6 Replies Latest reply on Sep 22, 2011 11:51 AM by vamshi appala

    servlet authentication fails

    vamshi appala Newbie

      I have declared the following Database security realm in the standalone. xml

       

      <security-domain name="DBLogin" cache-type="default">

                          <authentication>

                              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                                  <module-option name="dsJndiName" value="java:/DB"/>

                                  <module-option name="principalsQuery" value="select password from sessionuser where name=?"/>

                                  <module-option name="rolesQuery" value="select role, 'Roles' from sessionrole where name=?"/>

                                  <module-option name="hashAlgorithm" value="SHA-256"/>

                                  <module-option name="hashEncoding" value="base64"/>

                              </login-module>

                          </authentication>

                      </security-domain>

       

      I have developed the EJBS where I have used the @SecurityDomain as DBLogin. EJBS are bundled as jar and web application is bundled as war and the entire thing is contained in EAR,.

       

      I have developed an web application where I have used the servlet3 login as shown below.

       

      request.login("admin", "admin");

       

      I have bundled the war with jboss-web.xml which has following content

       

       

      <?xml version="1.0" encoding="UTF-8"?>

      <jboss-web>

        <security-domain>java:jboss/jaas/iS3Login</security-domain>

      </jboss-web>

       

       

      Now If I deploy the EAR and tried to execute the servlet ,I am getting following error message. Request help in resolving this error

       

      22:24:55,330 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/mdbwar].[com.test.jnditest]] (http--127.0.0.1-8080-1) Servlet.service() for servlet com.test.jnditest threw exception: javax.servlet.ServletException: No authenticator available for programmatic login

      at org.apache.catalina.connector.Request.login(Request.java:3244) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.connector.RequestFacade.login(RequestFacade.java:1082) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at com.test.jnditest.doGet(jnditest.java:39) [classes:]

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:734) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

      at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.0.Final.jar:1.0.0.Final]

      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:329) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:139) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.jboss.as.web.NamingValve.invoke(NamingValve.java:57) [jboss-as-web-7.1.0.Alpha1-SNAPSHOT.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:154) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:667) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:952) [jbossweb-7.0.1.Final.jar:7.1.0.Alpha1-SNAPSHOT]

      at java.lang.Thread.run(Thread.java:619) [:1.6.0_21]

       

        • 1. Re: servlet authentication fails
          simkam Newbie

          Hi, use same domain name in standalone.xml and jboss-web.xlm

           

          <security-domain name="DBLogin" cache-type="default">

           

          <?xml version="1.0" encoding="UTF-8"?>

          <jboss-web>

            <security-domain>java:jboss/jaas/iS3Login</security-domain>

          </jboss-web>

           

          and don't use java:jboss/jaas/ prefix..., just

          <security-domain>DBLogin</security-domain>

          • 2. Re: servlet authentication fails
            vamshi appala Newbie

            I am getting the similar error when I used the same name in standalone.xml and jboss-web.xml

             

            <security-domain name="DBLogin" cache-type="default">

            <authentication>

            <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

            <module-option name="dsJndiName" value="java:/DB"/>

            <module-option name="principalsQuery" value="select password from sessionuser where name=?"/>

            <module-option name="rolesQuery" value="select role, 'Roles' from sessionrole where name=?"/>

            <module-option name="hashAlgorithm" value="SHA-256"/>

            <module-option name="hashEncoding" value="base64"/>

            </login-module>

            </authentication>

            </security-domain>

             

             

            <?xml version="1.0" encoding="UTF-8"?>

            <jboss-web>

            <security-domain>DBLogin</security-domain>

            </jboss-web>

             

            I have added the jboss-web.xml in the <war>/WEB_INF/jboss-web.xml is that right?

            Here the steps I have done,

            Added  the jboss-web.xml to my WEB-INF folder and

             

            I have directly used  the HttpServletRequest.login function and I havent added any code in ServletContext, do we need to do any thing? Am I missing something?

            • 3. Re: servlet authentication fails
              simkam Newbie

              Have you seen this thread http://community.jboss.org/message/550300 ? Does this help?

              Do you have proper security-constraint in web.xml?

              • 4. Re: servlet authentication fails
                vamshi appala Newbie

                Hi martin,

                I am not able to access this link which you have sent.Could you send the correct link

                 

                Below is the code which I have developed

                 

                @Stateless(name = "AdminBean")
                @SecurityDomain("DBLogin")
                public class MessageTestBeanBean implements MessageTestBean {
                   
                    private static final Logger log = Logger.getLogger(MessageTestBeanBean.class);
                    @Resource
                    private SessionContext ctx;
                  


                    /*
                     * (non-Javadoc)
                     *
                     * @see com.test.MessageTestBean#abc()
                     */
                    @Override
                    @RolesAllowed("admin")
                    public void abc() {
                        // TODO Auto-generated method stub
                        System.out.println("principal is" + ctx.getCallerPrincipal().getName());
                        System.out.println("hai from session bean");

                    }
                   
                    public String test() {
                        // TODO Auto-generated method stub
                        System.out.println("principal is" + ctx.getCallerPrincipal().getName());
                        System.out.println("hai from session bean");
                        return "hai from session bean";
                       
                    }

                 

                Now I am trying to access the EJB from servlet which have security restriction as shown below

                 

                /**
                * Servlet implementation class jnditest
                */
                @WebServlet("/jnditest")
                public class jnditest extends HttpServlet {
                private static final long serialVersionUID = 1L;
                      
                    /**
                     * @see HttpServlet#HttpServlet()
                     */
                    public jnditest() {
                        super();
                        // TODO Auto-generated constructor stub
                    }

                /**
                  * @see HttpServlet#doGet(HttpServletRequest request, HttpServletResponse response)
                  */
                @Override
                    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
                  // TODO Auto-generated method stub
                        try {
                            InitialContext ctx = new InitialContext();
                            request.login("admin", "admin");
                            MessageTestBean bean = (MessageTestBean) ctx.lookup("java:global/MdbEar/MdbProject/AdminBean!com.mentor.is3.test.MessageTestBean");
                            String methodname=request.getParameter("method");
                            if(methodname.equals("abc"))
                            {
                                bean.abc();
                            }else
                            {
                                PrintWriter out=response.getWriter();
                                out.println(bean.test());
                            }
                        } catch (NamingException e) {
                            // TODO Auto-generated catch block
                            e.printStackTrace();
                        }
                }

                 

                I havent declared any security constraint in this case. Do we have declare the security constraint?

                • 5. Re: servlet authentication fails
                  simkam Newbie

                  I'm sorry, correct link: http://community.jboss.org/thread/161511

                  After reading this thread I think you have to declare security constraint.

                  • 6. Re: servlet authentication fails
                    vamshi appala Newbie

                    Thanks martin for sharing the link after adding the security constraint I am able to use programatic login