13 Replies Latest reply on Feb 1, 2012 2:38 PM by Marek Posolda

    GateIn JAAS on glassfish

    Gebeyehu Dagne Newbie



      i have allready deployed GateinOn glassfish. the only blocking issue is the jaas integration. To use jaas authentication on glassfish client modules are expected to extend AppservPasswordLoginModule which implements the initialize, login etc.. methods.

      So i wrote a login login module which extends AppservPasswordLoginModule and it seems to work, but i habe an exception.so i have started to debug the gatein authentication on glassfish. may be some one can help me to clearify this.


      Here is my loginmodule


      public class MyLoginModule extends AppservPasswordLoginModule {



           * The name of the option to use in order to specify the name of the portal

           * container


          private static final String OPTION_PORTAL_CONTAINER_NAME = "portalContainerName";



           * The name of the option to use in order to specify the name of the realm


          private static final String OPTION_REALM_NAME = "realmName";



           * The name of the portal container.


          private String portalContainerName;



           * The name of the realm.


          protected String realmName;



           * encapsulates user's principals such as name, groups, etc .


          protected Identity identity;



           * Is allowed for one user login again if he already login. If must set in

           * LM _options.


          protected boolean singleLogin;


          // private GateinLoginModule loginmodule;


          public MyLoginModule() {

              this.portalContainerName = getPortalContainerName(_options);

              this.realmName = getRealmName(_options);




          protected void authenticateUser() throws LoginException {





          private String getPortalContainerName(Map options) {

              if (options != null) {

                  String optionValue = (String) options


                  if (optionValue != null && optionValue.length() > 0) {


                      _logger.info("The " + this.getClass()

                              + " will use the portal container " + optionValue);


                      return optionValue;



              return PortalContainer.DEFAULT_PORTAL_CONTAINER_NAME;




          private String getRealmName(Map options) {

              if (options != null) {

                  String optionValue = (String) options.get(OPTION_REALM_NAME);

                  if (optionValue != null && optionValue.length() > 0) {


                      _logger.info("The " + this.getClass() + " will use the realm "

                              + optionValue);


                      return optionValue;



              return PortalContainer.DEFAULT_REALM_NAME;




           * @return actual ExoContainer instance.


          protected ExoContainer getContainer() throws Exception {

              // TODO set correct current container

              ExoContainer container = ExoContainerContext.getCurrentContainer();

              if (container instanceof RootContainer) {

                  container = RootContainer.getInstance().getPortalContainer(



              return container;



          @SuppressWarnings({ "unchecked", "deprecation" })

          private boolean authenticate() throws LoginException {

              _logger.info("In login of DefaultLoginModule.");


              try {

                  if (_sharedState.containsKey("exo.security.identity")) {

                      _logger.info("Use Identity from previous LoginModule");

                      identity = (Identity) _sharedState.get("exo.security.identity");

                  } else {


                      _logger.info("Try create identity");


                      Object authen = getContainer().getComponentInstanceOfType(


                      if (authen == null) {

                          _logger.info("Authenticator component is null");

                          return false;



                      Authenticator authenticator = (Authenticator) authen;


                      Credential[] credentials = new Credential[] {

                              new UsernameCredential(_username),

                              new PasswordCredential(_password) };

                      String userId = authenticator.validateUser(credentials);

                      identity = authenticator.createIdentity(userId);

                      _sharedState.put("javax.security.auth.login.name", userId);



                              new UsernameCredential(_username));



                  return true;


              } catch (final Throwable e) {




                  throw new LoginException(e.getMessage());







      after debuging i have found out the login fails at  UserDAOImpl.authenticate(username, password)


      public boolean authenticate(String username, String password) throws Exception
      User user = findUserByName(username);
      if (user == null)
      return false;

      boolean authenticated = false;

      if (orgService.getConfiguration().isPasswordAsAttribute())
      authenticated = user.getPassword().equals(password);
      IdentitySession session = service_.getIdentitySession();
      org.picketlink.idm.api.User idmUser = session.getPersistenceManager().findUser(user.getUserName());

      authenticated = session.getAttributesManager().validatePassword(idmUser, password);

