8 Replies Latest reply on Dec 30, 2011 3:46 AM by dato.java

    JAAS Configuration

    dato.java

      Hello,

       

      I develop web application on JBoss AS 7.1.CR1 and need to implement Jaas LoginModule, on previos versions i know how to configure it via login-config.xml and jboss-web.xml but on JBoss AS 7.1 i was not able to find documentation about it, can you give me links of examples or tutorials about it?

        • 1. Re: JAAS Configuration
          sfcoy
          • 2. Re: JAAS Configuration
            dato.java

            I have done following configuration:

             

            in standalone/configuration/standalone.xml file i added following:

             

            <security-domain name="MySecurityDomain">

                                <authentication>

                                    <login-module code="com.david.MyLoginModule" flag="required"/>

                                </authentication>

            </security-domain>

             

             

            In jboss-web.xml i configured following:

             

             

            <jboss-web>

                <security-domain>java:/jaas/MySecurityDomain</security-domain>

            </jboss-web>

             

             

            And MyLoginModule is following:

             

             

            public class MyLoginModule extends org.jboss.security.auth.spi.UsersRolesLoginModule {

             

                private Logger log = Logger.getLogger(getClass());

             

                private Subject subject;

                private CallbackHandler callbackHandler;

                private Map<String, ?> sharedState;

                private Map<String, ?> options;

             

                private boolean loginOk;

                private boolean commitOk;

             

                private org.jboss.security.SimplePrincipal principal;

             

                public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {

                    // TODO Auto-generated method stub

                    this.subject = subject;

                    this.callbackHandler = callbackHandler;

                    this.sharedState = sharedState;

                    this.options = options;

                }

             

                public boolean login() throws LoginException {

                    try {

             

                        log.info("Authenticating...");

                        NameCallback nameCallback = new NameCallback("username");

                        PasswordCallback passwordCallback = new PasswordCallback("password", false);

                        Callback[] callbacks = new Callback[] { nameCallback, passwordCallback };

                        callbackHandler.handle(callbacks);

                        String username = nameCallback.getName();

                        String password = new String(passwordCallback.getPassword());

                        if (username.equals("admin") && password.equals("admin")) {

                            loginOk = true;

                            log.info("Authenticated");

                            principal = new SimplePrincipal(username);

             

                        } else {

                            log.info("Authentication failure");

                            loginOk = false;

                        }

                    } catch (Exception ex) {

                        loginOk = false;

                        log.error(ex.getMessage(), ex);

                    }

                    return loginOk;

                }

             

                @Override

                public boolean commit() throws LoginException {

                    try {

                        log.info("Commiting...");

                        org.jboss.security.SimpleGroup finaGroup=new SimpleGroup("Roles");

                        finaGroup.addMember(principal);

                        subject.getPrincipals().add(finaGroup);

                        commitOk = true;

                    } catch (Exception ex) {

                        log.error(ex.getMessage(), ex);

                        commitOk = false;

                    }

                    return commitOk;

                }

             

                @Override

                public boolean abort() throws LoginException {

                    log.info("Aborting...");

                    loginOk = false;

                    commitOk = false;

                    return false;

                }

             

                @Override

                public boolean logout() throws LoginException {

                    // TODO Auto-generated method stub

                    return false;

                }

            }

             

             

            But when i try to authenticate i get following exception:

             

            {code}

            11:20:02,229 INFO  [com.david.MyLoginModule] (http--127.0.0.1-8080-1) Authenticating...

            11:20:02,232 INFO  [com.david.MyLoginModule] (http--127.0.0.1-8080-1) Authenticated

            11:20:02,233 INFO  [com.david.MyLoginModule] (http--127.0.0.1-8080-1) Commiting...

            11:20:02,243 ERROR [org.jboss.as.web.security.JBossWebRealm] (http--127.0.0.1-8080-1) Error during authenticate(String,String): java.lang.NullPointerException

                    at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:248) [jboss-as-web-7.1.0.CR1.jar:7.1.0.CR1]

                    at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:280) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:381) [jbossweb-7.0.7.Final.jar:]

                    at org.jboss.as.jpa.interceptor.WebNonTxEmCloserValve.invoke(WebNonTxEmCloserValve.java:50) [jboss-as-jpa-7.1.0.CR1.jar:7.1.0.CR1]

                    at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:151) [jboss-as-web-7.1.0.CR1.jar:7.1.0.CR1]

                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:897) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:626) [jbossweb-7.0.7.Final.jar:]

                    at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2033) [jbossweb-7.0.7.Final.jar:]

                    at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]

            {/code}

             

            So what i  miss? i tried to implement simple jaas loginmodule but result is same

            • 3. Re: JAAS Configuration
              nickarls

              What line does the NPE come from?

              • 4. Re: JAAS Configuration
                dato.java

                Cant understand your question

                • 5. Re: JAAS Configuration
                  nickarls

                  Have you debugged into

                   

                              finaGroup.addMember(principal);

                              subject.getPrincipals().add(finaGroup);

                   

                   

                  to see if principal is null at that point or anything in the second line evaluates to null as there appears to be a nullpointerexception

                  • 6. Re: JAAS Configuration
                    jaikiran

                    David Chokhonelidze wrote:

                     

                    <jboss-web>

                        <security-domain>java:/jaas/MySecurityDomain</security-domain>

                    </jboss-web>

                     

                     

                    This is wrong. You should just be using the security domain name:

                    <jboss-web>

                        <security-domain>MySecurityDomain</security-domain>

                    </jboss-web>

                    • 7. Re: JAAS Configuration
                      dato.java

                      I tried it but result is same ((

                      • 8. Re: JAAS Configuration
                        dato.java

                        I have added

                         

                        subject.getPrincipals().add(principal);

                         

                        in login() and worked fine, thanks