Jboss 5 Unauthenticated-principal tag issues ?
shavidh Jan 11, 2010 10:29 AMI have a message-driven bean bean calling a session bean and it fails when it does the authentication with the following -
[Error]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=create;
javax.security.auth.login.LoginException
at org.jboss.security.auth.spi.LdapExtLoginModule.getRoleSets(LdapExtLoginModule.java:243)
at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:220)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:87)
at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:543)
at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:540)
at java.security.AccessController.doPrivileged(Native Method)
at org.jboss.ejb.plugins.SecurityActions.isValid(SecurityActions.java:539)
at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:314)
at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)
at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
at org.jboss.ejb.Container.invoke(Container.java:1109)
at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
at $Proxy433.create(Unknown Source)
This is my configuration -
security-policy....
<application-policy xmlns="urn:jboss:security-beans:1.0" name="my-realm">
<authentication>
<login-module code="xxx.xxx.xxx.xxxLoginModule" flag="required" > -- This loginModule extends LdapExtLoginModule
<module-option name="unauthenticatedIdentity">SYS</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">xxx:389/</module-option>
<module-option name="bindCredential">xxx</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=Directory Manager</module-option>
<module-option name="baseCtxDN">dc=webapp,dc=yyy,dc=org</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Groups, dc=webapp, dc=yyy, dc=org</module-option>
<module-option name="roleFilter">(uniqueMember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="searchTimeLimit">50000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="defaultRole">def</module-option>
</login-module>
</authentication>
I have a jboss-app.xml with the following -
<jboss-app>
<security-domain>my-realm</security-domain>
<unauthenticated-principal>SYS</unauthenticated-principal>
</jboss-app>
From the log , i can see that its trying to authenticate the correct realm, but instead of using the unauthenticated principal, it tries using principal = null .....
This setup is working with jboss 4.2.0ga. Is there anything wrong with the way i configured them ???
Any help is appreciated.