7 Replies Latest reply on Sep 25, 2013 2:16 PM by Michel Werren

    Management Realm and JAAS

    Michel Werren Novice

      Hello

      In our whole architecture runs at least 2 or more JBoss EAP 6.1.Final instances, on different machines. I have now a goal to centralize the authentication for the management realm (also for ones on the developer machines). I have tried now to change the management realm to use a custom security domain. What is confusing, the authentication seems to be invoked, but not through my ManagementRealmLoginModule (DatabaseServerLoginModule). I have deployed the login module classes as AS module.

       

      Has anyone a configuration like this, or has a suggestion?

       

      Regards

      Michel

       

      My configuration looks like:

      <management>

           <security-realms>

                <security-realm name="ManagementRealm">

                     <authentication>

                          <jaas name="apkernMgntDomain"/>

                     </authentication>

                </security-realm>

                <security-realm name="ApplicationRealm">

                     <authentication>

                          <local default-user="$local" allowed-users="*"/>

                          <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                     </authentication>

                     <authorization>

                          <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                     </authorization>

                </security-realm>

           </security-realms>

           <management-interfaces>

                <native-interface security-realm="ManagementRealm">

                     <socket-binding native="management-native"/>

                </native-interface>

                <http-interface security-realm="ManagementRealm">

                     <socket-binding http="management-http"/>

                </http-interface>

           </management-interfaces>

      </management>

       

      ------------------------------------

       

      <security-domain name="apkernMgntDomain" cache-type="default">

           <authentication>

                <login-module name="apkernMgntModule" code="ch.apkern.achilles.middleware.security.ManagementRealmLoginModule" flag="required" module="ch.apkern.middleware.security">

                     <module-option name="dsJndiName" value="java:jboss/jdbc/application_server"/>

                </login-module>

           </authentication>

           <audit>

                <provider-module code="LogAuditProvider"/>

           </audit>

      </security-domain>

        • 1. Re: Management Realm and JAAS
          jaikiran pai Master

          Can you enable TRACE level logs of the security packages and see if it shows up something? By the way are you sure the module packaging is correct and at the right location - ch/apkem/middleware/security/main/module.xml? What does the contents of module.xml look like?

          • 2. Re: Management Realm and JAAS
            Michel Werren Novice

            Hello Jaikiran

             

            I tried the behavior when i define the module in a wrong way. Then the Realm throws the two separate exceptions (no cause by) at login:

             

            DEBUG [org.jboss.security] (HttpManagementService-threads - 1) PBOX000206: Login failure: javax.security.auth.login.LoginException: No LoginModules configured for wrongDomain

            ...

            /

            DEBUG [org.jboss.as.domain.management.security.JaasCallbackHandler] (HttpManagementService-threads - 1) Failed to verify password in JAAS callbackhandler wrongDomain: java.lang.SecurityException: JBAS013323: Invalid User

            ...

             

            With the correct defined module, the only one log entry during a login try is:

             

            13:23:24,008 TRACE [org.jboss.security] (HttpManagementService-threads - 1) PBOX000200: Begin isValid, principal: admin, cache entry: null

             

             

            The folder structure under JBOSS_HOME/modules/system/layers/base:

            ├── ch

            │   ├── apkern

            │   │   └── middleware

            │   │       └── security

            │   │           └── main

            │   │               ├── apkern-middleware-security-6.1.0.jar

            │   │               └── module.xml

             

            modules.xml:

            <module xmlns="urn:jboss:module:1.1" name="ch.apkern.middleware.security">

                <properties>

                    <property name="jboss.api" value="private"/>

                </properties>

             

                <resources>

                    <resource-root path="apkern-middleware-security-6.1.0"/>

                    <!-- Insert resources here -->

                </resources>

             

                <dependencies>

                    <module name="org.slf4j"/>

                    <module name="org.picketbox"/>

                </dependencies>

            </module>

             

            My Log Subsystem Configuration:

