.jboss.ejb.plugins.CleanShutdownInterceptor.invokeHome(CleanShutdownInterceptor.java:216)

at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)

my ejb-jar:

---------------------

<ejb-jar >

<enterprise-beans>

<ejb-name>MyBeanRemote</ejb-name>

<home>net.mybean.v2.ejbs.IMyBeanHomeRemote</home>

<remote>net.mybean.v2.ejbs.IMyBeanRemote</remote>

<ejb-class>

net.mybean.v2.ejbs.MyBeanSessionBean</ejb-class>

<session-type>Stateless</session-type>

<transaction-type>Bean</transaction-type>

<security-identity>

<run-as>

<role-name>everyone</role-name>

</run-as>

</security-identity>

</session>

</enterprise-beans>

<assembly-descriptor >

<method-permission>

<role-name>everyone</role-name>

<ejb-name>MyBeanRemote</ejb-name>

<method-name>*</method-name>

</method>

</method-permission>

</assembly-descriptor>

</ejb-jar>

-------------------------

my jboss:

-----------------------

<jboss>

<unauthenticated-principal>nobody</unauthenticated-principal>

<enterprise-beans>

<ejb-name>MyBeanRemote</ejb-name>

<jndi-name>MyBeanRemote</jndi-name>

<invoker-bindings>

<invoker-proxy-binding-name>retryCluster</invoker-proxy-binding-name>

<jndi-name>MyBeanRemote</jndi-name>

</invoker>

</invoker-bindings>

<cluster-config>

<partition-name>DefaultPartition</partition-name>

<home-load-balance-policy>

org.jboss.ha.framework.interfaces.RoundRobin

</home-load-balance-policy>

<bean-load-balance-policy>

org.jboss.ha.framework.interfaces.RoundRobin

</bean-load-balance-policy>

</cluster-config>

<method-attributes>

</method-attributes>

</session>

</enterprise-beans>

<invoker-proxy-bindings>

<invoker-proxy-binding>

<name>retryCluster</name>

<invoker-mbean>jboss:service=invoker,type=jrmpha</invoker-mbean>

<proxy-factory>org.jboss.proxy.ejb.ProxyFactoryHA</proxy-factory>

<proxy-factory-config>

<client-interceptors>

<home>

<interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>

<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>

<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>

<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

</home>

<bean>

<interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>

<interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

<interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>

<interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>

<interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

</bean>

</client-interceptors>

</proxy-factory-config>

</invoker-proxy-binding>

</invoker-proxy-bindings>

</jboss>

-----------------------------------

jndi.properties conf:

---------

java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory

java.naming.factory.url.pkgs=jboss.naming:org.jnp.interfaces

java.naming.provider.url=machine01:1100, machine02:1100

--------------------

my login-config (default values):

------------

<application-policy name = "client-login">

<login-module code = "org.jboss.security.ClientLoginModule"

flag = "required">

<module-option name="restore-login-identity">true</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "jbossmq">

<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"

flag = "required">

<module-option name = "unauthenticatedIdentity">guest</module-option>

<module-option name = "dsJndiName">java:/DefaultDS</module-option>

<module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>

<module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "HsqlDbRealm">

<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"

flag = "required">

<module-option name = "principal">sa</module-option>

<module-option name = "userName">sa</module-option>

<module-option name = "password"></module-option>

<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "JmsXARealm">

<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"

flag = "required">

<module-option name = "principal">guest</module-option>

<module-option name = "userName">guest</module-option>

<module-option name = "password">guest</module-option>

<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "jmx-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

flag = "required">

<module-option name="usersProperties">props/jmx-console-users.properties</module-option>

<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "web-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

flag = "required">

<module-option name="usersProperties">web-console-users.properties</module-option>

<module-option name="rolesProperties">web-console-roles.properties</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name="JBossWS">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

flag="required">

<module-option name="usersProperties">props/jbossws-users.properties</module-option>

<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>

<module-option name="unauthenticatedIdentity">anonymous</module-option>

</login-module>

</authentication>

</application-policy>

<application-policy name = "other">

<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"

flag = "required" />

</authentication>

</application-policy>

</policy>

--------------

It works fine in JBoss 4.2.2, but I don't know what the problem is in JBoss 5.1 . Any idea ?

Thanks in advance.

1. Re: Error " java.lang.SecurityException: Authentication exception, principal=null"

fulgore11 Nov 17, 2011 5:52 PM (in response to fulgore11)

I managed to solve that..I only put <security-domain></security-domain> in jboss.xml
Actions
2. Re: Error " java.lang.SecurityException: Authentication exception, principal=null"

jaikiran Nov 21, 2011 2:47 AM (in response to fulgore11)

Yes, it looks related to this http://community.jboss.org/message/634983#634983
Actions

Go to original post