1 Reply Latest reply on Nov 14, 2001 2:43 AM by Allen Fogleson

    Jboss 3 Security failure

    Allen Fogleson Newbie

      Hi all,

      I bit the bullet and decided to port my application to Jboss 3. ( yes yes I know it is in alpha) I am having some weird problems with security in 3.0 which worked fine in 2.4.3 (and still do :)

      Whenever I go to a protected resource I get the login box, and login and get the following exception

      [2001-11-07 02:03:57,829,Jetty,INFO] +++ JBossUserRealm.getUser, username=foglesa
      [2001-11-07 02:03:57,869,Jetty,INFO] Authenticating access, username: foglesa
      [2001-11-07 02:03:58,079,Default,INFO] Did not find the UCL resource com/sun/security/auth/Resources_en.properties
      [2001-11-07 02:03:58,139,Default,INFO] Did not find the UCL resource com/sun/security/auth/Resources_en_US.properties
      [2001-11-07 02:03:58,290,jdbclogin,DEBUG] Login failure
      javax.security.auth.login.LoginException: java.lang.NoSuchMethodError
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:159)
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:94)
      at java.lang.reflect.Method.invoke(Native Method)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:664)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:385)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:352)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:208)
      at org.jboss.jetty.JBossUserRealm$User.authenticate(JBossUserRealm.java:64)
      at org.mortbay.http.handler.SecurityHandler.basicAuthenticated(SecurityHandler.java:397)
      at org.mortbay.http.handler.SecurityHandler.authenticatedInRole(SecurityHandler.java:315)
      at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:271)
      at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1040)
      at org.mortbay.http.HandlerContext.handle(HandlerContext.java:995)
      at org.mortbay.http.HttpServer.service(HttpServer.java:683)
      at org.mortbay.http.HttpConnection.service(HttpConnection.java:732)
      at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:889)
      at org.mortbay.http.HttpConnection.handle(HttpConnection.java:746)
      at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:146)
      at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
      at org.mortbay.util.ThreadPool$PoolThreadRunnable.run(ThreadPool.java:609)
      at java.lang.Thread.run(Unknown Source)

      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:719)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:385)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:352)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:208)
      at org.jboss.jetty.JBossUserRealm$User.authenticate(JBossUserRealm.java:64)
      at org.mortbay.http.handler.SecurityHandler.basicAuthenticated(SecurityHandler.java:397)
      at org.mortbay.http.handler.SecurityHandler.authenticatedInRole(SecurityHandler.java:315)
      at org.mortbay.http.handler.SecurityHandler.handle(SecurityHandler.java:271)
      at org.mortbay.http.HandlerContext.handle(HandlerContext.java:1040)
      at org.mortbay.http.HandlerContext.handle(HandlerContext.java:995)
      at org.mortbay.http.HttpServer.service(HttpServer.java:683)
      at org.mortbay.http.HttpConnection.service(HttpConnection.java:732)
      at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:889)
      at org.mortbay.http.HttpConnection.handle(HttpConnection.java:746)
      at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:146)
      at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:287)
      at org.mortbay.util.ThreadPool$PoolThreadRunnable.run(ThreadPool.java:609)
      at java.lang.Thread.run(Unknown Source)
      [2001-11-07 02:03:58,290,Jetty,INFO] User: foglesa is NOT authenticated
      [2001-11-07 02:03:58,290,Jetty,WARN] WARNING: AUTH FAILURE: user foglesa


      if I take out the castor.jar i now get this....


      [2001-11-07 13:21:43,583,ConnectionFactoryLoader,DEBUG] ConnectionFactoryLoader.getObjectInstance, name = 'multiDS'
      [2001-11-07 13:21:43,583,multiDS,DEBUG] Pool multiDS [1/1/10] gave out pooled object: org.jboss.resource.adapter.jdbc.local.JDBCManagedConnection@5fd251
      [2001-11-07 13:21:43,583,multiDS,DEBUG] Connection handle 'org.jboss.resource.adapter.jdbc.local.ConnectionInPool@6b51d8' issued by connection manager 'org.jboss.resource.connectionmanager.jboss.MinervaSharedLocalCM@3e2893' from mcf 'org.jboss.resource.adapter.jdbc.local.JDBCManagedConnectionFactory@a0544'
      [2001-11-07 13:21:43,593,multiDS,DEBUG] Connection handle 'org.jboss.resource.adapter.jdbc.local.ConnectionInPool@6b51d8' closed from connection manager 'org.jboss.resource.connectionmanager.jboss.MinervaSharedLocalCM@3e2893' from mcf 'org.jboss.resource.adapter.jdbc.local.JDBCManagedConnectionFactory@a0544'
      [2001-11-07 13:21:43,593,multiDS,DEBUG] Pool multiDS [0/1/10] returned object org.jboss.resource.adapter.jdbc.local.JDBCManagedConnection@5fd251 to the pool.
      [2001-11-07 13:21:43,633,Jetty,INFO] User: foglesa is authenticated
      [2001-11-07 13:21:43,633,Jetty,INFO] Authorizing access, username: foglesa
      [2001-11-07 13:21:43,633,Jetty,INFO] User: foglesa is authorized

      which seems to work, but then I get an error 403-forbidden error from the webserver.

      Any clues??

      Al

        • 1. Re: Jboss 3 Security failure
          Allen Fogleson Newbie

          just for historic reasons I discovered this bug is in Jetty. (or at least the version bundled with jbos 3.0.0Alpha) To fix it I copied the org.mortbay.jetty, javax.servlet and org.apache.jasper jar files into the jboss3.0.0alpha lib/ext directory and all works fine (again if castor.jar is NOT in the classpath... havent figured that one out)

          Al