0 Replies Latest reply on Feb 21, 2010 1:17 PM by Luca Merolla

    Problem authentication

    Luca Merolla Newbie

      Hi all,

       

      I'm having problems with the authentication and RESTeasy. I'm using JBossAS-5.1.0GA

       

      I have setup the security with in login-config.xml like that:

          <application-policy name="gamgamSDomain">
              <authentication>
                  <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
                      <module-option name="hashAlgorithm">MD5</module-option>
                      <module-option name="hashEncoding">HEX</module-option>
                      <module-option name="unauthenticatedIdentity">guest</module-option>
                      <module-option name="dsJndiName">java:/MySqlLoginDS</module-option>
                      <module-option name="principalsQuery">SELECT vpassword FROM VUser WHERE vname=?</module-option>
                      <module-option name="rolesQuery">SELECT vrole, 'Roles' FROM VRole WHERE vname=?</module-option>
                  </login-module>
              </authentication>
          </application-policy>

      I have a WEB application that performs a FORM login and works fine using that security domain. Here is the jboss-web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
          <security-domain>java:/jaas/gamgamSDomain</security-domain>
      </jboss-web>

      The web.xml is quite long, but here is an extract:

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>gamgamWEB</display-name>
        <security-role>
          <role-name>admin</role-name>
        </security-role>
        <security-role>
          <role-name>user</role-name>
        </security-role>
        <security-constraint>
          <web-resource-collection>
            <web-resource-name>IndexManagement</web-resource-name>
            <url-pattern>/secure/*</url-pattern>
          </web-resource-collection>
          <auth-constraint>
            <role-name>admin</role-name>
          </auth-constraint>
        </security-constraint>

      ....

        <login-config>
          <auth-method>FORM</auth-method>
          <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/loginfail.jsp</form-error-page>
          </form-login-config>
        </login-config>

      ...

      </web-app>

      Now, I wanted to test RESTeasy security. So I have created another web application, I have used the same jboss-web.xml because I want to use the same security domain and I have created a different web.xml

      <?xml version="1.0" encoding="UTF-8"?>
      <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
          xmlns:j2ee="http://java.sun.com/xml/ns/javaee"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://java.sun.com/xml/ns/javaee    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
          >
         
          <display-name>RESTful Java Web Service</display-name>       
          <!--  this tells RESTEasy to load resource classes -->
          <context-param>
              <param-name>resteasy.scan</param-name>
              <param-value>true</param-value>
          </context-param>
          <!-- to turn on security -->
          <context-param>
              <param-name>resteasy.role.based.security</param-name>
              <param-value>true</param-value>
          </context-param>
          <listener>
              <listener-class>
             org.jboss.resteasy.plugins.server.servlet.ResteasyBootstrap
              </listener-class>
          </listener>
          <servlet>
              <servlet-name>JAXRS</servlet-name>
              <servlet-class>
                  org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher
              </servlet-class>
          </servlet>        
          <servlet-mapping>
              <servlet-name>Resteasy</servlet-name>
              <url-pattern>/*</url-pattern>
          </servlet-mapping>

         <security-constraint>
          <web-resource-collection>
              <web-resource-name>Resteasy users</web-resource-name>
               <!--  <url-pattern>/security</url-pattern>
               -->
              <url-pattern>/users/*</url-pattern>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
          </web-resource-collection>
          <auth-constraint>
              <role-name>admin</role-name>
          </auth-constraint>
        </security-constraint>

          <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>jaxrs</realm-name>
          </login-config>
         
          <security-role>
              <role-name>admin</role-name>
          </security-role>
      </web-app>

      So, if I try to login from the WEB application it works and I get something like that in the log:

