1 Reply Latest reply on Nov 23, 2001 3:53 AM by J. Wolfgang Kaltz

    Fail to authenticate multiple users at the same time

    eddy Newbie

      Hi,

      I am running jboss-2.4.1_tomcat-3.2.3 and soap4j (2.2) on window 2000. The soap4j servlet is secured by jboss just like other servlet. It works perfectly if no user authenticate at the same time.However, if multiple users authenticate at the same time, I got the following exception:

      [SOAPException: faultCode=SOAP-ENV:Protocol; msg=Unsupported response content type "text/html", must be: "text/xml". Response was:
      <h1>Error: 500</h1>

      <h2>Location: /soap/servlet/rpcrouter</h2>Internal Servlet Error:java.lang.SecurityException: Configuration Error:

      Line 18: expected '{', found 'org.jboss.security.ClientLoginModule'

      at com.sun.security.auth.login.ConfigFile.getAppConfigurationEntry(ConfigFile.java:221)

      at javax.security.auth.login.LoginContext.init(LoginContext.java:172)

      at javax.security.auth.login.LoginContext.(LoginContext.java:266)

      at javax.security.auth.login.LoginContext.(LoginContext.java:380)

      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:360)

      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:328)

      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)

      at org.jboss.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:129)

      at org.apache.tomcat.core.ContextManager.doAuthenticate(ContextManager.java:852)

      at org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341)

      at org.jboss.tomcat.security.JBossSecurityMgrRealm.authorize(JBossSecurityMgrRealm.java:174)

      at org.apache.tomcat.core.ContextManager.doAuthorize(ContextManager.java:870)

      at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:804)

      at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)

      at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)

      at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)

      at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)

      at java.lang.Thread.run(Thread.java:484)





      ]

      at org.apache.soap.rpc.Call.getEnvelopeString(Call.java:175)

      at org.apache.soap.rpc.Call.invoke(Call.java:212)

      at com.seitel.gos.soap.GosStatelessEJBProviderTest.testUpload(GosStatelessEJBProviderTest.java:185)

      at java.lang.reflect.Method.invoke(Native Method)

      at junit.framework.TestCase.runTest(TestCase.java:156)

      at junit.framework.TestCase.runBare(TestCase.java:130)

      at junit.framework.TestResult$1.protect(TestResult.java:106)

      at junit.framework.TestResult.runProtected(TestResult.java:124)

      at junit.framework.TestResult.run(TestResult.java:109)

      at junit.framework.TestCase.run(TestCase.java:121)

      at junit.framework.TestSuite.runTest(TestSuite.java:157)

      at junit.framework.TestSuite.run(TestSuite.java:152)

      at junit.textui.TestRunner.doRun(TestRunner.java:74)

      at junit.textui.TestRunner.run(TestRunner.java:201)

      at com.seitel.gos.soap.TestScalability.run(TestScalability.java:42)

      It seems jboss fail to handle mulitple authentication at the same time. After I add the synchronized key word to defaultLogin method of JaasSecurityManager, it seems fixed the problem. However, I am not sure is it a right way of doing it. Hopefully, you guys fixed the problem and put it to the latest jboss release version.

      Thanks
      Eddy

        • 1. Re: Fail to authenticate multiple users at the same time
          J. Wolfgang Kaltz Novice

          > com.sun.security.auth.login.ConfigFile.getAppConfigur
          > tionEntry(ConfigFile.java:221)
          (...)
          > It seems jboss fail to handle mulitple authentication
          > at the same time. After I add the synchronized key
          > word to defaultLogin method of JaasSecurityManager,
          > it seems fixed the problem. However, I am not sure is
          > it a right way of doing it. Hopefully, you guys fixed
          > the problem and put it to the latest jboss release
          > version.

          Actually, this is not really JBoss' fault but the JAAS API from Sun, which is not synchronized. I remember Scott Stark posting about this a few weeks ago in this forum. I am not sure what the best work-around is (technically, probably editing the JAAS source code)