1 Reply Latest reply on Jan 15, 2013 5:19 AM by bmateus

    Jboss Negotiation 2.1.1 and EJB3 Authentication

    bmateus
    bmateus Jan 15, 2013 5:18 AM

      Hi all,

       

      I have the following setup:

      • JBoss Negotiation 2.1.1
      • AD on Windows Server 2003
      • JBoss 4.2.3 on Windows Server 2008 R2
      • Client IE8 on Windows 7

       

      My main goal is to have SSO on my app (after a user is authenticated on the domain no username/password is required to access my app)

       

      I'm able to execute the Negotation Toolkit app successfully (all the three tests). I also successfully configured JBoss Negotiation on my app and I can access it transparently.

       

      My problem is related with EJB3 authentication. My EJBs have the following

       

       

      {code}
      @SecurityDomain("CORECOMPETENCE")
      (...)
      @RolesAllowed({"admin", "private"})
      {code}

       

      I have the following error

       

       

       
      {code}
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - Security domain: CORECOMPETENCE
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - removeRealmFromPrincipal=true
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - serverSecurityDomain=host
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - usernamePasswordDomain=null
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - login
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - abort
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.plugins.JaasSecurityManager.CORECOMPETENCE  - Login failure
      javax.security.auth.login.LoginException: No NegotiationContext and no usernamePasswordDomain defined.
                at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:188)
                at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:138)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                at java.security.AccessController.doPrivileged(Native Method)
                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
                at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
                at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
                at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
                at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
                at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)
                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)
                at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)
                at $Proxy373.findAllForListing(Unknown Source)
                at com.criticalsoftware.corecompetence.stripes.action.appraisal.AppraisalActionBean.appraisal(AppraisalActionBean.java:104)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       
      (...)
       
       
      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] ERROR com.criticalsoftware.webcore.stripes.exceptions.DefaultExceptionHandler  - Authentication failure
      javax.ejb.EJBAccessException: Authentication failure
                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)
                at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)
                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)
                at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)
                at $Proxy373.findAllForListing(Unknown Source)
                at com.criticalsoftware.corecompetence.stripes.action.appraisal.AppraisalActionBean.appraisal(AppraisalActionBean.java:104)
                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:597)
                at net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:445)
                at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:157)
                at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:107)
                at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:154)
                at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:73)
                at net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:443)
                at net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:241)
                at net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:154)
                at net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:61)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
       
      {code}
       

       

      I downloaded the code and using breakpoints I detected that when I execute the EJBs, the NegotiationAuthenticator is executed and the authenticator method authenticate returns true. After this the SPNEGOLoginModule is executed and the login method returns false, because no negotiation context is available (SPNEGOLoginModule.java innerLogin method).

       

       

      *Why is the login module executed if the authenticator method returns true?*

       

      I tried to follow the instructions on https://community.jboss.org/wiki/EJB3AuthenticationWithSPNEGO with no success.

       

       

      *Does anyone was able to setup EJB3 authentication on JBoss 4.2.x?*

       

      If required I can post my configuration.

       

      Thanks.

        • 1. Re: Jboss Negotiation 2.1.1 and EJB3 Authentication
          bmateus
          bmateus Jan 15, 2013 5:19 AM (in response to bmateus)

          Hello everyone, any ideas?

           

          When using EJB3 Authentication anyone knows if there are additional steps that must be performed to configure JBoss Negotiation 2.1.1 on JBoss 4.2.x?


          When the user is already authenticated, when acessing an EJB, the NegotationAuthenticator authenticate method returns true. Why the SPNEGOLoginModule is executed?

           

          Thanks.

            • Actions