Fail to authenticate multiple users at the same time
Hi,
I am running jboss-2.4.1_tomcat-3.2.3 and soap4j (2.2) on window 2000. The soap4j servlet is secured by jboss just like other servlet. It works perfectly if no user authenticate at the same time.However, if multiple users authenticate at the same time, I got the following exception:
[SOAPException: faultCode=SOAP-ENV:Protocol; msg=Unsupported response content type "text/html", must be: "text/xml". Response was:
<h1>Error: 500</h1>
<h2>Location: /soap/servlet/rpcrouter</h2>Internal Servlet Error:java.lang.SecurityException: Configuration Error:
Line 18: expected '{', found 'org.jboss.security.ClientLoginModule'
at com.sun.security.auth.login.ConfigFile.getAppConfigurationEntry(ConfigFile.java:221)
at javax.security.auth.login.LoginContext.init(LoginContext.java:172)
at javax.security.auth.login.LoginContext.(LoginContext.java:266)
at javax.security.auth.login.LoginContext.(LoginContext.java:380)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:360)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:328)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:215)
at org.jboss.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:129)
at org.apache.tomcat.core.ContextManager.doAuthenticate(ContextManager.java:852)
at org.apache.tomcat.core.RequestImpl.getRemoteUser(RequestImpl.java:341)
at org.jboss.tomcat.security.JBossSecurityMgrRealm.authorize(JBossSecurityMgrRealm.java:174)
at org.apache.tomcat.core.ContextManager.doAuthorize(ContextManager.java:870)
at org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:804)
at org.apache.tomcat.core.ContextManager.service(ContextManager.java:758)
at org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:213)
at org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416)
at org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:501)
at java.lang.Thread.run(Thread.java:484)
]
at org.apache.soap.rpc.Call.getEnvelopeString(Call.java:175)
at org.apache.soap.rpc.Call.invoke(Call.java:212)
at com.seitel.gos.soap.GosStatelessEJBProviderTest.testUpload(GosStatelessEJBProviderTest.java:185)
at java.lang.reflect.Method.invoke(Native Method)
at junit.framework.TestCase.runTest(TestCase.java:156)
at junit.framework.TestCase.runBare(TestCase.java:130)
at junit.framework.TestResult$1.protect(TestResult.java:106)
at junit.framework.TestResult.runProtected(TestResult.java:124)
at junit.framework.TestResult.run(TestResult.java:109)
at junit.framework.TestCase.run(TestCase.java:121)
at junit.framework.TestSuite.runTest(TestSuite.java:157)
at junit.framework.TestSuite.run(TestSuite.java:152)
at junit.textui.TestRunner.doRun(TestRunner.java:74)
at junit.textui.TestRunner.run(TestRunner.java:201)
at com.seitel.gos.soap.TestScalability.run(TestScalability.java:42)
It seems jboss fail to handle mulitple authentication at the same time. After I add the synchronized key word to defaultLogin method of JaasSecurityManager, it seems fixed the problem. However, I am not sure is it a right way of doing it. Hopefully, you guys fixed the problem and put it to the latest jboss release version.
Thanks
Eddy