      //fails here, idmUser and  password are correct
      catch (Exception e)
      log.info("Cannot authenticate user: " + username + "; ", e);


      if (authenticated)




      Can some one help to clearify what i am doing wrong



        • 1. Re: GateIn JAAS on glassfish
          Marek Posolda Expert



          are you sure that session.getAttributesManager().validatePassword(idmUser, password); is called with attributes "root" and "gtn" ? Because password is normally not real password of user but wci ticket (in case of GateIn 3.1 rememberme token).


          For more informations about authentication and login modules, you can try to build latest docs from GateIn trunk (http://anonsvn.jboss.org/repos/gatein/portal/trunk/docs/ ) and look to new chapter about authentication and authorization. But this docs is valid for 3.2 and there are major differences in authentication process among GateIn 3.1 and GateIn 3.2.



          • 2. Re: GateIn JAAS on glassfish
            Gebeyehu Dagne Newbie



            the password is rememberme-1234... (i think this is ok )and user is root.

            i have attached my debug screenshots





            • 3. Re: GateIn JAAS on glassfish
              Marek Posolda Expert

              That's the problem. Password "rememberme-1234" is not the real password of user. Real password is "gtn". And method validateUser needs to be called with real password like "gtn". Let's take a look at source of existing login modules. Especially http://anonsvn.jboss.org/repos/gatein/portal/tags/3.1.0-GA/component/web/src/main/java/org/exoplatform/web/security/PortalLoginModule.java which is used to obtain real password of user from token service.


              And you can also try to find some older user forum posts as you are not the first one with similar problem.


              Hope this helps and you will manage to make it working on Glassfish. Good luck!



              1 of 1 people found this helpful
              • 4. Re: GateIn JAAS on glassfish
                Gebeyehu Dagne Newbie

                thank you very much marek and i will let you know if gatein jaas works on glassfish.



                • 5. Re: GateIn JAAS on glassfish
                  Gebeyehu Dagne Newbie



                  ich have now writte PortalLoginModule and SharedSateLoginModule and MyLoginModule and alle extend the Glassfish AppservPasswordLoginModule.

                  and every thing seems to work fine But on the first attempt to http://localhost:8080/portal/public/classic/  to login as root the server returns "http status 403: Access to the requested resource has been denied".

                  But when i try this http://localhost:8080/portal/public/classic/ once again, i am successfully loged in and iam able to do all administrative tasks. what i can't understand is, i am not redirected to http://localhost:8080/portal/private/classic/ . (please take a llok to the attached screenshot ) How can this be ?

                  After cleaning the brosers cash i get a gain "http status 403".







                  • 6. Re: GateIn JAAS on glassfish
                    Marek Posolda Expert

                    This means that "portal" memberships and roles are assigned correctly, which is very important. But what is also needed are JAAS roles, which needs to be correctly assigned to authenticated Subject.


                    Your user needs to be in JAAS role "users", which is declared in gatein.ear/02portal.war/WEB-INF/web.xml. And this is not your case, and that's why you have 403 error when accessing private url.


                    Unfortunately the part with assigning JAAS roles is not standardized among J2EE servers. For example, In JBoss AS, you need to create special group Principal with name "Roles" and assign all roles to this principal. Let's take a look at class "org.exoplatform.services.security.j2ee.JbossLoginModule" and method "commit" for inspiration. I am not sure what needs to be done in Glassfish, you may need to investigate it and assign roles as required by Glassfish, so that Glassfish will recognize that your user is in J2EE role "users".


                    Good luck and please let me know with your progress.




