can LoginModule call external RMI?
I'm trying to call an external RMI service from my custom LoginModule. When I try it, I get this:
[INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Calling authenticate()
[ERROR,EiderLdapLoginModule] EiderLdapLoginModule failed for uniqueIdentifier=1126c,dc=People,dc=mojojojoco,dc=net initializing Adaptor:
java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
java.lang.ClassNotFoundException: org.sowsear.hyperdrive.eider.EIDERServerFactoryImpl_Stub (no security manager: RMI class loader disabled)
java.lang.ClassNotFoundException: org.sowsear.hyperdrive.eider.EIDERServerFactoryImpl_Stub (no security manager: RMI class loader disabled)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:318)
at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:132)
at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:143)
at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
at java.rmi.Naming.lookup(Naming.java:84)
at org.sowsear.hyperdrive.eider.jboss.EiderJBossAdaptor.(EiderJBossAdaptor.java:79)
at org.sowsear.hyperdrive.eider.jboss.EiderLdapLoginModule.callEIDER(EiderLdapLoginModule.java:339)
at org.sowsear.hyperdrive.eider.jboss.EiderLdapLoginModule.getRoleSets(EiderLdapLoginModule.java:156)
at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:146)
at org.jboss.security.auth.spi.ProxyLoginModule.commit(ProxyLoginModule.java:96)
at java.lang.reflect.Method.invoke(Native Method)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at javax.security.auth.login.LoginContext.login(LoginContext.java:450)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:394)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:361)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:217)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:253)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)
[INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Authenticated '1126c' with type 'BASIC'
[INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Calling accessControl()
[INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Failed accessControl() test
This happens at the point where my LoginModule's code wants to do a Naming.lookup() on an RMI URL. I can't get an RMI classLoader.
I'm running JBoss 2.4.4, from the December 29 binary releases. I get basically the same result using the Jetty, Catalina, and Tomcat bundles.
Is there a JBoss configuration tweak or JBoss usage pattern which will allow my LoginModule code to invoke an external RMI service?
I'm aware that I *could* implement the service I need as an MBean, thus avoiding the need to invoke via RMI. So I don't need a sermon. I need either "No. Can't be done." or "Yes. Here's how to do it...".
Thanks
