3 Replies Latest reply on Dec 12, 2013 11:01 PM by sou pra

    JBoss 7.2 Janus + EJB Authentication configuration issue

    funkyjive Newbie

      I am having a problem with EJB authentication.  I believe it is related to some kind of configuration issue, but I have been stuck on this one for quite a few days and I need a push in the right direction.

       

      So to start with we have the usual default stuff in our standalone.xml:

       

                      <security-domain cache-type="default" name="jboss-web-policy">

                          <authorization>

                              <policy-module code="Delegating" flag="required"/>

                          </authorization>

                      </security-domain>

                      <security-domain cache-type="default" name="jboss-ejb-policy">

                          <authorization>

                              <policy-module code="Delegating" flag="optional"/>

                          </authorization>

                      </security-domain>

       

      And then we added this security domain for use with PicketLink:

       

                      <security-domain cache-type="default" name="sp">

                          <authentication>

                              <login-module code="org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule" flag="required"/>

                          </authentication>

                      </security-domain>

       

      We have some legacy apps (thirdparty) that we have deployed on this system.  There is a particular client app that makes both HTTP authenticated calls and EJB client calls to the app.  The first calls are HTTP calls followed up by some EJB client calls.  Let's say that a user is supplied to run this app named "setup".  This user authenticates initially through HTTP and via that interface some operations on the server are invoked.  These operations succeed.

       

      Following these operations, there are some EJB invocations that also succeed where the Principal for these operations is also "setup".  I have traced the call through org.jboss.as.security.service.SimpleSecurityManager :

                  private boolean authenticate(SecurityContext context, Subject subject)

      and have observed that the succeeding EJB calls appear to rely upon cached credentials.  Inside of this method in JBossCachedAuthenticationManager:

       

         public boolean isValid(Principal principal, Object credential, Subject activeSubject)

         {

            // first check cache

            DomainInfo cachedEntry = getCacheInfo(principal);

            PicketBoxLogger.LOGGER.traceBeginIsValid(principal, cachedEntry != null ? cachedEntry.toString() : null);

       

            boolean isValid = false;

            if (cachedEntry != null)

            {

               isValid = validateCache(cachedEntry, credential, activeSubject);

            }

       

            if (!isValid)

               isValid = authenticate(principal, credential, activeSubject);

       

            PicketBoxLogger.LOGGER.traceEndIsValid(isValid);

            return isValid;

         }

       

      The succeeding EJB calls with user "setup" will have a non-null return from getCacheInfo().  My theory is that the entries were put into the cache by the HTTP authentication system (since it is the same user), but I can't prove that exactly.

       

      Later in the client app's run, however, some more EJB calls are made.  I can see that the principal is user "setup" and I can tell that the securityDomain is "sp".  However, when it gets to the above isValid() function, there is no cache available -- so the if (!isValid) authenticate branch is called. Inside of this branch, authentication will fail.   However, inside of JBossCachedAuthentcationManager.proceedWithJaasLogin() an exception gets raised and caught:

        

         javax.security.auth.login.LoginException: unable to find LoginModule class: org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule from [Module "deployment.thirdpartyapp.ear.thirdpartyapp-externalejb.jar:main" from Service Module Loader]

       

      That exception will cause authentication to fail and result in this error in the application logs:

        

         10:48:21,657 ERROR [org.jboss.as.ejb3.invocation] (http-127.0.0.1/127.0.0.1:8080-9) JBAS014134: EJB Invocation failed on component ... for method ... : javax.ejb.EJBAccessException: JBAS013323: Invalid User

        

         So my conclusion is that my EJBs are not able to authenticate unless there is already credential information already in the cache.  The picketlink module is included with all my jboss-deployment-structure.xml files that I can tell.