                    • 7. Re: GateIn JAAS on glassfish
                      Gebeyehu Dagne Newbie

                      Hi Marek,


                      thank you very much and that was the correct answer  

                      I just added the commit method of the "org.exoplatform.services.security.j2ee.JbossLoginModule" to  MyLoginModule and now every thing works as expected. Now i can say that Gatein runs on Glassfish (very happy), at least version 3.1.0-GA on glassfish 2.1.1.

                      My next step will be to try to integerate gatein 3.2 on glassfish 3.x.. the problem hier is i can't get the the integeration module deployed. Glassfish throws


                      org.apache.catalina.LifecycleException: java.lang.NoSuchMethodError:



                      I think (hope) this is becaus of version mismatch, and hope i can get it work soon.



                      • 8. Re: GateIn JAAS on glassfish
                        Marek Posolda Expert

                        Hi Gebeyehu,


                        That's nice that you have it working! Congrats


                        Do you want to share your experience and create some small wiki article under http://community.jboss.org/en/gatein?view=documents with description of steps you made to have working GateIn on Glassfish? And if you can also share and attach your login module and other sources, it will be very nice and it will be helpful for other people from community who have same problems as you. Thank you very much in advance!


                        It will be better to have the steps for GateIn 3.2 but GateIn 3.1 is also very good. Hope that you will succeed it integration with GateIn 3.2 too. I guess that your last exception can be related to WCI module (don't know exactly as I don't see the whole stacktrace).


                        Please make sure that you use right version of wci-tomcat library. I don't know if Glassfish 2.1.1 is based on Tomcat6 or Tomcat7. If it's based on Tomcat 6, you need to use wci-tomcat6-<VERSION?.jar library and if on Tomcat 7, you need to use wci-tomcat7<VERSION>.jar.


                        Maybe you will need to do some tweaks in wci module as well, but hopefully not.


                        Thanks and good luck with GateIn 3.2!


                        • 9. Re: GateIn JAAS on glassfish
                          Gebeyehu Dagne Newbie

                          Hi Marek,


                          ok, i will create soon a small step by step wiki and share all my experience and loginmodules.

                          and i will do my best to integerate GAteIn 3.2 and come back to you, if there are problems or succes


                          Thank you very much again.

                          • 10. Re: GateIn JAAS on glassfish
                            Gebeyehu Dagne Newbie

                            Hi Marek,


                            i have now deployed the gatein integeration module on glassfish latest release 3.1.1. What i have done is the followin.

                            I found oout glassfish uses catalina with some changes in the org.apache.catalina.Wrapper class. For example the method Wrapper.setServletclass( String ...) doesn't exist.

                            so i removed the catalina dependency in tomcate6 wci and replaced it with galssfish web-core module and imported the Wrapper class, changed the mathod in org.gatein.wci.tomcat.TC6WebAppContext like this



                            public void start() throws Exception




                                     commandServlet = context.createWrapper();





                                     context.addServletMapping("/tomcatgateinservlet", "TomcatGateInServlet");


                                  catch (Exception e)



                                     throw e;




                            this works fine.


                            But i still have one issue, here the server stack trace:


                            [#|2012-01-31T11:56:09.695+0100|INFO|glassfish3.1.1|org.exoplatform.web.WebAppController|_ThreadID=10;_ThreadName=Thread-2;|Loading router configuration ${gatein.portal.controller.config}|#]


                            [#|2012-01-31T11:56:09.696+0100|SEVERE|glassfish3.1.1|org.gatein.portal.application.PortalController|_ThreadID=10;_ThreadName=Thread-2;|The WebAppController could not be initialized for the portal 'portal'

                            java.lang.RuntimeException: Cannot instantiate component key=org.exoplatform.web.WebAppController type=org.exoplatform.web.WebAppController found at jndi:/server/portal/WEB-INF/conf/portal/controller-configuration.xml

                                at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:134)

                                at org.exoplatform.container.management.ManageableComponentAdapter.getComponentInstance(ManageableComponentAdapter.java:68)

                                at org.exoplatform.container.ConcurrentPicoContainer.getInstance(ConcurrentPicoContainer.java:466)