      2010-02-21 17:09:44,784 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost%2F127.0.0.1-8080-1:) Setting threadlocal:{}
      2010-02-21 17:09:44,785 TRACE [org.jboss.web.tomcat.security.JaccContextValve] (http-localhost%2F127.0.0.1-8080-1:) MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1484bc6c:principalToRoleSetMap{}
      2010-02-21 17:09:44,786 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-1:) Begin authenticate, username=admin
      2010-02-21 17:09:44,801 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) Begin isValid, principal:admin, cache info: null
      2010-02-21 17:09:44,802 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) defaultLogin, principal=admin
      2010-02-21 17:09:44,802 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-1:) Begin getAppConfigurationEntry(gamgamSDomain), size=12
      2010-02-21 17:09:44,802 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-1:) End getAppConfigurationEntry(gamgamSDomain), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=hashAlgorithm, value=MD5
      name=principalsQuery, value=SELECT vpassword FROM VUser WHERE vname=?
      name=unauthenticatedIdentity, value=guest
      name=hashEncoding, value=HEX
      name=dsJndiName, value=java:/MySqlLoginDS
      name=rolesQuery, value=SELECT vrole, 'Roles' FROM VRole WHERE vname=?

      2010-02-21 17:09:44,804 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) initialize
      2010-02-21 17:09:44,804 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Security domain: gamgamSDomain
      2010-02-21 17:09:44,804 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Saw unauthenticatedIdentity=guest
      2010-02-21 17:09:44,804 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Password hashing activated: algorithm = MD5, encoding = HEX, charset = {default}, callback = null, storeCallback = null
      2010-02-21 17:09:44,804 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) DatabaseServerLoginModule, dsJndiName=java:/MySqlLoginDS
      2010-02-21 17:09:44,805 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) principalsQuery=SELECT vpassword FROM VUser WHERE vname=?
      2010-02-21 17:09:44,805 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) rolesQuery=SELECT vrole, 'Roles' FROM VRole WHERE vname=?
      2010-02-21 17:09:44,805 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) suspendResume=true
      2010-02-21 17:09:44,805 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) login
      2010-02-21 17:09:44,806 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) suspendAnyTransaction
      2010-02-21 17:09:44,807 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Excuting query: SELECT vpassword FROM VUser WHERE vname=?, with username: admin
      2010-02-21 17:09:44,808 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Obtained user password
      2010-02-21 17:09:44,808 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) resumeAnyTransaction
      2010-02-21 17:09:44,808 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) User 'admin' authenticated, loginOk=true
      2010-02-21 17:09:44,809 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) commit, loginOk=true
      2010-02-21 17:09:44,809 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) getRoleSets using rolesQuery: SELECT vrole, 'Roles' FROM VRole WHERE vname=?, username: admin
      2010-02-21 17:09:44,809 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) suspendAnyTransaction
      2010-02-21 17:09:44,810 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Excuting query: SELECT vrole, 'Roles' FROM VRole WHERE vname=?, with username: admin
      2010-02-21 17:09:44,811 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Assign user to role admin
      2010-02-21 17:09:44,811 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) resumeAnyTransaction
      2010-02-21 17:09:44,811 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) defaultLogin, lc=javax.security.auth.login.LoginContext@92e44d, subject=Subject(30061291).principals=org.jboss.security.SimplePrincipal@10294300(admin)org.jboss.security.SimpleGroup@16686575(Roles(members:admin))

      If I try with RESTeasy I get:

      2010-02-21 16:13:10,585 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost%2F127.0.0.1-8080-1:) Setting threadlocal:{}
      2010-02-21 16:13:10,585 TRACE [org.jboss.web.tomcat.security.JaccContextValve] (http-localhost%2F127.0.0.1-8080-1:) MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMap{}
      2010-02-21 16:13:10,586 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-localhost%2F127.0.0.1-8080-1:) Control flag for entry:org.jboss.security.authorization.config.Authorizatio
      nModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
      2010-02-21 16:13:10,587 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (http-localhost%2F127.0.0.1-8080-1:) [Success]Source=org.jboss.security.plugins.javaee.WebAuthorizationHelper;Exception:=;userD
      ataPermissionCheck=true;securityConstraints=SecurityConstraint[Resteasy];Resource:=[org.jboss.security.authorization.resources.WebResource:contextMap={userDataPermissionCheck=true, securityConstraints=[Lorg.apac
      he.catalina.deploy.SecurityConstraint;@edb5aa, policyRegistration=org.jboss.security.plugins.JBossPolicyRegistration@20fcab},canonicalRequestURI=null,request=[/ggGate],CodeSource=null];policyRegistration=org.jbo
      ss.security.plugins.JBossPolicyRegistration@20fcab;
      2010-02-21 16:13:10,592 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-1:) Begin authenticate, username=admin
      2010-02-21 16:13:10,593 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) Begin isValid, principal:admin, cache info: null
      2010-02-21 16:13:10,594 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) defaultLogin, principal=admin
      2010-02-21 16:13:10,594 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-1:) Begin getAppConfigurationEntry(gamgamSDomain), size=12
      2010-02-21 16:13:10,594 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-localhost%2F127.0.0.1-8080-1:) End getAppConfigurationEntry(gamgamSDomain), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=hashAlgorithm, value=MD5
      name=principalsQuery, value=SELECT vpassword FROM VUser WHERE vname=?
      name=unauthenticatedIdentity, value=guest
      name=hashEncoding, value=HEX
      name=dsJndiName, value=java:/MySqlLoginDS
      name=rolesQuery, value=SELECT vrole, 'Roles' FROM VRole WHERE vname=?

