3 Replies Latest reply on Aug 17, 2003 11:38 AM by Claude Glauser

    Authentication exception, principal=null

    ebdr Newbie

      Hi,

      I am very new to JBoss and am developing a new application. I am using jboss-3.0.6_tomcat-4.1.18.

      I am authenticating users in the struts LoginAction using the following code:

      LoginForm form = (LoginForm) actionForm;
      String username = form.getUsername();
      String password = form.getPassword();
      try {
      SecurityAssociationHandler handler = new SecurityAssociationHandler();
      Principal user = new SimplePrincipal(username);
      handler.setSecurityInfo(user, password.toCharArray());
      LoginContext loginContext = new LoginContext("samples", (CallbackHandler) handler);
      loginContext.login();
      Subject subject = loginContext.getSubject();
      Set principals = subject.getPrincipals();
      principals.add(user);
      } catch (LoginException e) {
      errors.add("loginerror", new ActionError("Wrong Username or Password"));
      saveErrors(request, errors);

      return mapping.findForward(Constants.ACTION_FAILURE);
      }

      // login succeeded: doing other business logic here

      The login succeeds when I enter the right username and password and fails otherwise, so I know that the login mechanism works. But for some reason, the EJB container does not seem to get the principal...
      Thank you for your help.

      Eric

        • 1. Re: Authentication exception, principal=null
          Claude Glauser Newbie

          Is your "sample" security domian a client login module ? Look for a file called something like
          login....xml in the conf directory of your server directory. The names must match.

          See:

          http://www.luminis.nl/publications/websecurity.html

          • 2. Re: Authentication exception, principal=null
            ebdr Newbie

            Hi Claude,

            Sorry for the late response. my sample security domain is specified like this in my login-config.xml:

            <application-policy name = "sample">

            <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required" />

            </application-policy>

            I have defined a username=password and username=role in my password and group files respectively. Is this the proper configuration?

            Thanks again.

            Eric

            • 3. Re: Authentication exception, principal=null
              Claude Glauser Newbie

              In my case, I use:
              1. (snippet of login-config.xml)

              <!-- Used by clients within the application server VM such as
              mbeans and servlets that access EJBs.
              -->
              <application-policy name = "client-login">

              <login-module code = "org.jboss.security.ClientLoginModule"
              flag = "required">
              </login-module>

              </application-policy>

              and

              <application-policy name = "bbloxDB">

              <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
              <module-option name="dsJndiName">java:/MySqlDS</module-option>
              <module-option name="principalsQuery">select PASSWORD from BBLOXUSERS ID where id=?</module-option>
              <module-option name="rolesQuery">select ROLES, 'Roles' from BBLOXUSERENTITY_ROLES_BBLOXROLEENTITY_USERS where USERS=?</module-option>
              </login-module>

              </application-policy>

              ------------------------
              In the servlet, I use

              LoginContext loginContext = new LoginContext("client-login", (CallbackHandler) handler);


              In the jboss.xml (In meta-inf of ejb jar file) is an entry that the
              "bbloxDB" security domain must be used.

              Client-login module is something like an
              "intermediate" login, which propagates to
              the database loginmodule (my English is
              rather poor).

              Hope this helps.