4 Replies Latest reply on Feb 8, 2003 1:38 PM by Darryl Landvater

    Applet authentication problem

    Steve Liu Newbie

      an applet was plugged into a jsp use <jsp:plugin type="applet">..., this jsp was protected with JBossSX mechanism, and I used BASIC auth-method.

      This applet had some codes to communicate with EJB.

      After a successful authentication, the jsp would be displayed properly, then, the applet started(I use IE5.5, Sun Java Plugin 1.3.1), a dialog prompted and asked for user name and password again(this dialog was not the same as what was displayed for http auth, it looks like a Java dialog), so, I input my user name and password. then, on console of both Java plugin and JBoss, I got exception saying;

      Authentication exception, principal=null

      This was not caused by EJB side, because all EJB communication codes written directly in JSPs run just well.

      my question are:
      1. Is there anyway to avoid the second prompt, so if the jsp access was authenticated, the applet in it was authenticated automatically?

      2. why authentication exception occured after I input the correct user name and password?

      thanks

        • 1. Re: Applet authentication problem
          Steve Liu Newbie

          I have thought I could use the same method as JBoss HOWTO: "JAAS Based Security in JBoss" but I failed.

          in the HOWTO, there is a "Session Client" which use a CallbackHandler class to login. Although I am unable to get the authenticated user and password from JSP to it's embedded applet, as a test, I code the user name and password as "sliu" and "sliu", and copy "AppCallbackHandler" class codes in "Session Client" into my applet, then when a button clicked, action performed as below:

          void btnTest_actionPerformed(java.awt.event.ActionEvent event)
          {
          System.out.println("Login...");
          try{
          String user = "sliu";
          char [] password = "sliu".toCharArray();
          AppletCallbackHandler handler = new AppletCallbackHandler(user, password);
          LoginContext lc = new LoginContext("bizsphere", handler);
          System.out.println("Created LoginContext");
          lc.login();
          }catch(LoginException le){
          System.out.println("Login failed.");
          le.printStackTrace();
          }
          }


          the error message on Applet console shows:


          Login...

          unable to instantiate LoginConfiguration

          java.lang.SecurityException: unable to instantiate LoginConfiguration

          at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:212)

          at javax.security.auth.login.LoginContext$1.run(LoginContext.java:166)

          at java.security.AccessController.doPrivileged(Native Method)

          at javax.security.auth.login.LoginContext.init(LoginContext.java:163)

          at javax.security.auth.login.LoginContext.(LoginContext.java:319)

          at bs.applets.tstAuth.btnTest_actionPerformed(Unknown Source)

          at bs.applets.tstAuth$SymAction.actionPerformed(Unknown Source)

          at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)

          at javax.swing.AbstractButton$ForwardActionEvents.actionPerformed(Unknown Source)

          at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)

          at javax.swing.DefaultButtonModel.setPressed(Unknown Source)

          at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)

          at java.awt.Component.processMouseEvent(Unknown Source)

          at java.awt.Component.processEvent(Unknown Source)

          at java.awt.Container.processEvent(Unknown Source)

          at java.awt.Component.dispatchEventImpl(Unknown Source)

          at java.awt.Container.dispatchEventImpl(Unknown Source)

          at java.awt.Component.dispatchEvent(Unknown Source)

          at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)

          at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)

          at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)

          at java.awt.Container.dispatchEventImpl(Unknown Source)

          at java.awt.Component.dispatchEvent(Unknown Source)

          at java.awt.EventQueue.dispatchEvent(Unknown Source)

          at java.awt.EventDispatchThread.pumpOneEventForHierarchy(Unknown Source)

          at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)

          at java.awt.EventDispatchThread.pumpEvents(Unknown Source)

          at java.awt.EventDispatchThread.run(Unknown Source)




          please help, I really appreciate it.


          Steve

          • 2. Re: Applet authentication problem
            J. Wolfgang Kaltz Novice

            > java.lang.SecurityException: unable to instantiate
            > LoginConfiguration
            >
            > at
            > javax.security.auth.login.Configuration.getConfigurat
            > on(Configuration.java:212)

            This error message comes from the JAAS API; this error happens when whatever class you set as a login.configuration.provider can not be loaded by the system class loader.

            So, probably what is happening is either you have set a custom login.configuration.provider to some class which is not in the system class path, or you are using some JBoss code which is doing this.
            Note that whatever class is implementing the login configuration needs to be in the system class path; this class path may not be the same as your application's class path (example : a tomcat application)

            Hope that helps ... I don't know about the applet stuff but the solution very likely lies in adding some jar to the system class path where your applet is running.

            • 3. This is a wrong way to do this
              Konstantin Newbie

              Your applet runs in very different JVM
              ( on the client side )

              To communicate to EJB in your server it needs following:
              - client modules for EJB
              - correct setup for JNDI stuff
              ( I asume you got both things working or either you will not get "security violations")

              What's left is client side login - you may either use client login module, or just setup security association
              in applet JVM ( steal code from JBossSecurityMgrRealm
              if you like )

              • 4. Re: Applet authentication problem
                Darryl Landvater Newbie

                I have the same problem.

                I'm not familiar with the AppletCallbackHandler. Where would I find this class?

                Thanks