4 Replies Latest reply on Jul 15, 2017 6:55 AM by Ralph Soika

    JASPIC Module not working - Error getting ServerAuthContext for authContextId default-host

    Ralph Soika Novice

      Hi,

      I try to implement a JASPIC (JSR-196) module running on Wildfly 10.1.0.

      I think I am familiar with implementing a ServerAuthModule, which I have done several times for GlassFish in the past.

       

      I defined in my standalone.xml a new security domain for my JASPIC module like this:

       

       

      <security-domain name="jaspimodule1">
        <authentication-jaspi>
        <login-module-stack name="dummymodule1">
        <login-module code="DummyModule1" flag="optional"/>
        </login-module-stack>
        <auth-module code="com.imixs.auth.DummyAuthModule" />
        </authentication-jaspi>
      </security-domain>
      

       

      I also added the following jboss-web.xml to my web application

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss-web>
        <security-domain>jaspimodule1</security-domain>
      </jboss-web>
      

       

      I removed the 'login-config' form my web.xml and added only the 'security-constraint' and 'security-role' configuration.

       

      When I try to access my application in debug mode, I see that the 'initialize' method is called, so I think my module is registered in some way.

       

      @Override
        public void initialize(MessagePolicy requestPolicy, MessagePolicy responsePolicy, CallbackHandler handler,
        Map options) throws AuthException {
        logger.finest("AuthModule:  initialize....");
        this.requestPolicy = requestPolicy;
        this.responsePolicy = responsePolicy;
        if (requestPolicy != null) {
          this.isMandatory = requestPolicy.isMandatory();
        }
        this.handler = handler;
        this.options = options;
        }
      

       

      But my problem is hat the method 'validateRequest' is never called.

       

      On the wildfly server console I got the following exception:

       

       | 20:56:44,732 ERROR [org.jboss.security] (default task-47) PBOX00374: Error getting ServerAuthContext for authContextId default-host /office-test and security domain jaspimodule1: javax.security.auth.message.AuthException
        | at org.jboss.security.auth.message.config.JBossServerAuthConfig.getAuthContext(JBossServerAuthConfig.java:187)
        | at org.jboss.security.plugins.auth.JASPIServerAuthenticationManager.isValid(JASPIServerAuthenticationManager.java:99)
        | at org.wildfly.extension.undertow.security.jaspi.JASPICAuthenticationMechanism.authenticate(JASPICAuthenticationMechanism.java:123)
        | at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.transition(SecurityContextImpl.java:245)
        | at io.undertow.security.impl.SecurityContextImpl$AuthAttempter.access$100(SecurityContextImpl.java:231)
        | at io.undertow.security.impl.SecurityContextImpl.attemptAuthentication(SecurityContextImpl.java:125)
        | at io.undertow.security.impl.SecurityContextImpl.authTransition(SecurityContextImpl.java:99)
        | at io.undertow.security.impl.SecurityContextImpl.authenticate(SecurityContextImpl.java:92)
        | at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:55)
        | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        | at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
        | at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
        | at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
        | at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
        | at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
        | at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
        | at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
        | at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
        | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        | at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
        | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        | at org.wildfly.extension.undertow.security.jaspi.JASPICSecureResponseHandler.handleRequest(JASPICSecureResponseHandler.java:26)
        | at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
        | at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:292)
        | at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:81)
        | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:138)
        | at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
        | at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
        | at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.api.LegacyThreadSetupActionWrapper$1.call(LegacyThreadSetupActionWrapper.java:44)
        | at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:272)
        | at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
        | at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:104)
        | at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
        | at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:805)
        | at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        | at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        | at java.lang.Thread.run(Thread.java:745)
      

       

      Can anybody help me what this message means and where the missing part in my configuration could be?

       

      Thanks for help


      ===
      Ralph