7 Replies Latest reply on May 24, 2002 3:35 AM by matt.h

    JBC3.0.0RC3 and JAAS

    matt.h

      I'm running JBoss3.0.0RC3 on NT4. I have a login module defined in login-config.xml.

      When a client attempts to authenticate, the following exception is generated (snippet from jboss log):

      2002-05-22 15:33:54,449 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [3.0.0RC3 Date:200205201554] Started in 0m:47s:563ms
      2002-05-22 15:35:01,668 DEBUG [org.jboss.security.plugins.JaasSecurityManager.ttn] Login failure
      javax.security.auth.login.LoginException: unable to find LoginModule class: ttnserver.security.TTNServerLoginModule

      ...where should TTNServerLoginModule.class be deployed to so that it can be found by JBoss? Currently it is bundled in the same jar as the EJBs (this worked ok in JBoss3.0.0beta).

        • 1. Re: JBC3.0.0RC3 and JAAS
          cumulus

          Matt,

          The exceptions indicates that JAAS was trying to find the TTNServerLoginModule, but could not.

          I would suggest putting your classes in a jar file and placing them in the /jboss-3.0.0RC3/lib directory. JBoss 3.0 uses a new kind of classloader, so you may need to review how you are loading classes.

          I am putting my own LoginModules into the /jboss-3.0.0RC3/lib directory, as a jar file and they are found correctly by JAAS.

          -- Peter

          • 2. Re: JBC3.0.0RC3 and JAAS
            matt.h

            Thanks for the reply Peter.

            I've tried placing TTNServerLoginModule in /lib as you suggest but with no success.

            Also, I've tried reverting to using org/jboss/security/auth/spi/DatabaseServerLoginModule which is present in lib/jbosssx.jar, but again JAAS fails to locate it.

            If not the /lib directory, where is JAAS trying to load the login modules from (and why)?

            • 3. Re: JBC3.0.0RC3 and JAAS
              jwkaltz

              > If not the /lib directory, where is JAAS trying to
              > load the login modules from (and why)?

              I haven't tried JAAS with JBoss 3.0 yet (still using 2.4.4); but what I can tell you is that jaas uses ClassLoader.getSystemClassLoader() to load its classes -> including your login module, therefore.

              Depending on your context, the system class loader need not be the same as the default class loader - this is the case for example in your Tomcat servlet.

              I can't tell you the rationale why JAAS explicitly uses the system class loader, but it does (you can see it when you decompile Sun's jaas.jar).

              Conclusion: wherever you want to load a login module, that login module must be in the system classloader's path.

              • 4. Re: JBC3.0.0RC3 and JAAS
                matt.h

                Thanks for the info.

                As a resolution, I've switched to running JBoss under JDK1.4, which apparently doesn't suffer from the same limitation.

                • 5. Re: JBC3.0.0RC3 and JAAS
                  jwkaltz

                  Interesting ...
                  In Java 1.4, JAAS is integrated
                  (http://java.sun.com/products/jaas/index-14.html)
                  whereas before you had to add the jaas.jar yourself.
                  It looks like Sun has not only integrated JAAS, but also changed the implementation, though I can not find specifics on the changes on the Sun site.

                  At any rate from what you are saying, JBoss 3.0 with Security will only work out of the box under Java >= 1.4 !?

                  • 6. Re: JBC3.0.0RC3 and JAAS
                    cumulus

                    Matt,

                    I have also experienced the situation where JAAS in JBoss 3.0.0 is not able to find my custom LoginModule, nor is it able to find a JBoss LoginModule. I discovered that I had placed a copy of jaas.jar in the lib directory within the JDK, and that the JVM was loading this jaas.jar separate from JBoss. JAAS was then not able to find LoginModules loaded within JBoss. Once I made sure that the only copy of jaas.jar, was the one loaded by JBoss, my problems went away because JAAS and the other LoginModules were loaded by the same JBoss classloader.

                    It is possible that you are experiencing a similar problem. At least the symptoms seem similar. Can you check to see if jaas.jar is loaded by the JVM outside of JBoss?

                    • 7. Re: JBC3.0.0RC3 and JAAS
                      matt.h

                      Cumulus, you're right, removing jaas.jar from the JRE worked.

                      So to summarize:

                      Running JBoss3.0.0RC3 under JDK1.3.x, there must not be a jaas.jar in the JRE.

                      Running JBoss3.0.0RC3 under JDK1.4 there is no issue (and no need to add jaas.jar to the JRE anyway, because it is fully integrated).

                      The only outstanding puzzle is that JBoss3.0.0beta and JDK1.3.x worked quite happily even with jaas.jar present in the JRE.

                      Anyway, thanks both jwkaltz and cumulus for your help.