2 Replies Latest reply on May 10, 2013 5:26 PM by Kohai Raul

    Q: ClassNotFoundException with jboss-module

    Kohai Raul Newbie

      Dear,

       

      I'm trying to deploy my first jboss-module, that embeds a X509CertificateVerifier which I need for client-cert authentication on "myapp".

       

      By turning on TRACE logging for org.jboss.security.auth.spi, the following traces appear:

       

      12:19:29,768 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) initialize

      12:19:29,768 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) initialize

      12:19:29,785 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) Security domain: RequireClientCert

      12:19:29,785 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) Security domain: RequireClientCert

      12:19:29,787 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) securityDomain=jsse-ts

      12:19:29,787 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) securityDomain=jsse-ts

      12:19:29,830 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) found domain: org.jboss.security.JBossJSSESecurityDomain

      12:19:29,830 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) found domain: org.jboss.security.JBossJSSESecurityDomain

      12:19:29,914 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) Failed to create X509CertificateVerifier: java.lang.ClassNotFoundException: cat.dcic.security.auth.psis.CertificateVerifier from [Module "deployment.myapp.war:main" from Service Module Loader]

          at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:190)

       

      My dcic-verifiers.jar is deployed as follows:

       

      ...jboss-as-7.1.1.Final/modules/cat/dcic/security/auth/psis/main

      ->dcic-verifiers.jar

      ->module.xml

       

      where module.xml contains:

       

       

      <?xml version="1.0" encoding="UTF-8"?>
      
      
      
      
      <module xmlns="urn:jboss:module:1.0" name="cat.dcic.security.auth.psis">
      
      
      
      
      
      
      
      
      <resources>
      
      
      
      
      <resource-root path="dcic-verifiers.jar" />
      
      
      
      
      </resources>
      
      
      
      
      <dependencies>
      
      
      <module name="javax.api" slot="main" export="true"/>  
      
      
      <module name="javax.xml.bind.api" slot="main" export="true"/> 
      
      
      <module name="org.apache.commons.logging" slot="main" export="true"/>
      
      
      <module name="javax.xml.ws.api" slot="main" export="true"/>
      
      
      <module name="javax.xml.soap.api" slot="main" export="true"/>
      
      
      <module name="org.apache.log4j" slot="main" export="true"/>
      
      
      <module name="org.bouncycastle" slot="main" export="true"/>
      
      
      <module name="org.glite.security" slot="main" export="true"/>
      
      
      <system export="true">
      
      
      <paths>
      
      
      <path name="java/security"/>
      
      
      <path name="java/security/cert"/>
      
      
      </paths>
      
      
      </system>
      
      
      </dependencies>
      
      
      
      
      
      </module>
      

       

      I tried to declare all involved dependencies, and I deployed 2 additional modules, with their respective module.xml :

       

      -> org.bouncycastle

      -> org.glite.security

       

      And into standalone.xml:

       

       


      <subsystem xmlns="urn:jboss:domain:ee:1.0">

      <global-modules>

      <module name="cat.dcic.security.auth.psis" slot="main"/>

      <module name="org.bouncycastle" slot="main"/>

      <module name="org.glite.security" slot="main"/>

      </global-modules>

      </subsystem>
      ... and on domain:security:1:1
      
      

      <security-domain name="jsse-ts" cache-type="default">

      <jsse keystore-password="changeit" keystore-type="JKS" keystore-url="/pathto/keystore.jks" truststore-password="changeit" truststore-type="JKS" truststore-url="/pathto/truststore.jks" client-auth="true"/>

      </security-domain>

      <security-domain name="RequireClientCert" cache-type="default">

      <authentication>

      <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">

      <module-option name="securityDomain" value="jsse-ts"/>

      <module-option name="verifier" value="cat.dcic.security.auth.psis.CertificateVerifier"/>

      </login-module>

      </authentication>

      </security-domain>


      
      
      

       

      But it seems as the module is not visible... why I get a java.lang.ClassNotFoundException?? Did I not declared it correctly?

       

      Best Regards,

        • 1. Re: Q: ClassNotFoundException with jboss-module
          Robby Cornelissen Newbie

          Did you try declaring the module in your application's jboss-deployment-structure.xml? It seems that's where the service module loader is trying to resolve it from.

          • 2. Re: Q: ClassNotFoundException with jboss-module
            Kohai Raul Newbie

            Hi Robby,

             

            vmthanks for the hint. I added the jboss-deployment-structure.xml:

             

            <jboss-deployment-structure>

                    <deployment>

                        <dependencies>

                            <module name="cat.dcic.security.auth.psis" services="export"/>

                        </dependencies>

                    </deployment>

            </jboss-deployment-structure>

             

            but the same error persist.. :-(

             

            23:07:52,582 TRACE [org.jboss.security.auth.spi.BaseCertLoginModule] (http--0.0.0.0-8443-2) Failed to create X509CertificateVerifier: java.lang.ClassNotFoundException: cat.dcic.security.auth.psis.CertificateVerifier from [Module "deployment.myapp.war:main" from Service Module Loader]

             

            ...  Maybe the global modules have to be "announced" to the different applications deployed on jboss (not only for my app)... I see traces as follows:

             

            00:14:57,777 DEBUG [org.jboss.as.server.deployment] (MSC service thread 1-2) Adding dependency ModuleDependency [identifier=cat.dcic.security.auth.psis:main, moduleLoader=local module loader @110003 (roots: /home/rcruz/jboss-as-7.1.1.Final/modules), export=false, optional=false, importServices=true] to module deployment.ojdbc6.jar:main

            23:06:41,490 DEBUG [org.jboss.as.server.deployment] (MSC service thread 1-3) Adding dependency ModuleDependency [identifier=cat.dcic.security.auth.psis:main, moduleLoader=Service Module Loader, export=false, optional=false, importServices=false] to module deployment.myapp.war:main

             

            And the mention occurs from "application scope", when I try to get into myapp (mutual auth scenario).

             

            But I've a doubt, about how to deploy a customized Verifier (at my case, X509CertificateVerifier), because is the container who needs my class, not my app (is it right?). The BaseCertLoginModule must to be able to instantiate my Verifier, and it have to be visible, but it isn't!!

             

            <security-domain name="RequireClientCert" cache-type="default">

                                <authentication>

                                    <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule" flag="required">

                                        <module-option name="securityDomain" value="jsse-ts"/>

                                        <module-option name="verifier" value="cat.dcic.security.auth.psis.CertificateVerifier"/>

                                    </login-module>

                                </authentication>

            </security-domain>

             

            Any ideas?

             

            Best regards,