11 Replies Latest reply on May 9, 2003 10:33 AM by egarup

    JBoss not seeing my custom login module

    stevecoh1 Newbie

      I have created a custom login module for a web application. I have enabled it with the proper entries in login-config.xml and jboss-web.xml. My web.xml has the needed elements to enable authentication, and this is working. Yet, I can see by my logs that when it comes time to log me in, MY login module is not being called but another is.

      Here are relevant logging entries that I do see:

      2003-04-08 11:18:01,335 DEBUG [org.jboss.jetty.JettyService] Linking security/securityMgr to JNDI name: java:/jaas/access-panel

      This indicates that the security manager is recognizing the login policy I have specified for it.

      Then a little later, after a login attempt:

      2003-04-08 11:18:24,034 DEBUG [org.jboss.jetty.security.JBossUserRealm#null] JBossUserPrincipal: null

      My login module is full of logging statements that should appear telling me that my module is active, yet I don't see any such entries.

      What else do I have to do to get this configured?
      Is there a simple document that list all the steps?
      I have "JBoss Administration and Development" and have read it several times but I don't see what I must be missing.


        • 1. Re: JBoss not seeing my custom login module
          stevecoh1 Newbie

          OK, not getting anywhere here. I now did the following:
          changed: changed the access-panel login config to be based on one of the canned login modules:

          org.jboss.security.auth.spi.IdentityLoginModule

          Same results.
          Help! I'm dying here.

          • 2. Re: JBoss not seeing my custom login module
            Peter Doornbosch Apprentice

            Post (attach) your web.xml, jboss-web.xml and login-config.xml and then this blind man will see if he can help you....

            Peter

            • 3. Re: JBoss not seeing my custom login module
              stevecoh1 Newbie

              Thank you very much, Peter. I hope you can help me. This has been very frustrating. If I had a sample project setting up any authentication for a simple web-app I could solve this, but you don't seem to have one. The documentation is organized in a very complicated way that threads back and forth between ejb and web-app and is not pleasant to follow, in contrast, I must say, with the rest of jboss - which has been, up to now, a real pleasure to use.

              Here are the three files you requested to look at. Thank you very much.

              • 4. Re: JBoss not seeing my custom login module
                stevecoh1 Newbie

                Thank you very much, Peter. I hope you can help me. This has been very frustrating. If I had a sample project setting up any authentication for a simple web-app I could solve this, but you don't seem to have one. The documentation is organized in a very complicated way that threads back and forth between ejb and web-app and is not pleasant to follow, in contrast, I must say, with the rest of jboss - which has been, up to now, a real pleasure to use.

                Here are the three files you requested to look at. Thank you very much.

                • 5. Re: JBoss not seeing my custom login module
                  stevecoh1 Newbie

                  Test.
                  Hmm, I just sent my answer but it doesn't seem to have been posted.

                  • 6. Re: JBoss not seeing my custom login module
                    stevecoh1 Newbie

                    > Post (attach) your web.xml, jboss-web.xml and
                    > login-config.xml and then this blind man will see if
                    > he can help you....
                    >
                    > Peter
                    >

                    Thank you very much, Peter.
                    This has been very frustrating for me. I have the feeling that I am overlooking something really simple but cannot figure out what it is. The documentation could certainly be better organized. Instead of threading back and forth between ejb and web-app settings, each could be handled as a separate case with the common theoretical parts preceding them. I think if there was just a simple end-to-end sample of a simple web-app with authentication, I would not be having this problem.

                    I should also emphasize that until this point my experiences with jboss have been uniformly pleasant, so I was quite disappointed with this.

                    OK, I am now attaching the files. you asked for. I hope you can help.

                    • 7. Re: JBoss not seeing my custom login module
                      stevecoh1 Newbie

                      Test. I see. Simply "reply" doesn't post to the topic but "reply to topic" does?

                      • 9. Re: JBoss not seeing my custom login module
                        stevecoh1 Newbie

                        test reply. Several of my other replies are not being posted.

                        • 10. Re: JBoss not seeing my custom login module
                          egarup Newbie

                          Did anyone solve this issue. I have a similar problem and initially the class could not be found but I placed my login module in a jar in the lib folder. Now I get the message failed to create LoginModule(my.class.name) using jboss 3.2.0

                          • 11. Re: JBoss not seeing my custom login module
                            egarup Newbie

                            I have found that the option that works best is to use a proxy login module in the login-config.xml

                            <application-policy name = "policy_name">

                            <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
                            flag = "required">
                            <module-option name = "moduleName">my.class</module-option>
                            </login-module>

                            The policy name must match the entry in your jboss application config file jboss-web.xml.

                            <jboss-web>
                            <!-- All secured web content uses this security manager - must match the value in login-config in jboss -->
                            <security-domain>java:/jaas/policy_name</security-domain>
                            </jboss-web>.

                            Your custom login module also needs to do a couple of things when the user logs in:

                            1 - create a java.security.acl.Group with a group name of "CallerPrincipal". This group must have a single Principal member, which will be the Principal returned by any calls to request.getUserPrincipal().
                            2 - create a java.security.acl.Group with the group name "Roles" and add all roles to which the user belongs.
                            add these two group to the subjet's principal list.