                 <subsystem xmlns="urn:jboss:domain:logging:1.2">

                        <console-handler name="CONSOLE">

                            <level name="ALL"/>

                            <formatter>

                                <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>

                            </formatter>

                        </console-handler>

                        <periodic-rotating-file-handler name="FILE" autoflush="true">

                            <formatter>

                                <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>

                            </formatter>

                            <file relative-to="jboss.server.log.dir" path="server.log"/>

                            <suffix value=".yyyy-MM-dd"/>

                            <append value="true"/>

                        </periodic-rotating-file-handler>

                        <logger category="com.arjuna">

                            <level name="WARN"/>

                        </logger>

                        <logger category="org.apache.tomcat.util.modeler">

                            <level name="WARN"/>

                        </logger>

                        <logger category="org.jboss.as.config">

                            <level name="DEBUG"/>

                        </logger>

                        <logger category="sun.rmi">

                            <level name="WARN"/>

                        </logger>

                        <logger category="jacorb">

                            <level name="WARN"/>

                        </logger>

                        <logger category="jacorb.config">

                            <level name="ERROR"/>

                        </logger>

                        <logger category="org.jboss.security">

                            <level name="ALL"/>

                        </logger>

                        <logger category="ch.apkern.achilles.middleware.security">

                            <level name="ALL"/>

                        </logger>

                        <logger category="javax.security">

                            <level name="ALL"/>

                        </logger>

                        <logger category="org.jboss.as.domain.management">

                            <level name="ALL"/>

                        </logger>

                        <logger category="org.picketbox">

                            <level name="ALL"/>

                        </logger>

                        <root-logger>

                            <level name="INFO"/>

                            <handlers>

                                <handler name="CONSOLE"/>

                                <handler name="FILE"/>

                            </handlers>

                        </root-logger>

                    </subsystem>

             

            ch.apkern.achilles.middleware.security.ManagementRealmLoginModule:

             

            package ch.apkern.achilles.middleware.security;

             

            import org.jboss.security.auth.spi.DatabaseServerLoginModule;

            import org.slf4j.Logger;

            import org.slf4j.LoggerFactory;

             

            import javax.naming.NamingException;

            import javax.security.auth.Subject;

            import javax.security.auth.callback.CallbackHandler;

            import javax.security.auth.login.LoginException;

            import javax.transaction.TransactionManager;

            import java.io.InputStream;

            import java.security.Principal;

            import java.security.acl.Group;

            import java.util.Map;

            import java.util.Set;

             

            public class ManagementRealmLoginModule extends DatabaseServerLoginModule {

                private static final Logger LOGGER = LoggerFactory.getLogger(ApplicationRealmLoginModule.class);

             

                public ManagementRealmLoginModule() {

                    System.out.println("ManagementRealmLoginModule");

                }

             

                @Override

                public void initialize(Subject subject, CallbackHandler callbackHandler, Map<String, ?> sharedState, Map<String, ?> options) {

                    System.out.println("initialize");

                    super.initialize(subject, callbackHandler, sharedState, options);

                }

                @Override

                protected TransactionManager getTransactionManager() throws NamingException {

                    return super.getTransactionManager();

                }

             

                @Override

                protected String getUsername() {

                    System.out.println("getUsersPassword");

                    return super.getUsername();

                }

             

                @Override

                protected String getUsersPassword() throws LoginException {

                    System.out.println("getUsersPassword");

                    return super.getUsersPassword();

                }

             

                @Override

                protected Group[] getRoleSets() throws LoginException {

                    System.out.println("getRoleSets");

                    return super.getRoleSets();

                }

             

                @Override

                protected String convertRawPassword(String rawPassword) {

                    System.out.println("convertRawPassword");

                    return super.convertRawPassword(rawPassword);

                }

             

                @Override

                public boolean login() throws LoginException {

                    System.out.println("login");

                    return super.login();

                }

             

