3 Replies Latest reply on Jul 22, 2011 11:16 AM by Wolfgang Knauf

    JBoss is use the false LoginModul

    Carmen Teich Newbie

      Hello,

       

      my problem is, that the server (jboss 6) try to find files like user.properties and roles.properties:

       

       

      But I have implemented a my own LdapLoginModul but the server always use the UserRolesModul.

       

       

      Any help for me?

        • 1. Re: JBoss is use the false LoginModul
          Wolfgang Knauf Master

          Hi,

           

          activate logging of the security layer: http://community.jboss.org/wiki/SecurityFAQ - question 4.

           

          This will reveal e.g. exceptions caused by configuration problems, and hopefully you will see whether your login module was detected or not.

           

          Best regards

           

          Wolfgang

          • 2. Re: JBoss is use the false LoginModul
            Carmen Teich Newbie

            Hi,

             

            I activate the logging for security. In the stacktrace I can see that the server can read the data out of the edesk-login-config.xml, where I defined my EdeskLdapLogin-Coonfiguration for the Ldap-Server Connection

             

             

            -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------     

            11:46:56,598 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(edesk), size=12

            11:46:56,599 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(edesk), authInfo=AppConfigurationEntry[]:

            [0]

            LoginModule Class: de.xcom.edesk.jboss.EdeskLdapLoginModule

            ControlFlag: Anmeldemodul-Steuerflag: required

            Options:

            name=userAttr1, value=companyname, Firma

            name=userAttr2, value=mail, Email Adresse

            name=userAttr3, value=

            name=unauthenticatedIdentity, value=Nobody

            name=userAttr8, value=

            name=userAttr9, value=

            name=userAttr4, value=

            name=userAttr5, value=

            name=userAttr6, value=

            name=userUID, value=uid

            name=userAttr7, value=

            name=java.naming.security.authentication, value=simple

            name=ExternalUserManagerJNDI, value=ejb3/edesk/LocalExternalUserManagerImpl

            name=ldap.servers, value=10.40.21.32

            name=java.naming.security.protocol, value=none

             

            -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

             

            but the stacktrace also say:

             

            ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

            11:46:56,007 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files: java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found

                at org.jboss.security.auth.spi.Util.loadProperties(Util.java:201) [:3.0.0.CR2]

                at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) [:3.0.0.CR2]

                at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) [:3.0.0.CR2]

                at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) [:3.0.0.CR2]

            ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

             

            But the server shoult use my own LoginModul (EdeskLdapLoginModul) instead of the UsersRolesLoginModule

             

            The server also can't deploy my AdminService which I need for Login:

             

            ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

            11:46:56,032 ERROR [AbstractKernelController] Error installing to Start: name=eDesk:service=Admin state=Create mode=Manual requiredState=Installed: javax.ejb.EJBAccessException: Invalid User

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:161) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.core.context.CurrentInvocationContextInterceptor.invoke(CurrentInvocationContextInterceptor.java:47) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) [:1.0.1]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.interceptor.EJB3TCCLInterceptor.invoke(EJB3TCCLInterceptor.java:86) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:392) [:1.7.17]

                at org.jboss.ejb3.remoting.IsLocalInterceptor.invokeLocal(IsLocalInterceptor.java:88) [:1.7.17]

                at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:75) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.ejb3.async.impl.interceptor.AsynchronousClientInterceptor.invoke(AsynchronousClientInterceptor.java:143) [:1.7.17]

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) [jboss-aop.jar:2.2.1.GA]

                at org.jboss.aspects.remoting.PojiProxy.invoke(PojiProxy.java:62) [:1.0.1.GA]

                at $Proxy296.invoke(Unknown Source)    at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:185) [:1.0.11]

                at $Proxy293.checkAndRepairDB(Unknown Source)    at de.xcom.edesk.jboss.AdminService.checkAndRepairDB(AdminService.java:149)

                at de.xcom.edesk.jboss.AdminService.startService(AdminService.java:127)

                at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:355) [:6.0.0.Final (Build SVNTag:JBoss_6.0.0.Final date: 20101228)]

            -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

             

            I dont' know what to do...please help

            • 3. Re: JBoss is use the false LoginModul
              Wolfgang Knauf Master

              Hi Carmen,

               

              to come up with an older question ;-):

              So, you have a service method "de.xcom.edesk.jboss.AdminService.checkAndRepairDB", which is called when the service is started? I assume that this method tries to call a secured EJB method, and this fails? Is this correct?

               

              If yes: how does the service method log in to the server? How is EJB security (e.g. security domain) configured?

               

              Best regards

               

              Wolfgang