3 Replies Latest reply on Feb 15, 2003 5:55 AM by juhalindfors

    Thoroughly confused with login modules/client authentication

    vman

      Hello gang,

      I've made substantial progress with deploying my app on JBoss, but have hit a bit of a snag.
      My application runs on Jboss 3.2beta. I have configured a database server login module as explained in the documentation on page 64/65.
      The strange thing is that everything works as expected, but mysteriously 'behind the scenes', and I can't trace how...
      Here's the setup:

      login-config.xml excerpt:

      <application-policy name = "STSRealm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:DefaultDS</module-option>
      <module-option name = "principalsQuery">select passwd from users username where username = ?</module-option>
      <module-option name = "rolesQuery">select userroles, 'Roles' from userroles where username = ?</module-option>
      </login-module>

      </application-policy>

      Also, on server startup, I get this confirmation:

      15:14:45,197 INFO [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@c38157
      15:14:45,200 INFO [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@609c13
      15:14:45,201 INFO [JaasSecurityManagerService] Added STSRealm, org.jboss.security.plugins.SecurityDomainContext@a6b16f to map

      The code for my main class:

      public static void main(String[] args)
      {
      System.out.println("Client Started");
      try
      {
      System.out.println("Establishing login...");
      String username = "volkmar";
      String password = "volkmar";
      AppCallbackHandler handler = new AppCallbackHandler(username,password.toCharArray());
      LoginContext lc = new LoginContext("client-login", handler);
      System.out.println("Created login context...");
      lc.login();
      System.out.println("Looking up session bean...");
      Context initial = new InitialContext();
      Object objref = initial.lookup("ControllerSession");
      ControllerSessionHome home = (ControllerSessionHome)PortableRemoteObject.narrow(objref, ControllerSessionHome.class);
      Beans.ControllerSession myControllerSessionBeanObj = home.create();
      //System.out.println("Current user: " + myControllerSessionBeanObj.getUser());
      ListUI myListUI = new ListUI(myControllerSessionBeanObj);
      myListUI.setVisible(true);
      }

      Ok, so far, so good. I can use this setup and login on the same machine (currently using Linux) that JBoss runs on, and everything works fine: the access rights are assigned according to which roles a user has, etc.
      The database login module is also used, because I've made sure that roles are assigned through the database; if I take certain roles away from the user in the database userroles table, then, as expected, those rights don't exist in the Java app client any more.

      Here are the strange things: when I change the "client-login" argument in the LoginContext to "STSRealm", I get a error to the effect of "no existing login configuration for STSRealm". Furthermore, I can't start the client on a separate machine: I get this:
      java.lang.SecurityException: Unable to locate a login configuration
      at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:97)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
      at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
      at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
      at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
      at java.lang.Class.newInstance0(Class.java:306)
      at java.lang.Class.newInstance(Class.java:259)
      at javax.security.auth.login.Configuration$3.run(Configuration.java:221)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
      at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
      at javax.security.auth.login.LoginContext.(LoginContext.java:404)
      at MainClient.main(MainClient.java:61)
      Caused by: java.io.IOException: Unable to locate a login configuration
      at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
      at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:95)
      ... 14 more

      despite the fact that all I've done is copy to the separate machine all the files that I was using on the JBoss machine. I copied all the depedency jar files, the jndi.properties file, and I've even put auth.conf in the root of the client jar file. All this hasn't helped.

      So, to reiterate: there are two things that don't work:
      1.) I cant log in from a remote machine; at all ! (Despite having all the jar files, jndi.properties, and auth.conf)
      2.) When starting the client on the same machine as JBoss, I HAVE to use "client-login", if I use "STSRealm" I get an error message saying that no login module is configured.

      Can someone point me in the right direction with these problems please...

      Thanks in advance !!

      Volkmar

        • 1. Re: Thoroughly confused with login modules/client authentica
          aweissman

          OK I'm not the pro on this, but there are two things to check:

          1) Make sure that your auth.conf defines STSRealm.
          2) Try putting your auth.conf somewhere on your client's filesystem and running the client with

          -Djava.security.auth.login.config=C:/auth.conf

          or whatever the path to your auth.conf is.

          Worked for me!

          • 2. Re: Thoroughly confused, some progress
            vman

            Hello aweissman,

            Thanks for your tips. I have made some progress: I can now at least 'contect' the AppServer from the remote machine, but I now get this (very strange):
            javax.naming.CommunicationException. Root exception is java.io.InvalidClassException: org.jboss.proxy.ejb.GenericEJBInterceptor; local class incompatible: stream classdesc serialVersionUID = 3844706474734439975, local class serialVersionUID = 4582256576523491346
            at java.io.ObjectStreamClass.initNonProxy(ObjectStreamClass.java:459)
            at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1521)
            at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1435)
            at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1521)
            at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1435)
            at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1626)
            at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1274)
            at java.io.ObjectInputStream.readObject(ObjectInputStream.java:324)
            at org.jboss.proxy.ClientContainer.readExternal(ClientContainer.java:104)
            at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1686)
            at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1644)
            at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1274)
            at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1845)
            at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1769)
            at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1646)
            at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1274)
            at java.io.ObjectInputStream.readObject(ObjectInputStream.java:324)
            at java.rmi.MarshalledObject.get(MarshalledObject.java:135)
            at org.jnp.interfaces.MarshalledValuePair.get(MarshalledValuePair.java:30)
            at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:483)
            at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:443)
            at javax.naming.InitialContext.lookup(InitialContext.java:347)
            at MainClient.main(MainClient.java:66)

            I'm off to search the JBoss Forums for this weirdo.
            Hopefully I'll find something.

            Thanks for the help.

            Regards,

            Volkmar

            • 3. Re: Thoroughly confused, some progress

              make sure the version of the libs on your client match the libs on the server you want to connect to