1 Reply Latest reply on Mar 4, 2003 5:27 PM by Peter Doornbosch

    Same problem, principal=null, as everyone else?

    Geoffrey Dagley Newbie

      I seem to be having the same problem propagating the login information from the servlet container to the EJB container. I am using the jboss-3.0.5_tomcat-4.1.18 implementation.

      The problem is that I see the LoginContext.login() appear to successfully log in only to have the call to the EJB fail because of the "Authentication exception, principal=null" that others have mentioned here. I have not found how to get around this.

      Am I missing some fundamental point here? (Most likely or I wouldn't be here, right?)

      Here are some of the code snippets I am working with.

      Thanks

      -------login-config.xml---------------


      <!-- Used by Argo to do the database lookup for username password,
      and retrieve the roles/authorizations.
      -->
      <application-policy name = "argo-login">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name="dsJndiName">java:SecurityDS</module-option>
      <module-option name="principalsQuery">select password from app_user where login_name = ?</module-option>
      <module-option name="rolesQuery">select authorization_name, 'Roles' from v_user_authorization where login_name = ?</module-option>
      </login-module>

      </application-policy>
      ...



      -------jboss.xml---------------

      <security-domain>java:/jaas/argo-login</security-domain>
      <unauthenticated-principal>nobody</unauthenticated-principal>
      <enterprise-beans>

      <ejb-name>SecurityEJB</ejb-name>
      <jndi-name>parago/ejb/Security</jndi-name>

      ...
      </enterprise-beans>



      -------ArgoControl.java---------------
      handler = new AppCallbackHandler(credentials.getUserName(), credentials.getPassword());
      lc = new LoginContext("argo-login", handler);
      lc.login();
      subject = lc.getSubject();
      LOGGER.debug("Login successful.");

      SecurityHome home = (SecurityHome)EJBUtil.getRemoteHome(UserManagementConstants.JNDI_SECURITY, SecurityHome.class);
      Security remote = home.create(); // Problem occurs here
      loginUserVO = remote.findUserByLoginName(loginName);


      -------server.log---------------
      2003-03-03 15:27:47,530 DEBUG [com.parago.common.web.servlet.ArgoControl] (HttpProcessor[8081][2]:) Login successful.
      2003-03-03 15:27:47,608 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] (HttpProcessor[8081][2]:SecurityEJB) Authentication exception, principal=null
      2003-03-03 15:27:47,608 ERROR [org.jboss.ejb.plugins.LogInterceptor] (HttpProcessor[8081][2]:SecurityEJB) EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=null
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
      at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
      at org.jboss.ejb.Container.invoke(Container.java:730)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:98)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:102)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
      at $Proxy1034.create(Unknown Source)

        • 1. Re: Same problem, principal=null, as everyone else?
          Peter Doornbosch Apprentice

          You are not using standard web security (with secured pages specified in the web.xml, etc.), are you?
          From your post, it is not clear whether the JAAS login and the bean call are made during one http request.
          If so, probably the DatabaseServerLoginModule is not setting security context for ejb calls (i would have to check this in the code, but don't have it handy yet), so you would have to combine it with the ClientLoginModule.
          If not, you're definitely missing a fundamental point (no offense ;-) because security context is saved in thread local storage and different requests are probably scheduled on different threads. In this case, http://www.luminis.nl/publications/websecurity.html might provide some help...

          Hth
          Peter