5 Replies Latest reply on Jul 25, 2012 11:42 AM by madchedar0

    Specifying location of a login module for HornetQ

    madchedar0

      This is a continuation of the original thread I had here: https://community.jboss.org/message/749527

       

      I have the following security-domain specified in my standalone-full.xml:

       

      <security-domain name="myapp" cache-type="default">
                          <authentication>
                              <login-module code="com.mycompany.myapp.user.UserLoginModule" flag="required"/>
                          </authentication>
      </security-domain>
      
      

       

      It's a JAAS login module and I want HornetQ to use it for authentication.  In the previous thread we figured out that you must specify a security domain in the messaging subsystem of your standalone-full.xml:

       

       

      <hornetq-server>
      
           <!-- other properties -->
      
           <security-domain>myapp</security-domain>
      </hornetq-server>
      

       

      So now HornetQ knows that it must use this "myapp" security domain (which uses the myapp.user.UserLoginModule to authenticate users using JAAS).

      When I attempt to use messaging within the system (publish/subscribe to a topic, push/pull from a queue) I'm getting the following error:

       

       

      21:24:21,840 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (Old I/O server worker (parentId: 473827757, [id: 0x1c3e09ad, /127.0.0.1:5445])) Login failure: javax.security.a
      uth.login.LoginException: unable to find LoginModule class: com.mycompany.myapp.user.UserLoginModule from [Module "org.jboss.as.messaging:main" from local module loader @2a72cf60 (roots: C:\<my jboss7.1.1 install path>\modules)]
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:822) [rt.jar:1.7.0_03]
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_03]
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) [rt.jar:1.7.0_03]
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) [rt.jar:1.7.0_03]
              at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_03]
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) [rt.jar:1.7.0_03]
              at javax.security.auth.login.LoginContext.login(LoginContext.java:594) [rt.jar:1.7.0_03]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.7.Final.jar:4.0.7.Final]
              at org.jboss.as.messaging.HornetQSecurityManagerAS7.validateUser(HornetQSecurityManagerAS7.java:39) [jboss-as-messaging-7.1.1.Final.jar:7.1.1.Final]
              at org.hornetq.core.security.impl.SecurityStoreImpl.authenticate(SecurityStoreImpl.java:134) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.server.impl.HornetQServerImpl.createSession(HornetQServerImpl.java:807) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handleCreateSession(HornetQPacketHandler.java:187) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.protocol.core.impl.HornetQPacketHandler.handlePacket(HornetQPacketHandler.java:85) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.protocol.core.impl.ChannelImpl.handlePacket(ChannelImpl.java:508) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.doBufferReceived(RemotingConnectionImpl.java:556) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.protocol.core.impl.RemotingConnectionImpl.bufferReceived(RemotingConnectionImpl.java:517) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.remoting.server.impl.RemotingServiceImpl$DelegatingBufferHandler.bufferReceived(RemotingServiceImpl.java:533) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.remoting.impl.netty.HornetQChannelHandler.messageReceived(HornetQChannelHandler.java:73) [hornetq-core-2.2.13.Final.jar:]
              at org.jboss.netty.channel.SimpleChannelHandler.handleUpstream(SimpleChannelHandler.java:100) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.StaticChannelPipeline.sendUpstream(StaticChannelPipeline.java:372) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.StaticChannelPipeline$StaticChannelHandlerContext.sendUpstream(StaticChannelPipeline.java:534) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:287) [netty-3.2.6.Final.jar:]
              at org.hornetq.core.remoting.impl.netty.HornetQFrameDecoder2.decode(HornetQFrameDecoder2.java:169) [hornetq-core-2.2.13.Final.jar:]
              at org.hornetq.core.remoting.impl.netty.HornetQFrameDecoder2.messageReceived(HornetQFrameDecoder2.java:134) [hornetq-core-2.2.13.Final.jar:]
              at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:80) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.StaticChannelPipeline.sendUpstream(StaticChannelPipeline.java:372) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.StaticChannelPipeline.sendUpstream(StaticChannelPipeline.java:367) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:274) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:261) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.channel.socket.oio.OioWorker.run(OioWorker.java:100) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.util.ThreadRenamingRunnable.run(ThreadRenamingRunnable.java:108) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.util.internal.DeadLockProofWorker$1.run(DeadLockProofWorker.java:44) [netty-3.2.6.Final.jar:]
              at org.jboss.netty.util.VirtualExecutorService$ChildExecutorRunnable.run(VirtualExecutorService.java:181) [netty-3.2.6.Final.jar:]
              at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110) [rt.jar:1.7.0_03]
              at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603) [rt.jar:1.7.0_03]
              at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_03]
      

       

      It's basically saying it can't find the com.mycompany.myapp.user.UserLoginModule class.

