0 Replies Latest reply on Jul 30, 2010 7:06 AM by Subramaniam Venkatachalam

    UsernamePasswordLoginModule throwing NullPointer Exception

    Subramaniam Venkatachalam Newbie

      Hello,

       

      I am using Jboss Sx for JAAS Authentication, I have 3 LoginModule i.e. DatabaseServerLoginModule , ClientLoginModule and UsernamePasswordLoginModule.

       

      I get authenticate when I in login into the application with the DatabaseServerLoginModule. After which when I do doesUserHaveRole on JaasSecurityManagerServiceMBean, and I supply the principal. I get a NullPointerException thrown from the UsernamePasswordLoginModule.

       

      I have enabled useFirstPass on DatabaseServerLoginModule and UsernameLoginModule, but not enabled the same on ClientLoginModule.

       

      After the NullPointer exception the abort method is invoked.

       

      I have extended the UsernameLoginModule and overriden "getUsersPassword" and "getRolesSet".

       

      I am using Jboss.5.1.0 server and the jbosssx-client.jar version is 2.0.3 SP1.

       

      Please find the stack trace attached.

       

       

      2010-07-29 19:42:36,335 TRACE [RMI TCP Connection(386)-172.21.176.180]-[org.jboss.security.plugins.auth.JaasSecurityManagerBase.main] Login failure
      javax.security.auth.login.LoginException: java.lang.NullPointerException
          at org.jboss.security.auth.spi.Util.createPasswordHash(Util.java:382)
          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:457)
          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:243)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
          at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
          at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
          at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
          at org.jboss.security.plugins.JaasSecurityManagerService.doesUserHaveRole(JaasSecurityManagerService.java:393)
          at sun.reflect.GeneratedMethodAccessor745.invoke(Unknown Source)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:597)
          at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
          at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
          at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
          at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
          at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
          at javax.management.MBeanServerInvocationHandler.invoke(MBeanServerInvocationHandler.java:288)
          at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:171)
          at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:204)
          at $Proxy348.doesUserHaveRole(Unknown Source)

       

       

      Please find my jaas:application properties.

       

       

      <jaas:application-policy name="main">
             <jaas:authentication>                   
            <jaas:login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"  flag="required">
              <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
              <jaas:module-option name="hashAlgorithm">MD5</jaas:module-option>
              <jaas:module-option name="hashEncoding">base64</jaas:module-option>
              <jaas:module-option name="dsJndiName">java:/jdbc/testDB</jaas:module-option>
              <jaas:module-option name="principalsQuery">select password from User where binary name = ?</jaas:module-option>
              <jaas:module-option name="rolesQuery">select r.name, 'Roles' from Role,User u where u.name = ?</jaas:module-option>
            </jaas:login-module>
            <!--  Logging to a log file -->
            <jaas:login-module code="com.security.usermanagement.impl.LoggingLoginModule"
               flag="required">
               <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
            </jaas:login-module>
            <!--  Keeps #failedLogins,lastFailedLoginDate and lastSuccessLoginDate up to date -->
            <jaas:login-module code="com.security.usermanagement.impl.UpdateUserInfoLoginModule"
               flag="required">
               <jaas:module-option name="password-stacking">useFirstPass</jaas:module-option>
               <jaas:module-option name="dsJndiName">java:/jdbc/testDB</jaas:module-option>
            </jaas:login-module>
            <!-- Associates the credentials to the current thread, we need this -->
            <jaas:login-module code="org.jboss.security.ClientLoginModule"
               flag="required">
               <!-- it will look for an existing password and not go for authentication -->
            </jaas:login-module>
             </jaas:authentication>
          </jaas:application-policy>

       

      Can you please give me some clue why this behaviour.

       

      Thanks & Warm Regards,

      Anand.