Thoroughly confused with login modules/client authentication
vman Feb 14, 2003 9:57 AMHello gang,
I've made substantial progress with deploying my app on JBoss, but have hit a bit of a snag.
My application runs on Jboss 3.2beta. I have configured a database server login module as explained in the documentation on page 64/65.
The strange thing is that everything works as expected, but mysteriously 'behind the scenes', and I can't trace how...
Here's the setup:
login-config.xml excerpt:
<application-policy name = "STSRealm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
<module-option name = "dsJndiName">java:DefaultDS</module-option>
<module-option name = "principalsQuery">select passwd from users username where username = ?</module-option>
<module-option name = "rolesQuery">select userroles, 'Roles' from userroles where username = ?</module-option>
</login-module>
</application-policy>
Also, on server startup, I get this confirmation:
15:14:45,197 INFO [JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@c38157
15:14:45,200 INFO [JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@609c13
15:14:45,201 INFO [JaasSecurityManagerService] Added STSRealm, org.jboss.security.plugins.SecurityDomainContext@a6b16f to map
The code for my main class:
public static void main(String[] args)
{
System.out.println("Client Started");
try
{
System.out.println("Establishing login...");
String username = "volkmar";
String password = "volkmar";
AppCallbackHandler handler = new AppCallbackHandler(username,password.toCharArray());
LoginContext lc = new LoginContext("client-login", handler);
System.out.println("Created login context...");
lc.login();
System.out.println("Looking up session bean...");
Context initial = new InitialContext();
Object objref = initial.lookup("ControllerSession");
ControllerSessionHome home = (ControllerSessionHome)PortableRemoteObject.narrow(objref, ControllerSessionHome.class);
Beans.ControllerSession myControllerSessionBeanObj = home.create();
//System.out.println("Current user: " + myControllerSessionBeanObj.getUser());
ListUI myListUI = new ListUI(myControllerSessionBeanObj);
myListUI.setVisible(true);
}
Ok, so far, so good. I can use this setup and login on the same machine (currently using Linux) that JBoss runs on, and everything works fine: the access rights are assigned according to which roles a user has, etc.
The database login module is also used, because I've made sure that roles are assigned through the database; if I take certain roles away from the user in the database userroles table, then, as expected, those rights don't exist in the Java app client any more.
Here are the strange things: when I change the "client-login" argument in the LoginContext to "STSRealm", I get a error to the effect of "no existing login configuration for STSRealm". Furthermore, I can't start the client on a separate machine: I get this:
java.lang.SecurityException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:97)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
at java.lang.Class.newInstance0(Class.java:306)
at java.lang.Class.newInstance(Class.java:259)
at javax.security.auth.login.Configuration$3.run(Configuration.java:221)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
at javax.security.auth.login.LoginContext.(LoginContext.java:404)
at MainClient.main(MainClient.java:61)
Caused by: java.io.IOException: Unable to locate a login configuration
at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:95)
... 14 more
despite the fact that all I've done is copy to the separate machine all the files that I was using on the JBoss machine. I copied all the depedency jar files, the jndi.properties file, and I've even put auth.conf in the root of the client jar file. All this hasn't helped.
So, to reiterate: there are two things that don't work:
1.) I cant log in from a remote machine; at all ! (Despite having all the jar files, jndi.properties, and auth.conf)
2.) When starting the client on the same machine as JBoss, I HAVE to use "client-login", if I use "STSRealm" I get an error message saying that no login module is configured.
Can someone point me in the right direction with these problems please...
Thanks in advance !!
Volkmar