2 Replies Latest reply on Feb 7, 2002 9:47 AM by larry bartz

    can LoginModule call external RMI?

    larry bartz Newbie


      I'm trying to call an external RMI service from my custom LoginModule. When I try it, I get this:

      [INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Calling authenticate()
      [ERROR,EiderLdapLoginModule] EiderLdapLoginModule failed for uniqueIdentifier=1126c,dc=People,dc=mojojojoco,dc=net initializing Adaptor:
      java.rmi.UnmarshalException: error unmarshalling return; nested exception is:
      java.lang.ClassNotFoundException: org.sowsear.hyperdrive.eider.EIDERServerFactoryImpl_Stub (no security manager: RMI class loader disabled)
      java.lang.ClassNotFoundException: org.sowsear.hyperdrive.eider.EIDERServerFactoryImpl_Stub (no security manager: RMI class loader disabled)
      at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:318)
      at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:132)
      at sun.rmi.server.MarshalInputStream.resolveClass(MarshalInputStream.java:143)
      at java.io.ObjectInputStream.inputClassDescriptor(ObjectInputStream.java:918)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:366)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
      at java.io.ObjectInputStream.inputObject(ObjectInputStream.java:1186)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:386)
      at java.io.ObjectInputStream.readObject(ObjectInputStream.java:236)
      at sun.rmi.registry.RegistryImpl_Stub.lookup(Unknown Source)
      at java.rmi.Naming.lookup(Naming.java:84)
      at org.sowsear.hyperdrive.eider.jboss.EiderJBossAdaptor.(EiderJBossAdaptor.java:79)
      at org.sowsear.hyperdrive.eider.jboss.EiderLdapLoginModule.callEIDER(EiderLdapLoginModule.java:339)
      at org.sowsear.hyperdrive.eider.jboss.EiderLdapLoginModule.getRoleSets(EiderLdapLoginModule.java:156)
      at org.jboss.security.auth.spi.AbstractServerLoginModule.commit(AbstractServerLoginModule.java:146)
      at org.jboss.security.auth.spi.ProxyLoginModule.commit(ProxyLoginModule.java:96)
      at java.lang.reflect.Method.invoke(Native Method)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
      at javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:450)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:394)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:361)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:217)
      at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:253)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
      at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
      at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943) at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
      at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
      at java.lang.Thread.run(Thread.java:484)
      [INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Authenticated '1126c' with type 'BASIC'
      [INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Calling accessControl()
      [INFO,EmbeddedCatalinaServiceSX] Authenticator[]: Failed accessControl() test


      This happens at the point where my LoginModule's code wants to do a Naming.lookup() on an RMI URL. I can't get an RMI classLoader.

      I'm running JBoss 2.4.4, from the December 29 binary releases. I get basically the same result using the Jetty, Catalina, and Tomcat bundles.

      Is there a JBoss configuration tweak or JBoss usage pattern which will allow my LoginModule code to invoke an external RMI service?

      I'm aware that I *could* implement the service I need as an MBean, thus avoiding the need to invoke via RMI. So I don't need a sermon. I need either "No. Can't be done." or "Yes. Here's how to do it...".

      Thanks


        • 1. Re: can LoginModule call external RMI?
          Luke Taylor Novice

          Hi,

          The exception says it all I think. You can't use RMI dynamic classloading without a security manager running. So, presumably you can either run with one or make the stubs available to your client directly. Or have you tried that already?

          Luke.

          • 2. Re: can LoginModule call external RMI?
            larry bartz Newbie

            Thanks, Luke! Your advice got me back on track.

            I've included my RMI service's *Stub.class and the class file for the interface it calls out in my LoginModule's jar. As you said, this avoids dynamic RMI dynamic class loading. It works great.

            I had previously tried three different approaches for invoking a security manager:

            - specifying in jboss.properties
            - specifying in the java command line in run.sh
            - explicitly nominating in my own code

            None of these had the desired effect. I don't know why. I'm still curious about it, because RMI dynamic class loading is the natural way to use RMI. I expect I'll try again later.

            As for right now, I'm moving ahead based on your good advice.

            Thanks again,

            Larry