        

                      <?xml version="1.0" encoding="UTF-8"?>

                      <jboss-deployment-structure>

                                      <deployment>

                                                      <dependencies>

                                                                      <module name="org.picketlink" />

                                                                      <module name="javax.transaction.api" />

                                                                      <!--<module name="org.apache.commons.pool" />-->

                                                                      <module name="org.jboss.remote-naming" />

                                                                      <module name="org.apache.xerces" />

                                                      </dependencies>

                                      </deployment>

                                      <sub-deployment name="thirdpartyapp-web.war">

                                                      <dependencies>

                                                                      <module name="org.picketlink" />

                                                                      <module name="javax.transaction.api" />

                                                                      <!--<module name="org.apache.commons.pool" />-->

                                                                      <module name="org.apache.commons.logging" />

                                                                      <module name="org.jboss.remote-naming" />

                                                                      <module name="org.apache.xerces" />

                                                      </dependencies>

                                      </sub-deployment>

                      </jboss-deployment-structure>

        

        

         The only other thing that I could think would possibly affect this is that in the call to JBossCachedAuthentcationManager from the isValid() method :

        

         private boolean authenticate(Principal principal, Object credential, Subject theSubject)

         {

                         ApplicationPolicy theAppPolicy = SecurityConfiguration.getApplicationPolicy(securityDomain);

                         if(theAppPolicy != null)

                         {

                                         BaseAuthenticationInfo authInfo = theAppPolicy.getAuthenticationInfo();

                                         String jbossModuleName = authInfo.getJBossModuleName();  <---- this returns null

                                         if(jbossModuleName != null) 

                                         {

                                                         ClassLoader currentTccl = SubjectActions.getContextClassLoader();

                                                         ClassLoaderLocator theCLL = ClassLoaderLocatorFactory.get();

                                                         if(theCLL != null)

                                                         {

                                                                         ClassLoader newTCCL = theCLL.get(jbossModuleName);

                                                                         if(newTCCL != null)

                                                                         {

                                                                                         try

                                                                                         {

                                                                                             SubjectActions.setContextClassLoader(newTCCL);

                                                                                             return proceedWithJaasLogin(principal, credential, theSubject);

                                                                                         }

                                                                                         finally

                                                                                         {

                                                                                              SubjectActions.setContextClassLoader(currentTccl);

                                                                                         }

                                                                         }

                                                         }

                                         }

                         }

                         return proceedWithJaasLogin(principal, credential, theSubject);  <--- this path is taken

         }

        

         So if there was some class loader that needed to be set, that could cause a problem.  But I tried faking that jbossModuleName value in the debugger to the value specified in the exception and even going through the other branch with that set didn't seem to make a difference.

        

      Any advice on what I might be missing configuration wise for my EJB authentication?

        • 1. Re: JBoss 7.2 Janus + EJB Authentication configuration issue
          jaikiran pai Master

          Keeping aside all that server code, what behavioural problem are you noticing from your application point of view. I don't want to ignore your efforts in getting into the code and trying to figure out what the problem is, but without knowing the problem from an application level, it's difficult to say what's wrong. Please post those details including the entire exception stacktrace.

          • 2. Re: JBoss 7.2 Janus + EJB Authentication configuration issue
            David Bennion Newbie

            (I am the same guy as the original poster, but I think I have an account migration problem with my old account.)

             

            Thanks for your reply.  Let me see if I can explain the higher level context of this problem.  I am migrating a running application from JBoss 4 to JBoss 7.2.  There are 3 main ears, one of them is our code and the other two are legacy apps.  We have a large part of all of these ears functioning in the 7.2 server.  There is one main feature of one of the ears (call it a data import feature) that involves an HTTP connection and some invocations of some EJBs from a client application outside the container.

             

            So the main behavioral problem I am having right now is that is that a large part of this "data import" feature is failing with the message coming back from the container on EJB method invocations saying "Invalid User" as in the log above :

             

            10:48:21,657 ERROR [org.jboss.as.ejb3.invocation] (http-127.0.0.1/127.0.0.1:8080-9) JBAS014134: EJB Invocation failed on component ... for method ... : javax.ejb.EJBAccessException: JBAS013323: Invalid User

             

            So the full trace of that exception that is written to the JBoss logs looks like this:

             

