3 Replies Latest reply on Jul 9, 2010 8:37 AM by Michael Lück

    Authentication Problem with axis 1.4 on Jboss 5.1

    Michael Lück Newbie

      Hi,

       

      I'm currently trying to port our modules from Jboss 4.2.3 to Jboss 5.1.

      I deployed the war archive axis.war and all necessary libs and the war file deployed without errors.  Also i can open the axis web-application through the browser which is hosted on the url http://localhost:8080/axis

       

      But if I try to call a webservice whose WSDL is deployed on the URL http://localhost:8080/axis/services I get the following error:

       

      17:04:14,008 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
          at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
          at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
          at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
          at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

      ... more stacktraces ...

      17:04:14,043 ERROR [SecurityInterceptor] Error in Security Interceptor
      java.lang.SecurityException: Authentication exception, principal=null

       

      The web.xml of the axis.war does not specify any security-constraints and it does not have a jboss-web.xml where a security-domain is to be specified.

      In the login-config.xml I haven't added any UserRolesLoginModule. I changed the security-domain "other" but it doesn't help.

       

      Do you have any hints where i can look? I don't have any more ideas where to look.

       

      Update:

      Some more research shows that the axis servlet is trying to invoke the EJBs in which the web services are implemented. During this the exception occurs.

      I wonder whether there is some access control between the axis-servlet and the EJBs. But i still dont' know how to configure that access control (security-domain or whatever). Have had a look at the deploy/security folder but didn't found somethin useful for me.

        • 1. Re: Authentication Problem with axis 1.4 on Jboss 5.1
          Michael Lück Newbie

          So I got it working.

           

          Problem were method-permission expressions within the EJB Deployment descriptor. Seems Configuration needs to change because we're using a custom login provider which is called programmatically. Default configuration seems to add the EJB to the "other" security domain for which is configured to use UsersRolesLoginModule.

           

          The method-permission expression included a role element which seems isn't needed. But i need to verify this.

           

          sorry for the inconvenience.

          • 2. Re: Authentication Problem with axis 1.4 on Jboss 5.1
            Anil Mathew Newbie

            I saw your posting saying it is fixed and i think we are having the same issue (except that i am not using AXIS). Below is the details of my issue. Can you help me on this please?

             

             

            I am trying to migrate our application from Jboss 4.0.3 to  JBoss_5_1_0_GA. I am getting the below error while invoking a EJB method:

             

             

            12:31:03,246 ERROR [SecurityInterceptor] Error in Security Interceptor java.lang.SecurityException: Authentication exception, principal=null

                   at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)

                   at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)

                   at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)

                   at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)

                   at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)

                   at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)

                   at org.jboss.ejb.plugins.CleanShutdownInterceptor.invokeHome(CleanShutdownInterceptor.java:216)

                   at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)

                   at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:639)

                   at org.jboss.ejb.Container.invoke(Container.java:1046)

                   at sun.reflect.GeneratedMethodAccessor349.invoke(Unknown Source)

                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                   at java.lang.reflect.Method.invoke(Method.java:597)

             

            Below is from ejb-jar.xml file:

            -------------------------------------------

             

            <assembly-descriptor>

               <security-role>principal_for_system</security-role>

                ---

            </assembly-descriptor>

             

            Below is from my all.pvo/conf/login-config.xml file

            ---------------------------------------------------------------------

             

            <application-policy name="jwdomain">

                  <authentication>

                       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"         flag="required">

                            <module-option name="principal">PVOADMINP</module-option>

                            <module-option name="userName">pvoadmin</module-option>

                            <module-option name="password">pvoadmin</module-option>

                            <module-option name="usersProperties">props/jbosspvo-users.properties</module-option>

                            <module-option name="rolesProperties">props/jbosspvo-roles.properties</module-option>

                       </login-module>

                 <authentication>

            <application-policy>

             

            Below is my jboss.xml

            --------------------------------

             

            <jboss>

                 <security-domain>java:/jaas/jwdomain</security-domain>

                 <enterprise-beans>

             

                    ---

            </jboss>

             

             

            I enabled the Jboss TRACE and i am getting the below info:

            -------------------------------------------------------------------------------------

             

             

            2010-07-08 12:31:03,241 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jwdomain] (main) defaultLogin, principal=null 2010-07-08 12:31:03,241 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (main) Begin getAppConfigurationEntry(jwdomain), size=12 2010-07-08 12:31:03,241 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (main) End getAppConfigurationEntry(jwdomain), authInfo=AppConfigurationEntry[]: [0]

             

            LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule

            ControlFlag: LoginModuleControlFlag: required

            Options:

            name=usersProperties, value=props/jbosspvo-users.properties

            name=principal, value=PVOADMINP

            name=userName, value=pvoadmin

            name=rolesProperties, value=props/jbosspvo-roles.properties

            name=password, value=****

             

            2010-07-08 12:31:03,242 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) initialize

            2010-07-08 12:31:03,242 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Security domain: jwdomain

            2010-07-08 12:31:03,242 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) findResource: null

            2010-07-08 12:31:03,242 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Properties file=vfsfile:/opt/pvo/cots/jboss-5.1.0.GA/server/all.pvo/conf/props/jbosspvo-users.properties, defaults=null

            2010-07-08 12:31:03,242 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Loaded properties, users=[pvoadmin]

            2010-07-08 12:31:03,242 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) findResource: null

            2010-07-08 12:31:03,243 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Properties file=vfsfile:/opt/pvo/cots/jboss-5.1.0.GA/server/all.pvo/conf/props/jbosspvo-roles.properties, defaults=null

            2010-07-08 12:31:03,243 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Loaded properties, users=[pvoadmin]

            2010-07-08 12:31:03,243 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) login

            2010-07-08 12:31:03,243 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Authenticating as unauthenticatedIdentity=null

            2010-07-08 12:31:03,243 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) Bad password for username=null

            2010-07-08 12:31:03,244 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (main) abort

            2010-07-08 12:31:03,244 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jwdomain] (main) Login failure

             

            javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required

                     at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)   

                    at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)

                     ---    

             

                    at java.lang.Thread.run(Thread.java:619)

                   2010-07-08 12:31:03,237 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jwdomain] (main) End isValid, false

                   2010-07-08 12:31:03,237 TRACE [org.jboss.security.audit.providers.LogAuditProvider] (main) [Error]Source=org.jboss.security.javaee.EJBAuthenticationHelper;principal=null;method=create;

                   javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required      

                   at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)      

                   at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)      

                   at sun.reflect.GeneratedMethodAccessor351.invoke(Unknown Source)      

                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)      

                   at java.lang.reflect.Method.invoke(Method.java:597)    

                   at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)      

                   ----------

             

                   2010-07-08 12:31:03,237 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (main) Error in Security Interceptor

                   java.lang.SecurityException: Authentication exception, principal=null      

                   at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)      

                   at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)      

                   at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)      

                   at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)

            • 3. Re: Authentication Problem with axis 1.4 on Jboss 5.1
              Michael Lück Newbie

              Hi,

               

              I know the question seems a bit dumb but did you add the role and username to the property files?

               

              I haven't seen an application-policy that already defines username and password. Are that the default-values?

               

              Sorry but I really don't have any more ideas what the cause of the error could be beside missing configuration or a wrong password.