1 Reply Latest reply on May 7, 2003 2:51 PM by Peter Doornbosch

    Authentication exception, principal=null

    salma Newbie



      Hi,

      I have secured a ejb with jaas, using DatabaseServerLoginModule . When I login using a java client application , everything works fine, I can access the secured methods of the session bean.
      However, when I login from a servlet application I get the following security exception when trying to call the method "login" of the session bean:
      EJBException:; nested exception is: javax.ejb.EJBException: checkSecurityAssociation; CausedByException is: Authentication exception, principal=null

      The error appears not regulary, so I can't reproduce it.

      I am using the jboss server (version 3.0.4) and the Framework struts (and JSP) to generate dynamic content for the web-Client.

      I hope anybody can help me.


      ****************************************************************************************
      ****************************************************************************************
      Zy3k4wCT


      Delegate Class

      public class LoginDelegate
      {

      Properties pro;
      LoginContext logCtx;
      ServiceLocator locator = null;
      private String authConfig = "auth.conf";

      public LoginDelegate(String IP, String PORT)
      {
      pro = new Properties();
      pro.put("java.naming.factory.initial", "org.jnp.interfaces.NamingContextFactory");
      pro.put("java.naming.provider.url", "jnp://" + IP + ":" + PORT + "/");
      pro.put("java.naming.factory.url.pkgs", "org.jboss.naming:org.jnp.interfaces");

      URL path = getClass().getClassLoader().getResource(authConfig);
      String pfad = "E:\\jboss-3.0.4_tomcat-4.1.12\\server\\default\\conf\\auth.conf";
      System.setProperty(key, pfad);
      }

      public boolean login(String name, String pass)
      {
      Login login = null;
      try
      {
      if (name == null || name.length() == 0 || pass == null || pass.length() == 0)
      return false;

      logCtx = new LoginContext("ZELogin", new NamePasswortHandler(name, pass.toCharArray()));

      logCtx.login();

      this.locator = ServiceLocator.getInstance(pro);
      login = ((LoginHome) this.locator.getEJBHome(ServiceLocator.Login_JNDINAME)).create();

      return true;

      }
      catch (Exception e)
      {
      }
      }

      }

      ****************************************************************************************
      Servlet

      public class Patient extends HttpServlet implements SingleThreadModel
      {

      private String name = null;
      private String pass = null;
      private LoginDelegate logDeg = null;

      /** Looks up the InterestHome interface and saves it for use in
      doGet().
      */
      public void init() throws ServletException
      {
      try
      {
      logDeg = new LoginDelegate("localhost", "1099");

      }
      catch (Exception e)
      {
      e.printStackTrace();
      }
      }

      /**
      */
      public void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
      {

      response.setContentType("text/html");
      PrintWriter out = response.getWriter();
      out.println("");
      try
      {
      name = request.getParameter("name");
      pass = request.getParameter("pass");

      if (logDeg.login(_name, _pass))
      out.println("erfolgreich ");

      else
      out.println("fehlgeschlagen");



      }
      catch (Exception e)
      {
      out.println(e.toString());
      }
      finally
      {
      out.println("");
      out.close();
      }
      }

      }

      ****************************************************************************************
      auth.conf
      ($jboss_home/server/default/conf/auth.conf)


      // This file is now obsolete but is read for backward compatability
      // Use the login-config.xml file instead
      // $Id: auth.conf,v 1.12 2002/04/14 18:59:49 starksm Exp $

      simple {
      // Very simple login module:
      // any user name is accepted.
      // password should either coincide with user name or be null,
      // all users have role "guest",
      // users with non-null password also have role "user"
      org.jboss.security.auth.spi.SimpleServerLoginModule required;
      };

      ZELogin{
      org.jboss.security.ClientLoginModule required
      ;
      };

      ****************************************************************************************

      login-config.xml
      ($jboss_home/server/default/conf/login-config.xml)


      <application-policy name = "ZELogin">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/InformixDS</module-option>
      <module-option name="principalsQuery">SELECT Passwort FROM Benutzer WHERE BenutzerID=?</module-option>
      <module-option name="rolesQuery">SELECT rechteID,'Roles' FROM Benutzerrechte WHERE BenutzerID=?</module-option>
      </login-module>

      </application-policy>


      ****************************************************************************************

      ejb-jar.xml

      <?xml version="1.0"?>

      <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">


      <ejb-jar>
      <enterprise-beans>



      <ejb-name>NotizEJB</ejb-name>
      <local-home>de.NotizLocalHome</local-home>
      de.NotizLocal
      <ejb-class>de.NotizBean</ejb-class>
      <persistence-type>Container</persistence-type>
      <prim-key-class>java.lang.Long</prim-key-class>
      True
      <cmp-version>2.x</cmp-version>
      <abstract-schema-name>Notiz</abstract-schema-name>
      <cmp-field><field-name>ID</field-name></cmp-field>
      <cmp-field><field-name>name</field-name></cmp-field>
      <cmp-field><field-name>gruppe</field-name></cmp-field>
      <primkey-field>ID</primkey-field>

