3 Replies Latest reply on Feb 24, 2015 12:45 PM by ma6rl

    Using Repository Explorer with a Custom LoginModule and Authenticator?

    ma6rl

      Is it possible to use the Modeshape Repository Explorer (4.2.0.Final) with a Custom Login Module and Modeshape Authenticator?

       

      I currently have the following configuration in my Wildfly Subsystem XML

       

      Repository Configuration

      <repository name="custom-repo" cache-name="custom-repo" cache-container="modeshape" security-domain="custom-security">
          <workspaces>
              <workspace name="default">
              </workspace>
          </workspaces>
          <authenticators>
              <authenticator name="custom" classname="com.custom.CustomAuthenticationProvider" module="deployment.custom.war"/>
          </authenticators>
      </repository>
      
      

       

      Security Configuration

      <security-domain name="modeshape-security" cache-type="default">
          <authentication>
              <login-module code="com.custom.CustomLoginModule" flag="required"/>
          </authentication>
      </security-domain>
      

       

      I believe the problem is that both my custom login module and authenticator are currently packaged in my WAR and while accessible to the security and modeshape sub-systems via the above configuration they are not accessible to the Modeshape Repository Explorer.

       

      Any suggestions on how I could use the explorer with the above configuration would be much appreciated.

        • 1. Re: Using Repository Explorer with a Custom LoginModule and Authenticator?
          hchiorean

          Assuming the problem is the fact that the Web Explorer application is unable to locate your class(es), the only option I see is manually editing & repackaging the jboss-deployment-structure.xml from the web explorer war and listing your own module (war) as a dependency.

          There is no technical way that I'm aware of to account for "dynamic" dependencies between WARs - i.e. there's nothing we can do in our prepackaged wars to account for these "external" dependencies.

          • 2. Re: Using Repository Explorer with a Custom LoginModule and Authenticator?
            ma6rl

            Horia Chiorean Thanks I figured that was the case. Modifying the jboss-deployment-structure.xml and re-packahing is probably the way to go. I'll give that a try.

             

            The error I get (see below) confirms it is a class loading issue.

             

            09:02:07,006 DEBUG [org.jboss.security] (default task-4) PBOX000206: Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: com.custom.CustomLoginModule from [Module "deployment.modeshape-explorer.war:main" from Service Module Loader]

              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:794) [rt.jar:1.8.0]

              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195) [rt.jar:1.8.0]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) [rt.jar:1.8.0]

              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) [rt.jar:1.8.0]

              at java.security.AccessController.doPrivileged(Native Method) [jrebel-bootstrap-430c92c8efdf5873677b6ac86d8ba91b.jar:]

              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.8.0]

              at javax.security.auth.login.LoginContext.login(LoginContext.java:587) [rt.jar:1.8.0]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:411) [picketbox-infinispan-4.0.21.Final.jar:4.0.21.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:350) [picketbox-infinispan-4.0.21.Final.jar:4.0.21.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:338) [picketbox-infinispan-4.0.21.Final.jar:4.0.21.Final]

              at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:148) [picketbox-infinispan-4.0.21.Final.jar:4.0.21.Final]

              at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verifyCredential(JAASIdentityManagerImpl.java:112)

              at org.wildfly.extension.undertow.security.JAASIdentityManagerImpl.verify(JAASIdentityManagerImpl.java:83)

              at io.undertow.security.impl.SecurityContextImpl.login(SecurityContextImpl.java:210) [undertow-core-1.1.0.Final.jar:1.1.0.Final]

              at io.undertow.servlet.spec.HttpServletRequestImpl.login(HttpServletRequestImpl.java:432) [undertow-servlet-1.1.0.Final.jar:1.1.0.Final]

              at org.modeshape.web.LoginServlet.processRequest(LoginServlet.java:51) [modeshape-web-explorer-4.2.0.Final.jar:4.2.0.Final]

              at org.modeshape.web.LoginServlet.doPost(LoginServlet.java:95) [modeshape-web-explorer-4.2.0.Final.jar:4.2.0.Final]

            • 3. Re: Using Repository Explorer with a Custom LoginModule and Authenticator?
              ma6rl

              Re-packaging the WAR with an jboss-deployment-strucutre.xml that lists my WAR as a dependency resolved the issue above.

               

              Unfortunately I use CDI (via Deltaspike) to inject my Authentication framework (PicketLink IDM) into the LoginModule and this causes additional errors as discussed in this forum post JBoss modules and CDI extension

               

              Given this I can't use the explorer with my custom login module but other people should be able to use this approach if they don't rely on CDI.