3 Replies Latest reply on Apr 5, 2004 6:52 PM by Scott Stark

    ClientLoginModule not throwing an exception

    Sean Bowman Newbie

      I can't seem to get my lc.login() method to throw a LoginException when a user login fails. I have a Java application that connects to a JBoss 3.2.3 app server. The app server reports the login fails, but the LoginContext.login() method just falls through like everything is great.

      Here's my login code:

       System.setProperty("java.security.auth.login.config", "auth.conf");
      
       LoginContext lc = null;
       try {
       lc = new LoginContext("MyLogin",
       new UsernamePasswordHandler(userInfo.getUsername(), userInfo.getPassword()));
       lc.login();
       } catch (LoginException e) {
       // TODO: Flesh this out a bit and throw the correct security exceptions
       throw new UserNotFoundException("Invalid user information.");
       }
      
       System.out.println("Login fell through.");
      


      My auth.conf looks like:

      MyLogin {
       org.jboss.security.ClientLoginModule required;
      };
      


      Finally, my login-config.xml looks like this:

       <application-policy name = "MyApplication">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
       flag="required">
       <module-option name="dsJndiName">java:/MyApplicationDS</module-option>
       <module-option name="principalsQuery">SELECT PASSWD FROM TOOL_USER WHERE NAME=?</module-option>
       <module-option name="rolesQuery">
       SELECT USER_ROLES.TOOL_ROLE_NAME, 'Roles' FROM USER_ROLES, TOOL_USER
       WHERE TOOL_USER.NAME=? AND TOOL_USER.ID=USER_ROLES.TOOL_USER_ID
       </module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      I've tested the queries manually, and they all seem to work fine.

      When I try to login with a bad user name, the server throws the following stack trace:

      16:48:57,017 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=user
       at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:164)
       at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:81)
       at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
       at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
       at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
       at org.jboss.ejb.Container.invoke(Container.java:720)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBeanDispatcher.java:284)
       at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
       at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:367)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
       at sun.rmi.transport.Transport$1.run(Transport.java:148)
       at java.security.AccessController.doPrivileged(Native Method)
       at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
       at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460)
       at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701)
       at java.lang.Thread.run(Thread.java:534)
      


      But the application returns:

      Login fell through.
      


      Shouldn't it be throwing a LoginException? Anybody have any idea what's going on?

      Thanks,
      Sean Bowman