      <query-method>
      <method-name>findByName</method-name>
      <method-params>
      <method-param>java.lang.String</method-param>
      </method-params>
      </query-method>
      <ejb-ql>select object(i) from Notiz i where i.name =?1</ejb-ql>


      <query-method>
      <method-name>findByGruppe</method-name>
      <method-params>
      <method-param>java.lang.Long</method-param>
      </method-params>
      </query-method>
      <ejb-ql>select object(i) from Notiz i where i.gruppe =?1</ejb-ql>




      <ejb-name>LoginEJB</ejb-name>
      de.LoginHome
      de..Login
      <ejb-class>de.LoginBean</ejb-class>
      <session-type>Stateless</session-type>
      <transaction-type>Container</transaction-type>



      <assembly-descriptor>


      <container-transaction>

      <ejb-name>NotizEJB</ejb-name>
      <method-name>*</method-name>

      <trans-attribute>Required</trans-attribute>
      </container-transaction>


      <container-transaction>

      <ejb-name>LoginEJB</ejb-name>
      <method-name>*</method-name>

      <trans-attribute>Required</trans-attribute>
      </container-transaction>

      <!-- *** SECURITY-ROLES *** -->

      <security-role>
      <role-name>verwaltung</role-name>
      </security-role>

      <method-permission>
      <role-name>verwaltung</role-name>

      <ejb-name>NotizEJB</ejb-name>
      <method-name>*</method-name>

      </method-permission>
      <method-permission>


      <ejb-name>LoginEJB</ejb-name>
      <method-name>*</method-name>

      </method-permission>


      </assembly-descriptor>

      </ejb-jar>

      ****************************************************************************************

      jboss.xml

      <?xml version="1.0" encoding="UTF-8"?>




      <security-domain>java:/jaas/ZELogin</security-domain>


      <enterprise-beans>


      <ejb-name>NotizEJB</ejb-name>
      <local-jndi-name>notiz/Notiz</local-jndi-name>



      <ejb-name>LoginEJB</ejb-name>
      <jndi-name>login/Login</jndi-name>


      </enterprise-beans>




      ****************************************************************************************

      jboss-web.xml

      <?xml version="1.0"?>

      <jboss-web>
      <security-domain>java:/jaas/ZELogin</security-domain>
      </jboss-web>

      ****************************************************************************************

      web.xml


      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN" "http://java.sun.com/j2ee/dtds/web-app_2_2.dtd">
      <!-- Copyright (c) 2002 by ObjectLearn. All Rights Reserved. -->

      <web-app>

      <servlet-name>action</servlet-name>
      <servlet-class>org.apache.struts.action.ActionServlet</servlet-class>

      <init-param>
      <param-name>config</param-name>
      <param-value>/WEB-INF/struts-config.xml</param-value>
      </init-param>
      <init-param>
      <param-name>debug</param-name>
      <param-value>3</param-value>
      </init-param>
      <init-param>
      <param-name>detail</param-name>
      <param-value>3</param-value>
      </init-param>
      <load-on-startup>1</load-on-startup>


      <servlet-mapping>
      <servlet-name>action</servlet-name>
      <url-pattern>*.do</url-pattern>
      </servlet-mapping>

      <welcome-file-list>
      <welcome-file>welcome.jsp</welcome-file>
      </welcome-file-list>


      <taglib-uri>/WEB-INF/tlds/struts-bean.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-bean.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/struts-html.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-html.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/struts-logic.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-logic.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/struts-nested.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-nested.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/struts-template.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-template.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/struts-tiles.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/struts-tiles.tld</taglib-location>


      <taglib-uri>/WEB-INF/tlds/pager-taglib.tld</taglib-uri>
      <taglib-location>/WEB-INF/tlds/pager-taglib.tld</taglib-location>


      </web-app>


        • 1. Re: Authentication exception, principal=null
          Peter Doornbosch Apprentice

          I doubt if you got the error using exactly this code; maybe you just simplified the example for posting?
          In the code sample supplied, you perform a login in the servlet and call an ejb during the same request. This should work. A mistake that is often made is that people do a jaas login in a login-servlet and than an ejb call in a second (or later) http-request. This usually doesn't work that good, because security attributes are associated with the current thread and most servlet engines i know use thread-pooling ;-).
          If this is what causes you trouble, you should either switch to normal standard web authentication (configure it in your web.xml), or write a custom security layer that handles these threading issues properly. In the last case, the article at http://www.luminis.nl/publications/websecurity.html might help.

          Hth,
          Peter.