0 Replies Latest reply on Apr 12, 2003 8:24 AM by mcfisto

    SRP authentication

    mcfisto Newbie

      Hi, I have big problem with setting of SRP authentication on Jboss 3.0.6. I set everything (i hope!) as described in http://www.ociweb.com/jnb/jnbJul2002.html (exept their DatabaseRoleLoginModule - I use org.jboss.security.auth.spi.DatabaseServerLoginModule). But - if client trying to log on for the first time - everything is OK, but for the second time (the same user) Jboss tells this:

      ------begin log ------
      2003-04-12 14:06:17,382 ERROR [org.jboss.security.srp.SRPService] Failed to update SRP cache for user={username=t, sessionID=0}
      java.lang.ClassCastException
      at org.jboss.security.srp.SRPSessionKey.equals(SRPSessionKey.java:34)
      at java.util.HashMap.eq(HashMap.java:270)
      at java.util.HashMap.get(HashMap.java:319)
      at java.util.Collections$SynchronizedMap.get(Collections.java:1938)
      at org.jboss.util.TimedCachePolicy.peek(TimedCachePolicy.java:181)
      at org.jboss.security.srp.SRPService.verifiedUser(SRPService.java:227)
      at org.jboss.security.srp.SRPRemoteServer.verify(SRPRemoteServer.java:273)
      at org.jboss.security.srp.SRPRemoteServer.verify(SRPRemoteServer.java:205)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
      at sun.rmi.transport.Transport$1.run(Transport.java:148)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
      at java.lang.Thread.run(Thread.java:536)
      2003-04-12 14:06:17,973 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=t
      2003-04-12 14:06:17,973 ERROR [org.jboss.ejb.plugins.LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=t
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
      at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
      at org.jboss.ejb.Container.invoke(Container.java:730)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
      at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
      at sun.rmi.transport.Transport$1.run(Transport.java:148)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
      at java.lang.Thread.run(Thread.java:536)
      ---- end log ----


      My settings are:

      *** client ***
      jaas.conf:
      ----------

      fenix {
      org.jboss.security.srp.jaas.SRPLoginModule required
      srpServerJndiName="srp/SRPServerInterface"
      principalClassName="org.jboss.security.srp.jaas.SRPPrincipal"
      ;

      org.jboss.security.ClientLoginModule required
      password-stacking="useFirstPass"
      multi-threaded=false
      ;
      };


      *** server *** :
      jaas.conf:
      ----------
      fenix {
      org.jboss.security.srp.jaas.SRPCacheLoginModule requisite
      cacheJndiName="srp/AuthenticationCache"
      ;

      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      password-stacking="useFirstPass"
      dsJndiName="java:/FenixAuthDS"
      ;
      };

      jboss-service.xml:
      -------------------


      jboss.security:service=DefaultLoginConfig



      auth.conf



      srp/FenixVerifierStore
      java:/FenixAuthDS
      SELECT password FROM principals WHERE principalid=?



      srp/FenixVerifierStore
      srp/AuthenticationCache
      srp/SRPServerInterface
      86400
      10



      <!-- JAAS security manager and realm mapping -->



      org.jboss.security.plugins.JaasSecurityManager

      srp/AuthenticationCache


      jboss.xml:
      -----------
      <!-- StatelessSession beans are secure by default -->
      <container-configuration>
      <container-name>Standard Stateless SessionBean</container-name>
      <security-domain>java:/jaas/fenix</security-domain>
      </container-configuration>

      <!--A stateless session config that is not secured -->
      <container-configuration extends="Standard Stateless SessionBean">
      <container-name>Unsecure Stateless SessionBean</container-name>
      <security-domain/>
      </container-configuration>
      </container-configurations>



      Do you have any idea what's wrong???

      Thanks a lot in advance.