1 2 Previous Next 17 Replies Latest reply on Jul 18, 2013 2:36 PM by Antlia Antlia

    No authenticator available for programmatic login

    vide Newbie

      Hello,

       

        When I try to use new servlet 3.0 functions HttpServletRequest.authenticate or HttpServletRequest.login from my servlet, I always get "No authenticator available for programmatic login" error. How can I configure JBossAS to work with those functions? I am using JBoss 6.0 Final

        • 2. No authenticator available for programmatic login
          vide Newbie

          Hi,

           

            I saw this thread, but I don't have any context.xml. Is it needed in this case and if yes, what Valve I should define, because I don't have any custom Valve. And why JBossAS is not using default authenticator for programatic login?

           

          Sincerely,

          Vidas

          • 3. No authenticator available for programmatic login
            Wolfgang Knauf Master

            Hi,

             

            the end of the thread links to http://anonsvn.jboss.org/repos/jbossweb/trunk/java/org/apache/catalina/startup/ContextConfig.java

            Take a look at "protected void authenticatorConfig()": here you should the find the requirements to cause JBoss to create a default Authenticator. E.g. you need a "SecurityConstraint".

            Hope that digging through this method helps.

             

            Wolfgang

            • 4. No authenticator available for programmatic login
              vide Newbie

              Hi,

               

              I tried to use SecurityConstraint.

               

              My jboss-web.xml:

              {code:xml}

              <?xml version="1.0"?>

              <jboss-web>

                 <security-domain>java:/jaas/DBPolicy</security-domain>

              </jboss-web>

              {code}

               

              My web.xml:

              {code:xml}

              <?xml version="1.0" encoding="ISO-8859-1"?>

              <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"

                       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

                       xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">

               

              <security-constraint> 

                <web-resource-collection> 

                 <web-resource-name>All resources</web-resource-name> 

                 <description>Protects all resources</description> 

                 <url-pattern>/*</url-pattern> 

                </web-resource-collection> 

               

                <auth-constraint> 

                 <role-name>myrole</role-name> 

                </auth-constraint> 

              </security-constraint> 

              <security-role> 

                <role-name>myrole</role-name>

              </security-role> 

               

                 <login-config>

                    <auth-method>BASIC</auth-method>

                    <realm-name>DBRealm</realm-name>

                 </login-config>

              </web-app>

              {code}

               

              With this configuration BASIC authentication works fine and starts asking credentials when I try to access my servlet, but I don't want to use this type of authentication, instead I want to call it manually in my servlet using request.login(user, password) , but in this case it fails with "No authenticator available for programmatic login". It's difficult for me to dig into source, because I'm quite new to JBoss. So i'll be very appreciated for any help.

               

              Sincerely,

              Vidas

              • 5. No authenticator available for programmatic login
                vide Newbie

                  Solution to this problem was very simple. It was sufficient to change url-pattern in security-constraint to something like <url-pattern>/dummy_url/*</url-pattern>. In this case SecurityConstraint is created, authenticator loaded, and default autthentication is not called, when I access my servlet. So now I can call programmatic login and everything works fine.

                 

                Vidas

                • 6. Re: No authenticator available for programmatic login
                  Kirk Rasmussen Newbie

                  The following worked for me even without a dummy URL pattern. I guess because I didn't specifiy any method...

                   

                  <pre>

                  <security-constraint>

                  <display-name>SecureApplicationConstraint</display-name>

                  <web-resource-collection>

                  <web-resource-name>Vaadin application</web-resource-name>

                  <description>The entire Vaadin application is protected</description>

                  <url-pattern>/app/*</url-pattern>

                  </security-constraint>

                  </pre>

                  • 7. Re: No authenticator available for programmatic login
                    Parry Gill Newbie

                    Thanks vide and Kirk, you are life savers.