            07:49:50,427 ERROR [org.jboss.as.ejb3.invocation] (http-/127.0.0.1:8080-11) JBAS014134: EJB Invocation failed on component IlrExternalInterfaceWorkerLocalSessionBean for method public abstract ilog.rules.shared.synccommon.data.IlrRIRElementSummaryList ilog.rules.teamserver.externalejb.IlrExternalInterfaceWorkerLocalSessionI.commitNextElement(ilog.rules.teamserver.externalejb.IlrWorkerContext,int) throws ilog.rules.teamserver.externalejb.syncutil.IlrOverrideAndPublishDeletedElementException,ilog.rules.teamserver.model.IlrConnectException,ilog.rules.teamserver.model.IlrApplicationException,ilog.rules.teamserver.externalejb.syncutil.IlrRuleSyncException: javax.ejb.EJBAccessException: JBAS013323: Invalid User

                   at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:54) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.as.ejb3.security.SecurityContextInterceptor$1.run(SecurityContextInterceptor.java:45) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_11]

                   at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:74) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.EjbExceptionTransformingInterceptorFactories$2.processInvocation(EjbExceptionTransformingInterceptorFactories.java:89) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

            at ilog.rules.teamserver.externalejb.IlrExternalInterfaceWorkerLocalSession$$$view6.commitNextElement(Unknown Source) [jrules-teamserver-externalejb.jar:]

            at ilog.rules.teamserver.externalejb.IlrExternalInterfaceFacadeLocalSessionBean.commitRuleDataSeparately(Unknown Source) [jrules-teamserver-externalejb.jar:]

            at ilog.rules.teamserver.externalejb.IlrExternalInterfaceFacadeLocalSessionBean.commitRuleData(Unknown Source) [jrules-teamserver-externalejb.jar:]

                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_11]

                   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_11]

                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_11]

                   at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_11]

            at org.jboss.as.ee.component.ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptorFactory.java:72) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:58) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.WeavedInterceptor.processInvocation(WeavedInterceptor.java:53) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:58) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:53) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:235) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.as.ejb3.tx.CMTTxInterceptor.never(CMTTxInterceptor.java:285) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:210) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.security.AuthorizationInterceptor.processInvocation(AuthorizationInterceptor.java:122) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:76) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:59) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.EjbExceptionTransformingInterceptorFactories$2.processInvocation(EjbExceptionTransformingInterceptorFactories.java:89) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) [jboss-as-ejb3-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.TCCLInterceptor.processInvocation(TCCLInterceptor.java:45) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:165) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:182) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

                   at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:288) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) [jboss-invocation-1.1.1.Final.jar:1.1.1.Final]

                   at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:72) [jboss-as-ee-7.2.0.Final.jar:7.2.0.Final]

            at ilog.rules.teamserver.externalejb.IlrExternalInterfaceFacadeLocalSession$$$view4.commitRuleData(Unknown Source) [jrules-teamserver-externalejb.jar:]

                   at ilog.rules.teamserver.web.servlets.IlrSynchronizationEntryPointServlet.handlecommitRuleData(Unknown Source)

                   at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_11]

                   at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_11]

                   at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_11]

                   at java.lang.reflect.Method.invoke(Method.java:601) [rt.jar:1.7.0_11]

                   at ilog.rules.teamserver.web.servlets.IlrSynchronizationEntryPointServlet.handleMethod(Unknown Source)

                   at ilog.rules.teamserver.web.servlets.IlrSynchronizationEntryPointServlet.doPost(Unknown Source)

                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]

                   at javax.servlet.http.HttpServlet.service(HttpServlet.java:847) [jboss-servlet-api_3.0_spec-1.0.2.Final.jar:1.0.2.Final]

                   at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:295)

                   at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)

                   at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)

                   at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:149)

                   at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:481)

                   at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)

                   at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)

                   at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)

                   at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)

                   at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)

                   at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)

                   at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)

                   at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)

                   at java.lang.Thread.run(Thread.java:722

            ) [rt.jar:1.7.0_11]

             

            But the full trace of where the LoginException occurs looks more like this (I copied this from the eclipse debug stack because I couldn't get the exception to push out a stack trace)

            Basically the Class.forName inside of LoginContext will raise an exception after getting the name  org.picketlink.identity.federation.bindings.jboss.auth.SAML2LoginModule from the call here moduleStack[i].entry.getLoginModuleName()

                                Class c = Class.forName

                                            (moduleStack[i].entry.getLoginModuleName(),

                                            true,

                                            contextClassLoader);

                            LoginContext.invoke(String) line: 746

                            LoginContext.access$000(LoginContext, String) line: 203

                            LoginContext$4.run() line: 698

                            LoginContext$4.run() line: 696

                            AccessController.doPrivileged(PrivilegedExceptionAction<T>) line: not available [native method]

