1 Reply Latest reply on Sep 24, 2003 8:41 AM by goba

    ejbPassivate() - principal=null

    goba Newbie

      Hi,

      I am running JAAS on JBOSS 3.2.2x with a security domain login based on
      org.jboss.security.auth.spi.DatabaseServerLoginModule

      Everything works fine with web-applications that have explicit login to the security domain.
      I.e. has this kind of thing in jboss-web.xml
      <jboss-web>
      <security-domain>java:/jaas/mydomain</security-domain>
      </jboss-web>

      From login-config.xml:
      <application-policy name="mydomain">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag="required" >
      <module-option name="dsJndiName">java:/ds/mydomain</module-option>
      <module-option name="principalsQuery">SELECT passWord FROM users WHERE userName = ?</module-option>
      <module-option name="rolesQuery">SELECT role, 'Roles' FROM roles WHERE userName = ?</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "client-login">

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>

      </application-policy>


      The problems occur when a webmodule does not have explicit login.
      First time a bean instance is created the following code is executed:
      LoginContext auth = new LoginContext("client-login", new UsernamePasswordHandler("myUser", "myPwd"));
      auth.login();
      The thing is that every time a call to that bean instance is made in another thread (but the same HttpSession ofcourse) I get
      "java.lang.SecurityException: Authentication exception, principal=null"
      The Bean is cached in the HttpSession. To make another call to auth.login(); before EVERY call to that bean instance solves this problem too.

      Over to my tricky problem:
      When the container eventually calls ejbPassivate() on the bean instance the problem reoccurs.
      I have no possibility to call auth.login() in that case ofcourse, so my logs are filled with
      "java.lang.SecurityException: Authentication exception, principal=null" every time a bean instance has to be passivated by the container.

      Does anyone recognise this problem?
      Any light on this dilemma would be highly appreciated.

        • 1. Re: ejbPassivate() - principal=null
          goba Newbie

          Hi again,

          We found a solution to this problem.

          Just add
          <module-option name = "unauthenticatedIdentity">autoUser</module-option>

          inside the <login-module> - xml

          Then make sure that "autoUser" has the correct userRole to be able to call your beans.

          And skip ALL
          LoginContext auth = new LoginContext("client-login", new UsernamePasswordHandler("myUser", "myPwd"));
          auth.login();


          Then everything runs smooth.