                    • 8. Re: No authenticator available for programmatic login
                      sgilda Newbie

                      If you get the error message "No authenticator available for programmatic login", you can alternatively add the appropriate Servlet 3.0 security annotations to the authentication servlet. If you do that, you do not need to add the security-constraint element to the web.xml file. For example:

                       

                       

                      // Imports for annotations

                       

                      import javax.annotation.security.DeclareRoles;

                      import javax.servlet.annotation.WebServlet;

                      import javax.servlet.annotation.HttpConstraint;

                      import javax.servlet.annotation.ServletSecurity;

                       

                      @WebServlet("/securedUrlPattern")

                      @ServletSecurity(@HttpConstraint(rolesAllowed = { "myRole" }))

                      @DeclareRoles("myRole")

                      public class SecuredServlet extends HttpServlet {

                          //Rest of servlet code

                      }

                      • 9. Re: No authenticator available for programmatic login
                        David Jensen Newbie

                        Hi,

                        Can you post ALL the relavent code?

                        I've tried to follow your directions exactly without success.

                        I think the problem is with my standalone.xml, and since I can't see yours, I'm unable to compare.

                         

                        Can you post the relavent section from your standalone.xml?

                         

                        Thanks!

                        • 10. Re: No authenticator available for programmatic login
                          Antlia Antlia Newbie

                          Hi Kirk, I've an issue, even after adding the <security-constraint> tag, in my web.xml.

                           

                          In my case, i have some EJBs in my ear application (separated from the web part), exposed as REST services with JAX-RS annotations.

                          One of these EJBs is the entry-point for the login process, where i'm invoking login() method on the HttpServletRequest object.

                           

                          The problems are the following:

                           

                          a) Multiple login not possible:

                               - I deploy the ear application, open a browser and do login via HttpServletRequest --> login success

                               - after the previous login, I open another browser and try to login as another user --> login failure, message: no authenticator available for programmatic login.

                           

                          b) Authenticator lost after EJBAccessException

                           

                          - If I invoke an EJB method annotated as @RolesAllowed("admin"), without having such permission, the result is an EJBAccessException

                          - After this exception I try to login inside the application, in order to obtain "admin" permissions for invoking the previous method --> login failure: no authenticator available for programmatic login.

                           

                           

                          JBoss Version: 7.1.1

                          • 11. Re: No authenticator available for programmatic login
                            albremer Newbie

                            Antlia Antlia wrote:

                             

                            a) Multiple login not possible:

                                 - I deploy the ear application, open a browser and do login via HttpServletRequest --> login success

                                 - after the previous login, I open another browser and try to login as another user --> login failure, message: no authenticator available for programmatic login.

                             

                            JBoss Version: 7.1.1

                             

                            I'm having the exact same problem. The first login works, any subsequent login does not.

                             

                            Did you find a solution?

                            • 12. Re: No authenticator available for programmatic login
                              Antlia Antlia Newbie

                              No, I've tried some solutions:

                               

                              - Adding <security-constraint> in web.xml

                              - Adding <security-constraint> and <login-method> in web.xml

                              - Adding authenticator valve (FormAuthenticator) in jboss-web.xml

                               

                              ...none of these works.

                               

                              I also noticed that this problem only happens when invoking EJB Exposed as REST services by RestEasy, the same login mechanism, if used with SOAP services (JAX-WS annotations on EJB), works perfectly.

                               

                              Does anyone have a solution for this issue?

                              • 13. Re: No authenticator available for programmatic login
                                albremer Newbie

                                Antlia Antlia wrote:

                                 

                                No, I've tried some solutions:

                                ...none of these works.

                                 

                                 

                                Thanks for your answer.

                                 

                                I will let you know, in case I can come up with a solution.

                                • 14. Re: No authenticator available for programmatic login
                                  albremer Newbie

                                  I was able to solve my problem: I was using a cached version of a HttpServletRequest instance which was no longer valid and therefore did not have any authenticators set.

                                   

                                  I'm using a GWTP Guice servlet for RPC and it turned out that the GWTP servlet actually caches its action handlers. Therefore the constructor of my action handler was not called and the HttpServletRequest member not updated.

                                  1 2 Previous Next