                            LoginContext.invokePriv(String) line: 695

                            LoginContext.login() line: 594

                            JBossCachedAuthenticationManager.defaultLogin(Principal, Object) line: 408

                            JBossCachedAuthenticationManager.proceedWithJaasLogin(Principal, Object, Subject) line: 345

                            JBossCachedAuthenticationManager.authenticate(Principal, Object, Subject) line: 333

                            JBossCachedAuthenticationManager.isValid(Principal, Object, Subject) line: 146

                            SimpleSecurityManager.authenticate(SecurityContext, Subject) line: 397

                            SimpleSecurityManager.push(String, String, String, Set<String>) line: 332

                            SecurityContextInterceptor$1.run() line: 49

                            SecurityContextInterceptor$1.run() line: 45

                            AccessController.doPrivileged(PrivilegedAction<T>) line: not available [native method]

                            SecurityContextInterceptor.processInvocation(InterceptorContext) line: 74

                            InterceptorContext.proceed() line: 288

                            ShutDownInterceptorFactory$1.processInvocation(InterceptorContext) line: 64

                            InterceptorContext.proceed() line: 288

                            LoggingInterceptor.processInvocation(InterceptorContext) line: 59

                            InterceptorContext.proceed() line: 288

                            EjbExceptionTransformingInterceptorFactories$2.processInvocation(InterceptorContext) line: 89

                            InterceptorContext.proceed() line: 288

                            NamespaceContextInterceptor.processInvocation(InterceptorContext) line: 50

                            InterceptorContext.proceed() line: 288

                            AdditionalSetupInterceptor.processInvocation(InterceptorContext) line: 54

                            InterceptorContext.proceed() line: 288

                            TCCLInterceptor.processInvocation(InterceptorContext) line: 45

                            InterceptorContext.proceed() line: 288

                            ChainedInterceptor.processInvocation(InterceptorContext) line: 61

                            ViewService$View.invoke(InterceptorContext) line: 165

                            ViewDescription$1.processInvocation(InterceptorContext) line: 182

                            InterceptorContext.proceed() line: 288

                            ChainedInterceptor.processInvocation(InterceptorContext) line: 61

                            ProxyInvocationHandler.invoke(Object, Method, Object[]) line: 72

                            IlrExternalInterfaceWorkerLocalSession$$$view6.commitNextElement(IlrWorkerContext, int) line: not available

                            IlrExternalInterfaceFacadeLocalSessionBean.commitRuleDataSeparately(IlrCredentials, String, IlrTransactionalBehavior) line: not available

                            IlrExternalInterfaceFacadeLocalSessionBean.commitRuleData(IlrCredentials, String, IlrTransactionalBehavior) line: not available

                            NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]

                            NativeMethodAccessorImpl.invoke(Object, Object[]) line: 57

                            DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43

                            Method.invoke(Object, Object...) line: 601

                            ManagedReferenceMethodInterceptorFactory$ManagedReferenceMethodInterceptor.processInvocation(InterceptorContext) line: 72

                            InterceptorContext.proceed() line: 288

                            WeavedInterceptor.processInvocation(InterceptorContext) line: 53

                            UserInterceptorFactory$1.processInvocation(InterceptorContext) line: 58

                            InterceptorContext.proceed() line: 288

                            WeavedInterceptor.processInvocation(InterceptorContext) line: 53

                            UserInterceptorFactory$1.processInvocation(InterceptorContext) line: 58

                            InterceptorContext.proceed() line: 288

                            ExecutionTimeInterceptor.processInvocation(InterceptorContext) line: 43

                            InterceptorContext.proceed() line: 288

                            SBInvocationInterceptor.processInvocation(InterceptorContext) line: 47

                            InterceptorContext.proceed() line: 288

                            InitialInterceptor.processInvocation(InterceptorContext) line: 21

                            InterceptorContext.proceed() line: 288

                            ChainedInterceptor.processInvocation(InterceptorContext) line: 61

                            ComponentDispatcherInterceptor.processInvocation(InterceptorContext) line: 53

                            InterceptorContext.proceed() line: 288

                            PooledInstanceInterceptor.processInvocation(InterceptorContext) line: 51

                            InterceptorContext.proceed() line: 288

                            CMTTxInterceptor.invokeInNoTx(InterceptorContext, EJBComponent) line: 235

                            CMTTxInterceptor.never(InterceptorContext, EJBComponent) line: 285

                            CMTTxInterceptor.processInvocation(InterceptorContext) line: 210

                            InterceptorContext.proceed() line: 288

                            CurrentInvocationContextInterceptor.processInvocation(InterceptorContext) line: 41

