4 Replies Latest reply on Apr 7, 2011 4:40 PM by Steve Myers

    How to deploy a custom login module in JBoss AS 5.1

    sacha Newbie

      Hi all,

       

      My problem is very simple. I use the JBoss LDAPLoginModule and it works i can see it in the log of my LDAP server. But when i try to use my own login module it does'nt work.

       

      This is the code of my LoginModule he is very simple because i want to be sure that he works before implementing the complete methods :

       

      import java.util.Map;

       

      import javax.security.auth.Subject;

      import javax.security.auth.callback.CallbackHandler;

      import javax.security.auth.login.LoginException;

      import org.jboss.security.auth.spi.LdapLoginModule;

      import org.Myapp.portal.logger.PortalLogger;

       

      public class MyApp_LdapLoginModule extends LdapLoginModule

      {

          private static PortalLogger logger = new PortalLogger(MyLoginModule.class);

          @Override

          public boolean login() throws LoginException

          {

              boolean response = super.login();

              logger.debug("Login");

              return response;

          }

       

          public void initialize(Subject subject, CallbackHandler CallbackHandler, Map sharedState, Map options)

          {

              logger.debug("Initialize");

              super.initialize(subject, CallbackHandler, sharedState, options);

          }

       

          public boolean commit() throws LoginException

          {

              logger.debug("Commit");

              return super.commit();

          }

       

          public boolean abort() throws LoginException

          {

              logger.debug("Abort");

              return super.abort();

          }   

       

          public boolean logout() throws LoginException

          {

              logger.debug("Logout");

              return super.logout();

          }

      }

       

      In the login-config.xml i've just replace this line :

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">

       

      By this one :

      <login-module code="org.MyApp.security.MyApp_LdapLoginModule" flag="required">

       

      And my class MyApp_LdapLoginModule is in a Jar file. I've place this jar in JBoss_HOME/server/default/lib

       

      The problem is that JBoss don't give me any error. He start normaly and when i start my application the Jboss server use the default policy for login.

       

      <application-policy name="other">

          <authentication>

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>

          </authentication>

      </application-policy>

       

      And never make any request to my loginModule or my LDAP server... I don't understand why the JBoss LoginModule works and mine don't.

       

      I think JBoss can't find my Jar file. i have try all directory : default/deploy, JBoss_HOME/lib, common/lib etc...

       

      Have you any idea ?

       

      Best regards

        • 1. How to deploy a custom login module in JBoss AS 5.1
          Wolfgang Knauf Master

          Hi,

           

          first step to do would be: activate logging of the security layer. See here, question 4: http://community.jboss.org/wiki/SecurityFAQ

          This should tell you whether there were e.g. configuration errors in the login config.

           

          Best regards

          1 of 1 people found this helpful
          • 2. Re: How to deploy a custom login module in JBoss AS 5.1
            sacha Newbie

            Hi,

             

            Thanks for your reply.

             

            I activate the logging. I have add this line in my jboss-log4J.xml

             

            <category name="org.jboss.security">

                 <priority value="TRACE" class="org.jboss.logging.XLevel"></priority>

            </category>

             

            <category name="org.jboss.web.tomcat.security">

                 <priority value="TRACE" class="org.jboss.logging.XLevel"></priority>

            </category>

             

            <category name="org.apache.catalina">

                 <priority value="DEBUG"></priority>

            </category>

             

             

            I get this log : Jboss can't initialize my LoginModule...

             

             

            LoginModule Class: org.openea.security.OpenEA_LdapLoginModule

            ControlFlag: LoginModuleControlFlag : required

            Options:

            name=uidAttributeID, value=member

            name=java.naming.security.authentication, value=simple

            name=java.naming.factory.initial, value=com.sun.jndi.ldap.LdapCtxFactory

            name=matchOnUserDN, value=true

            name=java.naming.provider.url, value=ldap://192.168.254.129/

            name=searchTimeLimit, value=5000

            name=rolesCtxDN, value=ou=Roles,dc=arismore,dc=com

            name=principalDNSuffix, value=,ou=People,dc=arismore,dc=com

            name=principalDNPrefix, value=uid=

            name=roleAttributeIsDN, value=false

            name=searchScope, value=ONELEVEL_SCOPE

            name=roleAttributeID, value=cn

             

            2011-03-02 10:32:58,478 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-2) Setting threadlocal:null

            2011-03-02 10:32:58,478 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8080-2) Setting threadlocal:null

            2011-03-02 10:32:58,478 ERROR [org.apache.catalina.connector.CoyoteAdapter] (http-0.0.0.0-8080-2) Une exception ou une erreur s'est produite dans le conteneur durant le traitement de la requ�te

            java.lang.NoClassDefFoundError: Could not initialize class org.openea.security.OpenEA_LdapLoginModule

                at java.lang.Class.forName0(Native Method)

                at java.lang.Class.forName(Class.java:247)

                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:731)

                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

                at java.security.AccessController.doPrivileged(Native Method)

                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

                at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)

                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)

                at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)

                at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)

                at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)

                at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)

                at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)

                at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)

                at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)

                at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)

                at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)

                at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)

                at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)

                at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)

                at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)

                at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)

                at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)

                at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)

                at java.lang.Thread.run(Thread.java:619)

             

            If you have any idea...

             

            Best regards

            1 of 1 people found this helpful
            • 3. Re: How to deploy a custom login module in JBoss AS 5.1
              sacha Newbie

              Hi,

               

              I have found my error. The problem come from the creation of Logger class. She was not in the Jar. That is why JBoss can not instantiate my login module

              who use this logger. My Login module works now.

               

              Thanks you for your help Wolfgang

               

              Best regards

              • 4. Re: How to deploy a custom login module in JBoss AS 5.1
                Steve Myers Newbie

                Hi, I'm getting the same error that says JBoss can not load my custom LoginModule.  Where did you put your JAR, in the EAR or the app server lib directory? and what did you add to your EAR so the class loader could load your LoginModule? Thanks,

                 

                -- Steve