                @Override

                protected Principal getIdentity() {

                    System.out.println("getIdentity");

                    return super.getIdentity();

                }

             

                @Override

                protected Principal getUnauthenticatedIdentity() {

                    System.out.println("getUnauthenticatedIdentity");

                    return super.getUnauthenticatedIdentity();

                }

             

                @Override

                protected Object getCredentials() {

                    System.out.println("getCredentials");

                    return super.getCredentials();

                }

             

                @Override

                protected String[] getUsernameAndPassword() throws LoginException {

                    System.out.println("getUsernameAndPassword");

                    return super.getUsernameAndPassword();

                }

             

                @Override

                protected String createPasswordHash(String username, String password, String digestOption) throws LoginException {

                    System.out.println("createPasswordHash");

                    return super.createPasswordHash(username, password, digestOption);

                }

             

                @Override

                protected Throwable getValidateError() {

                    System.out.println("getValidateError");

                    return super.getValidateError();

                }

             

                @Override

                protected void setValidateError(Throwable validateError) {

                    System.out.println("setValidateError");

                    super.setValidateError(validateError);

                }

             

                @Override

                protected boolean validatePassword(String inputPassword, String expectedPassword) {

                    System.out.println("validatePassword");

                    return super.validatePassword(inputPassword, expectedPassword);

                }

             

                @Override

                protected void safeClose(InputStream fis) {

                    System.out.println("safeClose");

                    super.safeClose(fis);

                }

             

                @Override

                public boolean commit() throws LoginException {

                    System.out.println("commit");

                    return super.commit();

                }

             

                @Override

                public boolean abort() throws LoginException {

                    System.out.println("abort");

                    return super.abort();

                }

             

                @Override

                public boolean logout() throws LoginException {

                    System.out.println("logout");

                    return super.logout();

                }

             

                @Override

                protected boolean getUseFirstPass() {

                    System.out.println("getUseFirstPass");

                    return super.getUseFirstPass();

                }

             

                @Override

                protected Group createGroup(String name, Set<Principal> principals) {

                    System.out.println("createGroup");

                    return super.createGroup(name, principals);

                }

             

                @Override

                protected Principal createIdentity(String username) throws Exception {

                    System.out.println("createIdentity");

                    return super.createIdentity(username);

                }

             

                @Override

                protected Group getCallerPrincipalGroup(Set<Principal> principals) {

                    System.out.println("getCallerPrincipalGroup");

                    return super.getCallerPrincipalGroup(principals);

                }

            • 3. Re: Management Realm and JAAS
              jaikiran pai Master

              Please enable trace level logging on org.jboss.as.domain.management.security package too.

              • 4. Re: Management Realm and JAAS
                Michel Werren Novice

                Done, but no more log entries. Neither during bootstrap or login try.

                 

                Here the bootstrap log:

                 

                14:03:19,146 INFO  [org.jboss.modules] (main) JBoss Modules version 1.2.0.Final-redhat-1

                14:03:19,321 INFO  [org.jboss.msc] (main) JBoss MSC version 1.0.4.GA-redhat-1

                14:03:19,386 INFO  [org.jboss.as] (MSC service thread 1-6) JBAS015899: JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) starting

                14:03:19,394 DEBUG [org.jboss.as.config] (MSC service thread 1-6) Configured system properties:

                    [Standalone] =

                    file.encoding = UTF-8

                    file.encoding.pkg = sun.io

                    file.separator = /

                    java.awt.graphicsenv = sun.awt.X11GraphicsEnvironment

                    java.awt.headless = true

                    java.awt.printerjob = sun.print.PSPrinterJob

                    java.class.path = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/jboss-modules.jar

                    java.class.version = 50.0

                    java.endorsed.dirs = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/endorsed

                    java.ext.dirs = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/ext:/usr/java/packages/lib/ext

                    java.home = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre

                    java.io.tmpdir = /tmp

                    java.library.path = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/amd64/server:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/amd64:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/../lib/amd64:/home/michel/development/idea-12.1.2/bin::/usr/java/packages/lib/amd64:/usr/lib64:/lib64:/lib:/usr/lib

                    java.net.preferIPv4Stack = true

                    java.runtime.name = Java(TM) SE Runtime Environment

                    java.runtime.version = 1.6.0_37-b06

                    java.specification.name = Java Platform API Specification

                    java.specification.vendor = Sun Microsystems Inc.