                                at org.exoplatform.container.ConcurrentPicoContainer.getComponentInstanceOfType(ConcurrentPicoContainer.java:420)

                                at org.exoplatform.container.CachingContainer.getComponentInstanceOfType(CachingContainer.java:139)

                                at org.exoplatform.portal.application.PortalController.onInit(PortalController.java:71)

                                at org.exoplatform.portal.application.PortalController.access$000(PortalController.java:50)

                                at org.exoplatform.portal.application.PortalController$1.execute(PortalController.java:108)

                                at org.exoplatform.container.RootContainer.executeInitTasks(RootContainer.java:689)

                                at org.exoplatform.container.RootContainer.createPortalContainer(RootContainer.java:406)

                                at org.exoplatform.container.RootContainer.registerPortalContainer(RootContainer.java:266)

                                at org.exoplatform.portal.application.PortalController.afterInit(PortalController.java:114)

                                at org.exoplatform.container.web.AbstractHttpServlet.init(AbstractHttpServlet.java:79)

                                at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1444)

                                at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1241)

                                at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5093)

                                at org.apache.catalina.core.StandardContext.start(StandardContext.java:5380)

                                at com.sun.enterprise.web.WebModule.start(WebModule.java:498)

                                at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:917)

                                at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:901)

                                at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:733)

                                at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:2000)

                                at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1651)

                                at com.sun.enterprise.web.WebApplication.start(WebApplication.java:109)

                                at org.glassfish.internal.data.EngineRef.start(EngineRef.java:130)

                                at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:269)

                                at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:294)

                                at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:462)

                                at com.sun.enterprise.v3.server.ApplicationLoaderService.processApplication(ApplicationLoaderService.java:375)

                                at com.sun.enterprise.v3.server.ApplicationLoaderService.postConstruct(ApplicationLoaderService.java:219)

                                at com.sun.hk2.component.AbstractCreatorImpl.inject(AbstractCreatorImpl.java:131)

                                at com.sun.hk2.component.ConstructorCreator.initialize(ConstructorCreator.java:91)

                                at com.sun.hk2.component.AbstractCreatorImpl.get(AbstractCreatorImpl.java:82)

                                at com.sun.hk2.component.SingletonInhabitant.get(SingletonInhabitant.java:67)

                                at com.sun.hk2.component.EventPublishingInhabitant.get(EventPublishingInhabitant.java:139)

                                at com.sun.hk2.component.AbstractInhabitantImpl.get(AbstractInhabitantImpl.java:76)

                                at com.sun.enterprise.v3.server.AppServerStartup.run(AppServerStartup.java:253)

                                at com.sun.enterprise.v3.server.AppServerStartup.doStart(AppServerStartup.java:145)

                                at com.sun.enterprise.v3.server.AppServerStartup.start(AppServerStartup.java:136)

                                at com.sun.enterprise.glassfish.bootstrap.GlassFishImpl.start(GlassFishImpl.java:79)

                                at com.sun.enterprise.glassfish.bootstrap.GlassFishDecorator.start(GlassFishDecorator.java:63)

                                at com.sun.enterprise.glassfish.bootstrap.osgi.OSGiGlassFishImpl.start(OSGiGlassFishImpl.java:69)

                                at com.sun.enterprise.glassfish.bootstrap.GlassFishMain$Launcher.launch(GlassFishMain.java:117)

                                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                                at java.lang.reflect.Method.invoke(Method.java:597)

                                at com.sun.enterprise.glassfish.bootstrap.GlassFishMain.main(GlassFishMain.java:97)

                                at com.sun.enterprise.glassfish.bootstrap.ASMain.main(ASMain.java:55)

                            Caused by: java.lang.reflect.InvocationTargetException

                                at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

                                at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)

                                at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)

                                at java.lang.reflect.Constructor.newInstance(Constructor.java:513)

                                at org.exoplatform.container.ExoContainer.createComponent(ExoContainer.java:417)

