0 Replies Latest reply on Jan 11, 2010 10:29 AM by vid sha

    Jboss 5  Unauthenticated-principal tag issues ?

    vid sha Newbie

      I have a message-driven bean bean calling a session bean and it fails when it does the authentication  with the following -

       

      [Error]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=create;
      javax.security.auth.login.LoginException
          at org.jboss.security.auth.spi.LdapExtLoginModule.getRoleSets(LdapExtLoginModule.java:243)
          at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:220)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:553)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:487)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.security.javaee.EJBAuthenticationHelper.isValid(EJBAuthenticationHelper.java:87)
          at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:543)
          at org.jboss.ejb.plugins.SecurityActions$13.run(SecurityActions.java:540)
          at java.security.AccessController.doPrivileged(Native Method)
          at org.jboss.ejb.plugins.SecurityActions.isValid(SecurityActions.java:539)
          at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:314)
          at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)
          at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)
          at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)
          at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)
          at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
          at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
          at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)
          at org.jboss.ejb.Container.invoke(Container.java:1109)
          at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:362)
          at org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:133)
          at $Proxy433.create(Unknown Source)

       

      This is my configuration -

       

      security-policy....

        <application-policy xmlns="urn:jboss:security-beans:1.0" name="my-realm">

           <authentication>
              <login-module code="xxx.xxx.xxx.xxxLoginModule" flag="required" >     -- This loginModule extends LdapExtLoginModule
                  <module-option name="unauthenticatedIdentity">SYS</module-option>
                  <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                  <module-option name="java.naming.provider.url">xxx:389/</module-option>
                  <module-option name="bindCredential">xxx</module-option>
                  <module-option name="java.naming.security.authentication">simple</module-option>
                  <module-option name="bindDN">cn=Directory Manager</module-option>
                  <module-option name="baseCtxDN">dc=webapp,dc=yyy,dc=org</module-option>
                  <module-option name="baseFilter">(uid={0})</module-option>
                  <module-option name="rolesCtxDN">ou=Groups, dc=webapp, dc=yyy, dc=org</module-option>
                  <module-option name="roleFilter">(uniqueMember={1})</module-option>
                  <module-option name="roleAttributeID">cn</module-option>
                  <module-option name="roleRecursion">-1</module-option>
                  <module-option name="roleNameAttributeID">cn</module-option>
                  <module-option name="roleAttributeIsDN">true</module-option>
                  <module-option name="searchTimeLimit">50000</module-option>
                  <module-option name="searchScope">SUBTREE_SCOPE</module-option>
                  <module-option name="defaultRole">def</module-option>
           </login-module>
          </authentication>

       

      I have a jboss-app.xml with the following -

       

       

      <jboss-app>
          <security-domain>my-realm</security-domain>
          <unauthenticated-principal>SYS</unauthenticated-principal>

       

      </jboss-app>

       

       

      From the log , i can see that its trying to authenticate the correct realm, but instead of using the unauthenticated principal, it tries using principal = null .....

       

      This setup is working with jboss 4.2.0ga. Is there anything wrong with the way i configured them ???

       

      Any help is appreciated.