                            InterceptorContext.proceed() line: 288

                            AuthorizationInterceptor.processInvocation(InterceptorContext) line: 122

                            InterceptorContext.proceed() line: 288

                            SecurityContextInterceptor.processInvocation(InterceptorContext) line: 76

                            InterceptorContext.proceed() line: 288

                            ShutDownInterceptorFactory$1.processInvocation(InterceptorContext) line: 64

                            InterceptorContext.proceed() line: 288

                            LoggingInterceptor.processInvocation(InterceptorContext) line: 59

                            InterceptorContext.proceed() line: 288

                            EjbExceptionTransformingInterceptorFactories$2.processInvocation(InterceptorContext) line: 89

                            InterceptorContext.proceed() line: 288

                            NamespaceContextInterceptor.processInvocation(InterceptorContext) line: 50

                            InterceptorContext.proceed() line: 288

                            AdditionalSetupInterceptor.processInvocation(InterceptorContext) line: 54

                            InterceptorContext.proceed() line: 288

                            TCCLInterceptor.processInvocation(InterceptorContext) line: 45

                            InterceptorContext.proceed() line: 288

                            ChainedInterceptor.processInvocation(InterceptorContext) line: 61

                            ViewService$View.invoke(InterceptorContext) line: 165

                            ViewDescription$1.processInvocation(InterceptorContext) line: 182

                            InterceptorContext.proceed() line: 288

                            ChainedInterceptor.processInvocation(InterceptorContext) line: 61

                            ProxyInvocationHandler.invoke(Object, Method, Object[]) line: 72

                            IlrExternalInterfaceFacadeLocalSession$$$view4.commitRuleData(IlrCredentials, String, IlrTransactionalBehavior) line: not available

                            IlrSynchronizationEntryPointServlet.handlecommitRuleData(Map, ServletOutputStream) line: not available

                            NativeMethodAccessorImpl.invoke0(Method, Object, Object[]) line: not available [native method]

                            NativeMethodAccessorImpl.invoke(Object, Object[]) line: 57

                            DelegatingMethodAccessorImpl.invoke(Object, Object[]) line: 43

                            Method.invoke(Object, Object...) line: 601

                            IlrSynchronizationEntryPointServlet.handleMethod(String, Map, ServletOutputStream) line: not available

                            IlrSynchronizationEntryPointServlet.doPost(HttpServletRequest, HttpServletResponse) line: not available

                            IlrSynchronizationEntryPointServlet(HttpServlet).service(HttpServletRequest, HttpServletResponse) line: 754

                            IlrSynchronizationEntryPointServlet(HttpServlet).service(ServletRequest, ServletResponse) line: 847

                            ApplicationFilterChain.internalDoFilter(ServletRequest, ServletResponse) line: 295

                            ApplicationFilterChain.doFilter(ServletRequest, ServletResponse) line: 214

                            StandardWrapperValve.invoke(Request, Response) line: 230

                            StandardContextValve.invoke(Request, Response) line: 149

                            ServiceProviderAuthenticator(AuthenticatorBase).invoke(Request, Response) line: 481

                            SecurityContextAssociationValve.invoke(Request, Response) line: 169

                            StandardHostValve.invoke(Request, Response) line: 145

                            ErrorReportValve.invoke(Request, Response) line: 97

                            StandardEngineValve.invoke(Request, Response) line: 102

                            CoyoteAdapter.service(Request, Response) line: 336

                            Http11Processor.process(Socket) line: 856

                            Http11Protocol$Http11ConnectionHandler.process(Socket) line: 653

                            JIoEndpoint$Worker.run() line: 920

                            Thread.run() line: 722

            • 3. Re: JBoss 7.2 Janus + EJB Authentication configuration issue
              sou pra Newbie

              did this problem resolve?

              I'm facing similar issue where EJB call (uses global JNDI)  from a servlet works fine on Jboss as 7.0 but does not work on Jboss 7.2. (EAP 6.1)

              Is there any configuration we need to change when invoking EJB (JNDI lookup and create) from a servlet?