      But it sounds like it expects the login module to be in "jboss7 module" form?  As in the form of a jar and in jboss7.1.1's modules directory?

       

      I got desperate and tried just copying all my classes into a jar (which contained com.mycompany.myapp.user.UserLoginModule and any dependent classes), made a module.xml and placed it into it's own "com.mycompany" module folder under $JBOSS_HOME/modules/ but I got the same error.

       

      Has anyone run into this problem before?  If so, how did you solve it?  I'm thinking if there's a way to append to the "roots" that is being used to look for login modules that might do the trick.  Right now it's set to "C:\<my jboss7.1.1 install path>\modules" but I'm not sure how that is currently set.

       

      Thank you

        • 1. Re: Specifying location of a login module for HornetQ
          jmesnil

          madchedar0 wrote:

           

          It's basically saying it can't find the com.mycompany.myapp.user.UserLoginModule class.

          But it sounds like it expects the login module to be in "jboss7 module" form?  As in the form of a jar and in jboss7.1.1's modules directory?

           

          I got desperate and tried just copying all my classes into a jar (which contained com.mycompany.myapp.user.UserLoginModule and any dependent classes), made a module.xml and placed it into it's own "com.mycompany" module folder under $JBOSS_HOME/modules/ but I got the same error.

          You also need to add a reference to your module "com.mycompany" to the messaging module in $JBOSS_HOME/modules/org/jboss/as/messaging/main/module.xml.

           

          However I don't think this is the right way to go as I expected the security subsystem to accept user-defined modules for the security-domain.

          Could you look at https://docs.jboss.org/author/display/AS71/Security+Realms and post to AS7 forum if you don't find a way to specify the login-module without any changes to JBoss modules.

           

          thanks,

          jeff

          • 2. Re: Specifying location of a login module for HornetQ
            jmesnil

            Jeff Mesnil wrote:

             

            madchedar0 wrote:

             

            It's basically saying it can't find the com.mycompany.myapp.user.UserLoginModule class.

            But it sounds like it expects the login module to be in "jboss7 module" form?  As in the form of a jar and in jboss7.1.1's modules directory?

             

            I got desperate and tried just copying all my classes into a jar (which contained com.mycompany.myapp.user.UserLoginModule and any dependent classes), made a module.xml and placed it into it's own "com.mycompany" module folder under $JBOSS_HOME/modules/ but I got the same error.

            You also need to add a reference to your module "com.mycompany" to the messaging module in $JBOSS_HOME/modules/org/jboss/as/messaging/main/module.xml

            After examing AS7 security subsystem, I think the correct way to plug your own login module is:

            1. create a JBoss module com.mycompany with all the required code and put in in the JBoss modules directory (like you have done)

            2. add a module attribute to your login-module configuration:

             

            <security-domain name="myapp" cache-type="default">
                <authentication>
                    <login-module code="com.mycompany.myapp.user.UserLoginModule" module="com.mycompany" flag="required"/>
                </authentication>
            </security-domain>

             

            Could you give it a try and tell me if that works for you?

             


            • 3. Re: Specifying location of a login module for HornetQ
              madchedar0

              This approach allows JBoss to see that I have a custom login module.  Well at least I think JBoss is loading everything associated with the module, so thank you!

               

              Do you know if it's possible to have the JAAS login module reside within an .ear and just deploy the .ear itself?

               

              I found this thread but it appears he had to move to JBoss 7.1.2... I'm currently on 7.1.1.Final and would prefer to remain on that version:

               

              https://community.jboss.org/thread/198863

               

              Thanks

              • 4. Re: Specifying location of a login module for HornetQ
                jmesnil

                madchedar0 wrote:

                 

                Do you know if it's possible to have the JAAS login module reside within an .ear and just deploy the .ear itself?

                 

                I found this thread but it appears he had to move to JBoss 7.1.2... I'm currently on 7.1.1.Final and would prefer to remain on that version.

                Which thread?

                • 5. Re: Specifying location of a login module for HornetQ
                  madchedar0

                  https://community.jboss.org/thread/198863

                   

                  Sorry I guess I forgot to include it.  I've updated my post to include the link.