0 Replies Latest reply on Jun 11, 2014 10:35 AM by arnaud antoine

    JAAS Authentification & Jboss EAP 6.1

    arnaud antoine Newbie

      Hi everybody, i m trying to use JAAS to manage authentification on my webservice.

       

      I had this in my standalone.xml file :

       

      <security-domain name="helloworld-webservice-login" cache-type="default">
      <authentication>
      <login-module code="Database" flag="required">
      <module-option name="dsJndiName" value="java:/WEB_DS"/>
      <module-option name="principalsQuery" value="select password from s_user where s_user.username=?"/>
      <module-option name="rolesQuery" value="select name, 'Roles' from s_role where id in (select ROLE_ID from s_group_role, s_group, s_user, s_user_group where s_user.id=s_user_group.user_id and s_user_group.group_id=s_group.id and s_group_role.group_id=s_group.id and s_user.username=?)"/>
      <!-- Remove or Change based on your password encryption technique -->
      <module-option name="hashAlgorithm" value="SHA1"/>
      <module-option name="hashEncoding" value="base64"/>
      </login-module>
      </authentication>
      </security-domain>

       

      And this  :

      @SecurityDomain("helloworld-webservice-login")

      @WebContext(authMethod = "BASIC",contextRoot = "*****************", urlPattern = "**************")

      public class XXXXXXXXXXXXXXXXmpl implements XXXXXXXXXXXXXX {

       

      @RolesAllowed("say-hello")  

          public ******** () throws FaultMessage {

       

      And i get this

      16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null

       

      16:32:45,665 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin

       

      16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4

       

      16:32:45,666 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:

       

      [0]

       

      LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule

       

      ControlFlag: LoginModuleControlFlag : optional

       

      Options:

       

      name=password-stacking, value=useFirstPass

       

      [1]

       

      LoginModule Class: org.jboss.as.security.RealmDirectLoginModule

       

      ControlFlag: LoginModuleControlFlag : required

       

      Options:

       

      name=password-stacking, value=useFirstPass

       

      16:32:45,667 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method

       

      16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method

       

      16:32:45,668 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method

       

      16:32:45,669 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method

       

      16:32:45,670 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin

       

      16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method

       

      16:32:45,671 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method

       

      16:32:45,672 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required

       

          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]

       

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]

       

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]

       

          at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]

       

          at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)

       

          at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)

       

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)

       

          at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)

       

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)

       

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)

       

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)

       

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)

       

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)

       

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)

       

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)

       

          at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]

       

      16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false

       

      16:32:45,680 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null

       

      16:32:45,690 TRACE [org.jboss.security] (***********) PBOX000200: Begin isValid, principal: admin, cache entry: null

       

      16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000209: defaultLogin, principal: admin

       

      16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000221: Begin getAppConfigurationEntry(other), size: 4

       

      16:32:45,691 TRACE [org.jboss.security] (***********) PBOX000224: End getAppConfigurationEntry(other), AuthInfo: AppConfigurationEntry[]:

       

      [0]

       

      LoginModule Class: org.jboss.as.security.remoting.RemotingLoginModule

       

      ControlFlag: LoginModuleControlFlag : optional

       

      Options:

       

      name=password-stacking, value=useFirstPass

       

      [1]

       

      LoginModule Class: org.jboss.as.security.RealmDirectLoginModule

       

      ControlFlag: LoginModuleControlFlag : required

       

      Options:

       

      name=password-stacking, value=useFirstPass

       

      16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method

       

      16:32:45,692 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method

       

      16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000236: Begin initialize method

       

      16:32:45,693 TRACE [org.jboss.security] (***********) PBOX000240: Begin login method

       

      16:32:45,694 DEBUG [org.jboss.security] (***********) PBOX000283: Bad password for username admin

       

      16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method

       

      16:32:45,695 TRACE [org.jboss.security] (***********) PBOX000244: Begin abort method

       

      16:32:45,695 DEBUG [org.jboss.security] (***********) PBOX000206: Login failure: javax.security.auth.login.FailedLoginException: PBOX000070: Password invalid/Password required

       

          at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:284) [picketbox-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.7.0_55]

       

          at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) [rt.jar:1.7.0_55]

       

          at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) [rt.jar:1.7.0_55]

       

          at java.lang.reflect.Method.invoke(Method.java:606) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688) [rt.jar:1.7.0_55]

       

          at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687) [rt.jar:1.7.0_55]

       

          at javax.security.auth.login.LoginContext.login(LoginContext.java:595) [rt.jar:1.7.0_55]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:408) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:345) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:333) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:146) [picketbox-infinispan-4.0.17.Final-redhat-1.jar:4.0.17.Final-redhat-1]

       

          at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:216)

       

          at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:178)

       

          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:447)

       

          at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:169)

       

          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:145)

       

          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:97)

       

          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:102)

       

          at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:336)

       

          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)

       

          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:653)

       

          at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:920)

       

          at java.lang.Thread.run(Thread.java:744) [rt.jar:1.7.0_55]

       

      16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000201: End isValid, result = false

       

      16:32:45,703 TRACE [org.jboss.security] (***********) PBOX000354: Setting security roles ThreadLocal: null

      :

       

       

       

      Somebody has an idea about this problem?


      Best regards