      2010-02-21 16:13:10,596 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) initialize
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Security domain: gamgamSDomain
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Saw unauthenticatedIdentity=guest
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) Password hashing activated: algorithm = MD5, encoding = HEX, charset = {default}, callba
      ck = null, storeCallback = null
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) DatabaseServerLoginModule, dsJndiName=java:/MySqlLoginDS
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) principalsQuery=SELECT vpassword FROM VUser WHERE vname=?
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) rolesQuery=SELECT vrole, 'Roles' FROM VRole WHERE vname=?
      2010-02-21 16:13:10,597 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) suspendResume=true
      2010-02-21 16:13:10,600 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) login
      2010-02-21 16:13:10,600 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) suspendAnyTransaction
      2010-02-21 16:13:10,610 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) resumeAnyTransaction
      2010-02-21 16:13:10,611 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] (http-localhost%2F127.0.0.1-8080-1:) abort
      2010-02-21 16:13:10,611 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) Login failure
      javax.security.auth.login.LoginException: java.lang.NullPointerException
              at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:173)
              at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:597)
              at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
              at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
              at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
              at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
              at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
              at java.lang.Thread.run(Thread.java:619)
               at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
              at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
              at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
              at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
              at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
              at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
              at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
              at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
              at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
              at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
              at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
              at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
              at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
              at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
              at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
              at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
              at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
              at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
              at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:592)
              at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
              at java.lang.Thread.run(Thread.java:619)
      2010-02-21 16:13:10,612 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.gamgamSDomain] (http-localhost%2F127.0.0.1-8080-1:) End isValid, false
      2010-02-21 16:13:10,623 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (http-localhost%2F127.0.0.1-8080-1:) [Failure]Source=org.jboss.web.tomcat.security.JBossWebRealm;principal=admin;request=[/ggGa
      te:cookies=null:headers=host=localhost:8080,user-agent=Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.18) Gecko/2010021501 Ubuntu/9.04 (jaunty) Firefox/3.0.18,accept=text/html,application/xhtml+xml,application
      /xml;q=0.9,*/*;q=0.8,accept-language=en-us,en;q=0.5,accept-encoding=gzip,deflate,accept-charset=ISO-8859-1,utf-8;q=0.7,*;q=0.7,keep-alive=300,connection=keep-alive,authorization=][parameters=][attributes=];
      2010-02-21 16:13:10,623 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-1:) User: admin is NOT authenticated
      2010-02-21 16:13:10,623 TRACE [org.jboss.web.tomcat.security.JBossWebRealm] (http-localhost%2F127.0.0.1-8080-1:) End authenticate, principal=null
      2010-02-21 16:13:10,623 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost%2F127.0.0.1-8080-1:) Setting threadlocal:null
      2010-02-21 16:13:10,624 TRACE [org.jboss.security.SecurityRolesAssociation] (http-localhost%2F127.0.0.1-8080-1:) Setting threadlocal:null

      The main difference starts after the "suspendAnyTransaction". With RESTeasy then, there is not "Excuting query: SELECT vpassword FROM VUser WHERE vname=?, with username: admin" but instead there is "resumeAnyTransaction" and then "abort" with the following error message.

       

      Do you have any idea about what it could be the problem?

       

      Thanks in advance,

      Luca

       

      PS=sorry for the long post, but I wanted to be as accurate as possible