3 Replies Latest reply on Dec 30, 2008 9:23 AM by Juergen Zimmermann

    security-jboss-beans.xml and DatabaseServerLoginModule

    Juergen Zimmermann Master

      I want to migrate my SAR archive with login-config.xml to security-jboss-beans.xml. However, I get this stacktrace. My META-INF/security-jboss-beans.xml is encapsulated in a JAR which is located in the EAR's lib directory.

      The stacktrace:

      20:09:50,991 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:198)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:597)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
       at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
       at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
       at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
       at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcessor.java:905)
       at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.process(Http11AprProtocol.java:595)
       at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:2036)
       at java.lang.Thread.run(Thread.java:619)


      This is my security-jboss-beans.xml:
      <?xml version="1.0"?>
      <deployment xmlns="urn:jboss:bean-deployer:2.0">
       <bean name="DynamicLoginConfig" class="org.jboss.security.auth.login.DynamicLoginConfig"/>
      
       <application-policy xmlns="urn:jboss:security-beans:1.0" name="hska">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
       <module-option name="dsJndiName">java:/hskaDS</module-option>
       <module-option name="unauthenticatedIdentity">gast</module-option>
       <module-option name="principalsQuery">
       SELECT ...
       FROM ...
       WHERE ...
       </module-option>
       <module-option name="rolesQuery">
       SELECT ...
       FROM ...
       WHERE ...
       </module-option>
       <module-option name="hashAlgorithm">SHA-1</module-option>
       <module-option name="hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       <authorization>
       <policy-module
       code="org.jboss.security.authorization.modules.JACCAuthorizationModule"
       flag="required" />
       </authorization>
       </application-policy>
      </deployment>


        • 1. Re: security-jboss-beans.xml and DatabaseServerLoginModule
          Ales Justin Master

           

          "Juergen.Zimmermann" wrote:
          My META-INF/security-jboss-beans.xml is encapsulated in a JAR which is located in the EAR's lib directory.

          ear's lib is not part of sub-deployment,
          it's only part of ear's classpath.
          Hence your security-jboss-beans.xml is not deployed.

          • 2. Re: security-jboss-beans.xml and DatabaseServerLoginModule
            Juergen Zimmermann Master

            OK, now I placed security-jboss-beans.xml directly in server\default\deploy and get this stacktrace:

            2008-12-30 01:01:43,425 ERROR [org.jboss.kernel.plugins.dependency.AbstractKernelController] (main) Error installing to Start: name=DynamicLoginConfig state=Create
            org.jboss.mx.util.MBeanProxyCreationException: null agent reference
             at org.jboss.mx.util.JMXInvocationHandler.<init>(JMXInvocationHandler.java:120)
             at org.jboss.mx.util.MBeanProxy.get(MBeanProxy.java:90)
             at org.jboss.mx.util.MBeanProxy.get(MBeanProxy.java:78)
             at org.jboss.security.auth.login.DynamicLoginConfig.validateAuthConfigURL(DynamicLoginConfig.java:269)
             at org.jboss.security.auth.login.DynamicLoginConfig.startService(DynamicLoginConfig.java:221)
             at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:376)
             at org.jboss.system.ServiceMBeanSupport.pojoStart(ServiceMBeanSupport.java:216)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.reflect.plugins.introspection.ReflectionUtils.invoke(ReflectionUtils.java:59)
             at org.jboss.reflect.plugins.introspection.ReflectMethodInfoImpl.invoke(ReflectMethodInfoImpl.java:150)
             at org.jboss.joinpoint.plugins.BasicMethodJoinPoint.dispatch(BasicMethodJoinPoint.java:66)
             at org.jboss.kernel.plugins.dependency.KernelControllerContextAction$JoinpointDispatchWrapper.execute(KernelControllerContextAction.java:241)
             at org.jboss.kernel.plugins.dependency.ExecutionWrapper.execute(ExecutionWrapper.java:47)
             at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchExecutionWrapper(KernelControllerContextAction.java:109)
             at org.jboss.kernel.plugins.dependency.KernelControllerContextAction.dispatchJoinPoint(KernelControllerContextAction.java:70)
             at org.jboss.kernel.plugins.dependency.LifecycleAction.installActionInternal(LifecycleAction.java:221)
             at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:54)
             at org.jboss.kernel.plugins.dependency.InstallsAwareAction.installAction(InstallsAwareAction.java:42)
             at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
             at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
             at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
             at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
             at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
             at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
             at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
             at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
             at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:774)
             at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:540)
             at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.deploy(BeanMetaDataDeployer.java:121)
             at org.jboss.deployers.vfs.deployer.kernel.BeanMetaDataDeployer.deploy(BeanMetaDataDeployer.java:51)
             at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
             at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
             at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
             at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
             at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
             at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
             at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
             at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
             at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1598)
             at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
             at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1062)
             at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
             at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
             at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
             at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
             at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:545)
             at org.jboss.system.server.profileservice.ProfileServiceBootstrap.loadProfile(ProfileServiceBootstrap.java:304)
             at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:205)
             at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:405)
             at org.jboss.Main.boot(Main.java:209)
             at org.jboss.Main$1.run(Main.java:547)
             at java.lang.Thread.run(Thread.java:619)


            • 3. Re: security-jboss-beans.xml and DatabaseServerLoginModule
              Juergen Zimmermann Master

              RESOLVED:

              1) security-jboss-beans.xml is placed in the top-level directory of the EAR project.
              2) In jboss-app.xml the file security-jboss-beans.xml is declared as a service module
              3) In security-jboss-beans.xml neither the bean tag nor the authorization tag is required.