7 Replies Latest reply on Dec 12, 2011 6:24 AM by rainerzufall

    JBoss 7.0.2 - problem with authentication

    rainerzufall

      Hi!

       

      I just tried to start migration from JBoss 5.1 to 7.0.2, webapp is starting, but login authentication does not work.

       

      standalone.xml

       

                  <security-domain name="bvaRealm" cache-type="default">
                      <authentication>
                          <login-module code="database" flag="required">
                              <module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>
                              <module-option name="principalsQuery" value="SELECT Password FROM User WHERE Username=?"/>
                              <module-option name="rolesQuery" value="SELECT Role, 'Roles' FROM User WHERE Username=?"/>
                          </login-module>
                      </authentication>
                  </security-domain>

       

      I tried to use this as a test, but after submitting my password, I got the following exception:

       

      08:53:12,265 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginException: Die Anmeldemodulklasse kann nicht gefunden werden: Enabled from [Module "deployment.MRSAea.ear.MRSAweb.war:main" from Service Module Loader]

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808) [:1.6.0_27]

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [:1.6.0_27]

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [:1.6.0_27]

          at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_27]

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [:1.6.0_27]

          at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [:1.6.0_27]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.1.jar:4.0.1]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.1.jar:4.0.1]

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:154) [picketbox-infinispan-4.0.1.jar:4.0.1]

          at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:127) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:372) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.0.2.Final.jar:7.0.2.Final]

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.0.2.Final]

          at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]

       

       

      "Die Anmeldemodulklasse kann nicht gefunden werden" means unable to find LoginModule class

       

      How can I solve this problem?

       

      Any help is appreciated

        • 1. Re: JBoss 7.0.2 - problem with authentication
          jaikiran

          Rainer Zufall wrote:

           

          <login-module code="database" flag="required">

          The code attribute is case sensitive. Try:

           

          <login-module code="Database" flag="required">
          
          • 2. Re: JBoss 7.0.2 - problem with authentication
            rainerzufall

            thanks for your response.

            just tried it, no didn't work

            • 3. Re: JBoss 7.0.2 - problem with authentication
              jaikiran

              Please post the new exception stacktrace. Also, can you try this against the latest released 7.1.0.Beta1?

              • 4. Re: JBoss 7.0.2 - problem with authentication
                rainerzufall

                the exception stacktrace stays the same, nothing changed

                 

                I will try the beta1 now

                • 5. Re: JBoss 7.0.2 - problem with authentication
                  rainerzufall

                  So, with jboss-as-7.1.0.Beta1b I get:

                   

                  11:48:43,656 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] (http--127.0.0.1-8080-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

                   

                  so the final seems bugged.

                   

                  But I used the same  config:

                   


                  <security-domain name="bvaRealm" cache-type="default">

                  <authentication>

                  <login-module code="Database" flag="required">

                  <module-option name="dsJndiName" value="java:jboss/datasources/ExampleDS"/>

                  <module-option name="principalsQuery" value="SELECT Password FROM User WHERE Username=?"/>

                  <module-option name="rolesQuery" value="SELECT Role, 'Roles' FROM User WHERE Username=?"/>

                  </login-module>

                  </authentication>

                  </security-domain>

                   

                   

                  so why is the server searching for a properties file?

                  • 6. Re: JBoss 7.0.2 - problem with authentication
                    jaikiran

                    1) Please change "database" to "Database"

                    2) Please post the entire exception stacktrace

                    3) What does your jboss-web.xml look like?

                    • 7. Re: JBoss 7.0.2 - problem with authentication
                      rainerzufall

                      Database was just a copy & paste error, sorry

                       

                      <security-domain>java:/jaas/bvaRealm/</security-domain>

                       

                      was what I had first, but now I used only

                       

                      <security-domain>bvaRealm</security-domain>

                       

                      and he's responding and trying to find the table, great

                       

                       

                      with Jboss 5.1 I used a lib which connects to ldap and gets userroles from a .txt file ( ldap here doesn't have userroles implemented)

                       

                      in 5.1 I would config it this way

                       

                      <application-policy name="bvaRealm">

                      <authentication>

                              <login-module code="de.bva.jee.BVALoginModule" flag="required"/>

                      </authentication>

                      </application-policy>

                       

                      with 7.x

                       


                      <security-domain name="bvaRealm" cache-type="default">

                      <authentication>

                      <login-module code="de.bva.jee.BVALoginModule" flag="required"/>

                      </authentication>

                      </security-domain>

                       

                      is this the right way?