                    java.specification.version = 1.6

                    java.util.logging.manager = org.jboss.logmanager.LogManager

                    java.vendor = Sun Microsystems Inc.

                    java.vendor.url = http://java.sun.com/

                    java.vendor.url.bug = http://java.sun.com/cgi-bin/bugreport.cgi

                    java.version = 1.6.0_37

                    java.vm.info = mixed mode

                    java.vm.name = Java HotSpot(TM) 64-Bit Server VM

                    java.vm.specification.name = Java Virtual Machine Specification

                    java.vm.specification.vendor = Sun Microsystems Inc.

                    java.vm.specification.version = 1.0

                    java.vm.vendor = Sun Microsystems Inc.

                    java.vm.version = 20.12-b01

                    javax.management.builder.initial = org.jboss.as.jmx.PluggableMBeanServerBuilder

                    javax.xml.datatype.DatatypeFactory = __redirected.__DatatypeFactory

                    javax.xml.parsers.DocumentBuilderFactory = __redirected.__DocumentBuilderFactory

                    javax.xml.parsers.SAXParserFactory = __redirected.__SAXParserFactory

                    javax.xml.stream.XMLEventFactory = __redirected.__XMLEventFactory

                    javax.xml.stream.XMLInputFactory = __redirected.__XMLInputFactory

                    javax.xml.stream.XMLOutputFactory = __redirected.__XMLOutputFactory

                    javax.xml.transform.TransformerFactory = __redirected.__TransformerFactory

                    javax.xml.validation.SchemaFactory:http://www.w3.org/2001/XMLSchema = __redirected.__SchemaFactory

                    javax.xml.xpath.XPathFactory:http://java.sun.com/jaxp/xpath/dom = __redirected.__XPathFactory

                    jboss.home.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server

                    jboss.host.name = michel-tux

                    jboss.modules.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/modules

                    jboss.modules.system.pkgs = org.jboss.byteman

                    jboss.node.name = michel-tux

                    jboss.qualified.host.name = michel-tux

                    jboss.server.base.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone

                    jboss.server.config.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/configuration

                    jboss.server.data.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/data

                    jboss.server.deploy.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/data/content

                    jboss.server.log.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/log

                    jboss.server.name = michel-tux

                    jboss.server.persist.config = true

                    jboss.server.temp.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/tmp

                    line.separator =

                 

                    logging.configuration = file:/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/configuration/logging.properties

                    module.path = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/modules

                    org.jboss.boot.log.file = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/log/server.log

                    org.jboss.resolver.warning = true

                    org.xml.sax.driver = __redirected.__XMLReaderFactory

                    os.arch = amd64

                    os.name = Linux

                    os.version = 3.2.0-23-generic

                    path.separator = :

                    sun.arch.data.model = 64

                    sun.boot.class.path = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/resources.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/rt.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/sunrsasign.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/jsse.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/jce.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/charsets.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/modules/jdk.boot.jar:/usr/lib/jvm/sun-java6-jdk-1.6.37/jre/classes

                    sun.boot.library.path = /usr/lib/jvm/sun-java6-jdk-1.6.37/jre/lib/amd64

                    sun.cpu.endian = little

                    sun.cpu.isalist =

                    sun.io.unicode.encoding = UnicodeLittle

                    sun.java.command = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/jboss-modules.jar -mp /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/modules -jaxpmodule javax.xml.jaxp-provider org.jboss.as.standalone -Djboss.home.dir=/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server -Djboss.server.base.dir=/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone

                    sun.java.launcher = SUN_STANDARD

                    sun.jnu.encoding = UTF-8

                    sun.management.compiler = HotSpot 64-Bit Tiered Compilers

                    sun.os.patch.level = unknown

                    user.country = US

                    user.dir = /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/bin

                    user.home = /home/michel

                    user.language = en

                    user.name = michel

                    user.timezone = Europe/Zurich

                14:03:19,403 DEBUG [org.jboss.as.config] (MSC service thread 1-6) VM Arguments: -D[Standalone] -XX:+UseCompressedOops -Xms1303m -Xmx2048m -XX:MaxPermSize=512m -Djava.net.preferIPv4Stack=true -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Dorg.jboss.boot.log.file=/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/log/server.log -Dlogging.configuration=file:/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/configuration/logging.properties

                14:03:20,256 INFO  [org.xnio] (MSC service thread 1-3) XNIO Version 3.0.7.GA-redhat-1

                14:03:20,258 INFO  [org.jboss.as.server] (Controller Boot Thread) JBAS015888: Creating http management service using socket-binding (management-http)

                14:03:20,263 INFO  [org.xnio.nio] (MSC service thread 1-3) XNIO NIO Implementation Version 3.0.7.GA-redhat-1

                14:03:20,275 INFO  [org.jboss.remoting] (MSC service thread 1-3) JBoss Remoting version 3.2.16.GA-redhat-1

                14:03:20,297 INFO  [org.jboss.as.clustering.infinispan] (ServerService Thread Pool -- 29) JBAS010280: Activating Infinispan subsystem.

                14:03:20,307 INFO  [org.jboss.as.jsf] (ServerService Thread Pool -- 35) JBAS012605: Activated the following JSF Implementations: [main, 1.2]

                14:03:20,312 INFO  [org.jboss.as.naming] (ServerService Thread Pool -- 37) JBAS011800: Activating Naming Subsystem

                14:03:20,337 INFO  [org.jboss.as.security] (ServerService Thread Pool -- 42) JBAS013171: Activating Security Subsystem

                14:03:20,339 INFO  [org.jboss.as.connector.logging] (MSC service thread 1-11) JBAS010408: Starting JCA Subsystem (IronJacamar 1.0.17.Final-redhat-1)

                14:03:20,356 INFO  [org.jboss.as.webservices] (ServerService Thread Pool -- 46) JBAS015537: Activating WebServices Extension

                14:03:20,360 INFO  [org.jboss.as.security] (MSC service thread 1-5) JBAS013170: Current PicketBox version=4.0.17.Final-redhat-1

                14:03:20,361 INFO  [org.jboss.as.naming] (MSC service thread 1-10) JBAS011802: Starting Naming Service

                14:03:20,364 INFO  [org.jboss.as.mail.extension] (MSC service thread 1-9) JBAS015400: Bound mail session [java:jboss/mail/Default]

                14:03:20,468 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 25) JBAS010404: Deploying non-JDBC-compliant driver class com.mysql.jdbc.Driver (version 5.1)

                14:03:20,580 INFO  [org.jboss.ws.common.management] (MSC service thread 1-16) JBWS022052: Starting JBoss Web Services - Stack CXF Server 4.1.3.Final-redhat-3

                14:03:20,639 INFO  [org.jboss.as.connector.subsystems.datasources] (ServerService Thread Pool -- 25) JBAS010403: Deploying JDBC-compliant driver class oracle.jdbc.OracleDriver (version 11.2)

                14:03:20,739 INFO  [org.apache.coyote.http11] (MSC service thread 1-13) JBWEB003001: Coyote HTTP/1.1 initializing on : http-/0.0.0.0:8080

                14:03:20,751 INFO  [org.apache.coyote.http11] (MSC service thread 1-13) JBWEB003000: Coyote HTTP/1.1 starting on: http-/0.0.0.0:8080

