2 Replies Latest reply on Nov 21, 2011 2:47 AM by jaikiran pai

    Error " java.lang.SecurityException: Authentication exception, principal=null"

    fulgore fulgore Newbie

      Hello,

       

      I'm moving my EJB2 application from JBoss 4.2.2 to JBoss 5.1 . I have a Web/Tomcat client, the following exception is thrown in JBoss when the client invokes a remote method:

       

      [SecurityInterceptor] Error in Security Interceptor

      java.lang.SecurityException: Authentication exception, principal=null

      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityContext(SecurityInterceptor.java:321)

      at org.jboss.ejb.plugins.SecurityInterceptor.process(SecurityInterceptor.java:243)

      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:205)

      at org.jboss.ejb.plugins.security.PreSecurityInterceptor.process(PreSecurityInterceptor.java:136)

      at org.jboss.ejb.plugins.security.PreSecurityInterceptor.invokeHome(PreSecurityInterceptor.java:88)

      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)

      at org.jboss.ejb.plugins.CleanShutdownInterceptor.invokeHome(CleanShutdownInterceptor.java:216)

      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)

       

       

      my ejb-jar:

       

      ---------------------

      <ejb-jar >

         <enterprise-beans>  

              <session >           

                  <ejb-name>MyBeanRemote</ejb-name>

                  <home>net.mybean.v2.ejbs.IMyBeanHomeRemote</home>

                  <remote>net.mybean.v2.ejbs.IMyBeanRemote</remote>

                  <ejb-class>

                      net.mybean.v2.ejbs.MyBeanSessionBean</ejb-class>

                  <session-type>Stateless</session-type>

                  <transaction-type>Bean</transaction-type>

                  <security-identity>           

                      <run-as>

                          <role-name>everyone</role-name>

                      </run-as>

                  </security-identity>

              </session>

          </enterprise-beans>

       

         <assembly-descriptor >

              <method-permission>         

                  <role-name>everyone</role-name>

                  <method>

                      <ejb-name>MyBeanRemote</ejb-name>

                      <method-name>*</method-name>

                  </method>

              </method-permission>

         </assembly-descriptor>

      </ejb-jar>

       

      -------------------------

       

       

      my jboss:

       

      -----------------------

      <jboss>

         <unauthenticated-principal>nobody</unauthenticated-principal>

         <enterprise-beans>

          <session>

               <ejb-name>MyBeanRemote</ejb-name>

               <jndi-name>MyBeanRemote</jndi-name>

                <invoker-bindings>

                  <invoker>

                     <invoker-proxy-binding-name>retryCluster</invoker-proxy-binding-name>

                     <jndi-name>MyBeanRemote</jndi-name>

                  </invoker>

               </invoker-bindings>

               <clustered>True</clustered>

                  <cluster-config>

                      <partition-name>DefaultPartition</partition-name>

                      <home-load-balance-policy>

                          org.jboss.ha.framework.interfaces.RoundRobin

                      </home-load-balance-policy>

                      <bean-load-balance-policy>

                          org.jboss.ha.framework.interfaces.RoundRobin

                      </bean-load-balance-policy>

                  </cluster-config>

               <method-attributes>

              </method-attributes>

           </session>   

         </enterprise-beans>

         <invoker-proxy-bindings>

         <invoker-proxy-binding>

               <name>retryCluster</name>

               <invoker-mbean>jboss:service=invoker,type=jrmpha</invoker-mbean>

               <proxy-factory>org.jboss.proxy.ejb.ProxyFactoryHA</proxy-factory>

               <proxy-factory-config>

                  <client-interceptors>

                     <home>

                        <interceptor>org.jboss.proxy.ejb.HomeInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>

                        <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

                     </home>

                     <bean>

                        <interceptor>org.jboss.proxy.ejb.StatelessSessionInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.SecurityInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.TransactionInterceptor</interceptor>

                        <interceptor>org.jboss.proxy.ejb.SingleRetryInterceptor</interceptor>

                        <interceptor>org.jboss.invocation.InvokerInterceptor</interceptor>

                     </bean>

                  </client-interceptors>

               </proxy-factory-config>

            </invoker-proxy-binding>

         </invoker-proxy-bindings>

      </jboss>

      -----------------------------------

       

       

      jndi.properties conf:

       

      ---------

      java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory

      java.naming.factory.url.pkgs=jboss.naming:org.jnp.interfaces

      java.naming.provider.url=machine01:1100, machine02:1100

      --------------------

       

       

       

       

      my login-config (default values):

       

      ------------

      <policy>

       

          <application-policy name = "client-login">

             <authentication>

                <login-module code = "org.jboss.security.ClientLoginModule"

                   flag = "required">          

                   <module-option name="restore-login-identity">true</module-option>

                </login-module>

             </authentication>

          </application-policy>

       

          <application-policy name = "jbossmq">

             <authentication>

                <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"

                   flag = "required">

                   <module-option name = "unauthenticatedIdentity">guest</module-option>

                   <module-option name = "dsJndiName">java:/DefaultDS</module-option>

                   <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>

                   <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>

                </login-module>

             </authentication>

          </application-policy>  

       

          <application-policy name = "HsqlDbRealm">

             <authentication>

                <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"

                   flag = "required">

                   <module-option name = "principal">sa</module-option>

                   <module-option name = "userName">sa</module-option>

                   <module-option name = "password"></module-option>

                   <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>

                </login-module>

             </authentication>

          </application-policy>

       

          <application-policy name = "JmsXARealm">

             <authentication>

                <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"

                   flag = "required">

                   <module-option name = "principal">guest</module-option>

                   <module-option name = "userName">guest</module-option>

                   <module-option name = "password">guest</module-option>

                   <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>

                </login-module>

             </authentication>

          </application-policy>

       

          <application-policy name = "jmx-console">

             <authentication>

                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

                   flag = "required">

                 <module-option name="usersProperties">props/jmx-console-users.properties</module-option>

                 <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>

                </login-module>

             </authentication>

          </application-policy>

       

          <application-policy name = "web-console">

             <authentication>

                <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

                   flag = "required">

                   <module-option name="usersProperties">web-console-users.properties</module-option>

                   <module-option name="rolesProperties">web-console-roles.properties</module-option>

                </login-module>

             </authentication>

          </application-policy>

       

          <application-policy name="JBossWS">

            <authentication>

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"

                flag="required">

                <module-option name="usersProperties">props/jbossws-users.properties</module-option>

                <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>

                <module-option name="unauthenticatedIdentity">anonymous</module-option>

              </login-module>

            </authentication>

          </application-policy>

       

          <application-policy name = "other">     

             <authentication>

                <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"

                   flag = "required" />

             </authentication>

          </application-policy>

       

      </policy>

       

      --------------

       

       

      It works fine in JBoss 4.2.2, but I don't know what the problem is in JBoss 5.1 .  Any idea ?

       

       

      Thanks in advance.