6 Replies Latest reply on May 7, 2003 4:18 AM by Soni

    NT authentication in JBOSS

    Soni Newbie

      hi all,
      I am using Jboss 3.0.4.
      Is it possible to have NT authentication from Jboss? I have tried some simple samples for JAAS authentication as stand slone programs listed in http://java.sun.com/j2se/1.4.1/docs/guide/security/jgss/tutorials/AcnOnly.html and it worked fine. Now I want to achieve the same authentication thr' JBoss. Is it possible? Please tell me whether it is possible or not. In Jboss, it maintains a flat file to save username and password( where password is also a text without encryoption) and the another flat file to store user role. I want to overcome this. My authentication should contact the NT domain controller where username and password is stored in kerberos database and authenticate against it.

      Please tell me how to achieve this...

      Waiting for reply,
      -Payaswini.

        • 1. Re: NT authentication in JBOSS
          Lewis Henderson Novice

          ...you could always set up LDAP to MAD (MS Active Directory)...

          This is done through the login-config.xml file in your conf directory. There is quite a lot to understand if you don't know LDAP or the way in which Active Directory is structured!

          Here is a starter...

          <application-policy name = "LDAP">

          <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
          <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option>
          <module-option name="java.naming.security.authentication">simple</module-option>

          <module-option name="principalDNPrefix">cn=</module-option>
          <module-option name="principalDNSuffix">,cn=Users,dc=MyDepartment,dc=MyCompany,dc=com</module-option>

          <module-option name="rolesCtxDN">cn=Users,dc=MyDepartment,dc=MyCompany,dc=com</module-option>
          <module-option name="matchOnUserDN">true</module-option><!-- defaults to false -->
          <module-option name="roleAttributeIsDN">false</module-option><!-- defaults to false -->
          <module-option name="uidAttributeID">member</module-option><!-- defaults to 'uid' -->
          <module-option name="roleAttributeID">cn</module-option><!-- defaults to 'roles' -->
          <module-option name="roleNameAttributeID">name</module-option><!-- defaults to name -->
          </login-module>

          </application-policy>

          ...also note that you MUST use SSL if you want to do any updates...

          Lewis

          • 2. Re: NT authentication in JBOSS
            Soni Newbie

            i tried the same.
            and i added the line org.jboss.security.auth.spi.LdapLoginModule required; in auth.conf under client directory and server_auth.conf under source code dir. But it throws the following exception.

            [java] Created LoginContext
            [java] Login failed
            [java] javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.LdapLoginModule
            [java] at javax.security.auth.login.LoginContext.invoke(LoginContext.java:700)
            [java] at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
            [java] at javax.security.auth.login.LoginContext$4.run(LoginContext.java:599)
            [java] at java.security.AccessController.doPrivileged(Native Method)
            [java] at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:596)
            [java] at javax.security.auth.login.LoginContext.login(LoginContext.java:523)
            [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:71)

            how to procede?
            plz help..
            -Soni

            • 3. Re: NT authentication in JBOSS
              Juha Lindfors Master

              Do NOT add it on the client side auth.conf.

              • 4. Re: NT authentication in JBOSS
                Soni Newbie

                Its not working...
                It doesn't throw any exception for login() but while authorizing it throws following exception.I have given correct username and password.
                (My doubt is where do we specify the domain controller and realm values? Does JBoss recognizes it automatically?)

                At Client side exception:
                [java] java.rmi.ServerException: RemoteException occurred in server thread;
                nested exception is:
                [java] java.rmi.ServerException: EJBException:; nested exception is:
                [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                [java] Authentication exception, principal=Payaswini
                [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
                [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                [java] at java.security.AccessController.doPrivileged(Native Method)
                [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                [java] at java.lang.Thread.run(Thread.java:536)
                [java] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
                [java] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
                [java] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
                [java] at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
                [java] at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:138)
                [java] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:108)
                [java] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
                [java] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
                [java] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
                [java] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
                [java] at $Proxy0.create(Unknown Source)
                [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:90)
                [java] Caused by: java.rmi.ServerException: EJBException:; nested exception is:
                [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                [java] Authentication exception, principal=Payaswini
                [java] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:357)
                [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133)
                [java] at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                [java] at org.jboss.ejb.Container.invoke(Container.java:730)
                [java] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                [java] at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                [java] at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                [java] at java.lang.reflect.Method.invoke(Method.java:324)
                [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                [java] at java.security.AccessController.doPrivileged(Native Method)
                [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                [java] at java.lang.Thread.run(Thread.java:536)
                [java] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                [java] Authentication exception, principal=Payaswini
                [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
                [java] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                [java] ... 14 more


                At Server Side:
                14:39:26,176 ERROR [SecurityInterceptor] Authentication exception, principal=Payaswini
                14:39:26,176 ERROR [LogInterceptor] EJBException, causedBy:
                java.lang.SecurityException: Authentication exception, principal=Payaswini
                at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
                at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                at org.jboss.ejb.Container.invoke(Container.java:730)
                at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                at java.lang.reflect.Method.invoke(Method.java:324)
                at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                at sun.rmi.transport.Transport$1.run(Transport.java:148)
                at java.security.AccessController.doPrivileged(Native Method)
                at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                at java.lang.Thread.run(Thread.java:536)