                14:03:20,858 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-3) JBAS010400: Bound data source [java:jboss/jdbc/application_server]

                14:03:20,858 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-12) JBAS010400: Bound data source [java:jboss/jdbc/apkern]

                14:03:20,859 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-16) JBAS010400: Bound data source [java:jboss/jdbc/apkerntesttransient]

                14:03:20,859 INFO  [org.jboss.as.connector.subsystems.datasources] (MSC service thread 1-7) JBAS010400: Bound data source [java:jboss/jdbc/apkerntest]

                14:03:20,884 DEBUG [org.jboss.as.domain.management] (MSC service thread 1-1) Starting 'ManagementRealm' Security Realm Service

                14:03:20,889 DEBUG [org.jboss.as.domain.management] (MSC service thread 1-10) Reloading properties file '/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/configuration/application-roles.properties'

                14:03:20,890 DEBUG [org.jboss.as.domain.management] (MSC service thread 1-8) Reloading properties file '/home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/configuration/application-users.properties'

                14:03:20,891 DEBUG [org.jboss.as.domain.management] (MSC service thread 1-4) Starting 'ApplicationRealm' Security Realm Service

                14:03:20,902 INFO  [org.jboss.as.server.deployment.scanner] (MSC service thread 1-16) JBAS015012: Started FileSystemDeploymentService for directory /home/michel/development/middleware/apkern/middleware-6.1.0/local-application-server/standalone/deployments

                14:03:20,907 INFO  [org.jboss.as.remoting] (MSC service thread 1-11) JBAS017100: Listening on 0.0.0.0:9999

                14:03:20,907 INFO  [org.jboss.as.remoting] (MSC service thread 1-9) JBAS017100: Listening on 0.0.0.0:4447

                14:03:21,050 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015961: Http management interface listening on http://0.0.0.0:9990/management

                14:03:21,050 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015951: Admin console listening on http://0.0.0.0:9990

                14:03:21,050 INFO  [org.jboss.as] (Controller Boot Thread) JBAS015874: JBoss EAP 6.1.0.GA (AS 7.2.0.Final-redhat-8) started in 2264ms - Started 138 of 194 services (52 services are passive or on-demand)

                 

                And the log again the login try:

                14:08:08,752 TRACE [org.jboss.security] (HttpManagementService-threads - 1) PBOX000200: Begin isValid, principal: admin, cache entry: null

                14:08:08,758 TRACE [org.jboss.security] (HttpManagementService-threads - 1) PBOX000200: Begin isValid, principal: admin, cache entry: null

                • 5. Re: Management Realm and JAAS
                  Michel Werren Novice

                  Hello

                   

                  Sorry for the wasted time. It was my bad ... i forget the ".jar" extension for the module jar in the module.xml.

                   

                  Works now

                   

                  But i would be nice, to see errors like this.

                   

                  Regards Michel

                  • 6. Re: Management Realm and JAAS
                    jaikiran pai Master

                    No problem. How did you figure that out by the way? I mean was there some indication in the log? I would have expected a ClassNotFoundException for your login module class.

                    • 7. Re: Management Realm and JAAS
                      Michel Werren Novice

                      I have started to debug on the class "HttpManagementService" until i found the login workflow in the class "JBossCachedAuthenticationManager". Finally i see, thats in the "authenticate" method the line "ClassLoader newTCCL = theCLL.get(jbossModuleName);" failed and i followed this. In the class ModuleLoader in the method loadModuleLocal then the result of moduleMap.get(identifier); was null.

                       

                      But you are right. Afer this i got ClassNotFound exceptions for jdk classes, but this i could fix with system dependencies.

                       

                      Now are the errors in my classes, but the classloading etc. is done.

                       

                      What i see in the AS code is, that possible errors are partial hidden with finally blocks, maybe it would be very nice to see more errors at least on debug Log Level.

                       

                      Regards

                      Michel