                                at org.exoplatform.container.jmx.MX4JComponentAdapter.getComponentInstance(MX4JComponentAdapter.java:96)

                                ... 48 more

                            Caused by: java.net.MalformedURLException: Could not resolve path ${gatein.portal.controller.config}

                                at org.exoplatform.web.WebAppController.loadConfiguration(WebAppController.java:166)

                                at org.exoplatform.web.WebAppController.reloadConfiguration(WebAppController.java:198)

                                at org.exoplatform.web.WebAppController.<init>(WebAppController.java:121)

                                ... 54 more



                            [#|2012-01-31T11:56:09.699+0100|INFO|glassfish3.1.1|exo.kernel.container.ExoContainer|_ThreadID=10;_ThreadName=Thread-2;|LocationAwareLogger had some issues on method 'log' invocation. Using location unaware methods.

                            The portal container 'portal' has been created successfully|#]


                            [#|2012-01-31T11:56:09.730+0100|INFO|glassfish3.1.1|javax.enterprise.system.container.web.com.sun.enterprise.web|_ThreadID=10;_ThreadName=Thread-2;|WEB0671: Loading application [portal] at [/portal]|#]


                            [#|2012-01-31T11:56:09.731+0100|INFO|glassfish3.1.1|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=10;_ThreadName=Thread-2;|CORE10010: Loading application portal done in 17.876 ms|#]


                            [#|2012-01-31T11:56:09.733+0100|INFO|glassfish3.1.1|javax.enterprise.system.core.com.sun.enterprise.v3.server|_ThreadID=10;_ThreadName=Thread-2;|GlassFish Server Open Source Edition 3.1.1 (12) Startzeit: Felix (2.612ms), Startdienste(28.368ms), gesamt(30.980ms)|#]


                            [#|2012-01-31T11:56:09.977+0100|INFO|glassfish3.1.1|javax.enterprise.system.tools.admin.org.glassfish.server|_ThreadID=17;_ThreadName=Thread-2;|JMXStartupService: Started JMXConnector, JMXService URL = service:jmx:rmi://albino:8686/jndi/rmi://albino:8686/jmxrmi|#]



                            i hope this is onliy configuration problem, and here is my configuration :


                            # Data



                            # DB



                            # JCR





























                            # IDM














                            i am using Gatein GateIn-3.2.0-Beta01-tomcat6

                            i hope some can help.



                            • 11. Re: GateIn JAAS on glassfish
                              Marek Posolda Expert

                              Hi Gebeyehu,


                              I am seeing that some important configuration properties are missing for you. And especially those which are new for GateIn 3.2 (property gatein.portal.controller.config is among them). Please check latest property file in http://anonsvn.jboss.org/repos/gatein/portal/trunk/component/common/src/main/java/conf/configuration-jboss.properties .


                              Will be nice if you can create some wiki page and describe the steps you did for integration of GateIn + Glassfish


                              Thanks and hope it helps,


                              1 of 1 people found this helpful
                              • 12. Re: GateIn JAAS on glassfish
                                Gebeyehu Dagne Newbie

                                Hi Marek,


                                thank you very much that was the problem. Now GateIn 3.2 runs on the latest releas version of Glassfish (3.1.1)


                                I have allready created a small wiki with the steps to run Gatein 3.1 on glassfish 2.1.1



                                i will update this or create a new wiki for GateIn 3.2 on Glassfish 3.1.1


                                I hope from you side to officialy support GateIn on Glassfish. This will be a "BIG PLUS" for gatein.




                                • 13. Re: GateIn JAAS on glassfish
                                  Marek Posolda Expert

                                  Thanks a lot Gebeyehu for the wiki article and all the attached sources and jars!


                                  I think it will be really very helpful for Glassfish users. Article with additional things, which you need to do on GateIn 3.2 will be very useful as well.


                                  At this stage, I am not sure if your work will be ported into GateIn codebase as I am not the one who can decide it. But hopefully yes.


                                  Thanks a lot again!