                • 5. Re: NT authentication in JBOSS
                  Soni Newbie

                  its not working....
                  I have specified the correct username and password. But still it throws following exceptions at Client and server side....
                  ( One more doubt, where do we mention the domain controller name and realm value? does jboss recognizes this automatically? )

                  At client side:
                  [java] java.rmi.ServerException: RemoteException occurred in server thread;
                  nested exception is:
                  [java] java.rmi.ServerException: EJBException:; nested exception is:
                  [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                  [java] Authentication exception, principal=Payaswini
                  [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
                  [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                  [java] at java.security.AccessController.doPrivileged(Native Method)
                  [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                  [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                  [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                  [java] at java.lang.Thread.run(Thread.java:536)
                  [java] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
                  [java] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
                  [java] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
                  [java] at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
                  [java] at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:138)
                  [java] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:108)
                  [java] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
                  [java] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
                  [java] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
                  [java] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
                  [java] at $Proxy0.create(Unknown Source)
                  [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:90)
                  [java] Caused by: java.rmi.ServerException: EJBException:; nested exception is:
                  [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                  [java] Authentication exception, principal=Payaswini
                  [java] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:357)
                  [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133)
                  [java] at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                  [java] at org.jboss.ejb.Container.invoke(Container.java:730)
                  [java] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                  [java] at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                  [java] at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                  [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  [java] at java.lang.reflect.Method.invoke(Method.java:324)
                  [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                  [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                  [java] at java.security.AccessController.doPrivileged(Native Method)
                  [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                  [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                  [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                  [java] at java.lang.Thread.run(Thread.java:536)
                  [java] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                  [java] Authentication exception, principal=Payaswini
                  [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
                  [java] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                  [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                  [java] ... 14 more


                  and
                  at server side:
                  15:26:31,019 ERROR [SecurityInterceptor] Authentication exception, principal=Payaswini
                  15:26:31,109 ERROR [LogInterceptor] EJBException, causedBy:
                  java.lang.SecurityException: Authentication exception, principal=Payaswini
                  at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
                  at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                  at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                  at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                  at org.jboss.ejb.Container.invoke(Container.java:730)
                  at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                  at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                  at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                  at java.lang.reflect.Method.invoke(Method.java:324)
                  at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                  at sun.rmi.transport.Transport$1.run(Transport.java:148)
                  at java.security.AccessController.doPrivileged(Native Method)
                  at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                  at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                  at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                  at java.lang.Thread.run(Thread.java:536)

                  plssss help...

                  • 6. Re: NT authentication in JBOSS
                    Soni Newbie

                    its not working....
                    I have specified the correct username and password. But still it throws following exceptions at Client and server side....
                    ( One more doubt, where do we mention the domain controller name and realm value? does jboss recognizes this automatically? )

                    At client side:
                    [java] java.rmi.ServerException: RemoteException occurred in server thread;
                    nested exception is:
                    [java] java.rmi.ServerException: EJBException:; nested exception is:
                    [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                    [java] Authentication exception, principal=Payaswini
                    [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
                    [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                    [java] at java.security.AccessController.doPrivileged(Native Method)
                    [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                    [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                    [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                    [java] at java.lang.Thread.run(Thread.java:536)
                    [java] at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
                    [java] at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
                    [java] at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
                    [java] at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
                    [java] at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:138)
                    [java] at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:108)
                    [java] at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
                    [java] at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
                    [java] at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
                    [java] at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
                    [java] at $Proxy0.create(Unknown Source)
                    [java] at org.jboss.docs.jaas.howto.SessionClient.main(SessionClient.java:90)
                    [java] Caused by: java.rmi.ServerException: EJBException:; nested exception is:
                    [java] javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                    [java] Authentication exception, principal=Payaswini
                    [java] at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:357)
                    [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:133)
                    [java] at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                    [java] at org.jboss.ejb.Container.invoke(Container.java:730)
                    [java] at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                    [java] at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                    [java] at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                    [java] at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    [java] at java.lang.reflect.Method.invoke(Method.java:324)
                    [java] at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                    [java] at sun.rmi.transport.Transport$1.run(Transport.java:148)
                    [java] at java.security.AccessController.doPrivileged(Native Method)
                    [java] at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                    [java] at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                    [java] at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                    [java] at java.lang.Thread.run(Thread.java:536)
                    [java] Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
                    [java] Authentication exception, principal=Payaswini
                    [java] at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
                    [java] at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                    [java] at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                    [java] ... 14 more


                    and
                    at server side:
                    15:26:31,019 ERROR [SecurityInterceptor] Authentication exception, principal=Payaswini
                    15:26:31,109 ERROR [LogInterceptor] EJBException, causedBy:
                    java.lang.SecurityException: Authentication exception, principal=Payaswini
                    at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
                    at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
                    at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
                    at org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
                    at org.jboss.ejb.Container.invoke(Container.java:730)
                    at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
                    at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:382)
                    at sun.reflect.GeneratedMethodAccessor37.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:324)
                    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
                    at sun.rmi.transport.Transport$1.run(Transport.java:148)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
                    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
                    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
                    at java.lang.Thread.run(Thread.java:536)

                    plssss help...