7 Replies Latest reply on Apr 26, 2004 11:33 AM by vkie001

    CustumLoginModule

    sanjuthomas Newbie

      we are trying to migrate from welogic to JBoss, we need to implement a security policy for the system(pogramatic), we have written a custom security class for this purpose. that custom class we are using in the server side, and in the client side we are using ClientLoginModule. But when we are running a simple ejb that secured using this custom class server is generating this exception, i have created a jar of this custom class and placed it in the sever/default/lib directory, i think it is right, becuase the server is invoking this class, and i am getting log infos in the server console. if any body need the whole file i will send you, please give your mail id. if somebody can help us, please....
      the exception is

      =
      12:44:09,131 INFO [OptiwiseServerLoginModule] B4 RETURN STATEMENT IN getUserPas
      sword()
      12:44:09,141 ERROR [SecurityInterceptor] Authentication exception, principal=san
      ju
      12:44:09,151 ERROR [LogInterceptor] EJBException, causedBy:
      java.lang.SecurityException: Authentication exception, principal=sanju
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
      curityInterceptor.java:164)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
      tor.java:81)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
      20)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
      actoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS
      essionContainer.java:319)
      at org.jboss.ejb.Container.invoke(Container.java:720)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBea
      nDispatcher.java:284)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
      at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:
      367)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
      java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
      sorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
      at sun.rmi.transport.Transport$1.run(Transport.java:148)
      at java.security.AccessController.doPrivileged(Native Method)
      at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
      at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:4
      60)
      at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport
      .java:701)
      at java.lang.Thread.run(Thread.java:536)


      if somebody know the reason, please help me.

      auth.conf entry
      OptiwiseClient
      {
      org.jboss.security.ClientLoginModule required;
      };

      login-config.xml

      <application-policy name="OptiwiseSecurityDomain">

      <login-module code="com.optiwise.bl.core.security.OptiwiseServerLoginModule" flag="required"></login-module>

      </application-policy>

      jboss.xml

      <?xml version="1.0"?>

      <security-domain>java:/jaas/OptiwiseSecurityDomain</security-domain>


      is there any file i need to modify, the security class is being currectly invoked by the server, but getUsersPassword() method return the result this exception is fired (that is what I understood). is there any need of achaging any other file, sun as any MBean or something like this, really i am very new in this jboss, i am desperately looking for your help , plese.
      thank you for spending your valuable time



        • 1. Re: CustumLoginModule
          Steve Lewis Expert

          It says there's an authentication exception. Which probably means you have the wrong password? Make sure you're sending in the right user/name to the ClientLogin when you get your connection to JBoss.

          If you want, go ahead and post a bit of the client code where you're calling your EJB.

          • 2. Re: CustumLoginModule
            sanjuthomas Newbie


            this is my client code

            import javax.security.auth.Subject;
            import java.security.acl.Group;
            import java.util.HashMap;
            import java.util.Map;
            import javax.naming.Context;
            import java.util.Hashtable;
            import javax.naming.InitialContext;
            import javax.security.auth.callback.CallbackHandler;
            import javax.security.auth.login.LoginContext;
            import org.apache.log4j.Logger;
            import org.jboss.security.auth.callback.UsernamePasswordHandler;
            import org.jboss.security.ClientLoginModule;
            import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

            /**
            *
            * @author Optiwise
            */
            public class OptiwiseClient extends ClientLoginModule
            {
            public static void main(String args[]) throws Exception
            {
            Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
            env.put(Context.PROVIDER_URL, "jnp://localhost:1099");
            Logger log = Logger.getLogger("OptiwiseClient");
            log.info("Login with username="+args[0]+", password="+args[1]);
            UsernamePasswordHandler handler = new UsernamePasswordHandler(args[0], args[1].toCharArray());
            LoginContext lc = new LoginContext("OptiwiseClient", handler);
            lc.login();

            System.out.println("HANDLER->"+handler);
            System.out.println("LOGIN CONTEXT->"+lc);
            log.info("Looking up RequestMgr Bean");
            InitialContext iniCtx = new InitialContext(env);
            System.out.println("INITIAL CONTEXT->"+iniCtx);
            Object ref = iniCtx.lookup("RequestMgr");
            System.out.println("REFERENCE->"+ref);
            RequestMgrHome home = (RequestMgrHome) ref;
            RequestMgr ob1 = home.create();
            System.out.println("OBJECT NAME"+ob1);
            log.info(ob1);
            System.out.println(ob1);
            log.info("Created Request Manager Object");
            lc.logout();
            }
            }


            in client side i am getting this exception


            F:\sanju\work\JBoss>java -Djava.security.auth.login.config=%JBOSS_HOME%\client\a
            uth.conf OptiwiseClient sanju sanju
            HANDLER->org.jboss.security.auth.callback.UsernamePasswordHandler@194a4e
            LOGIN CONTEXT->javax.security.auth.login.LoginContext@5d56d5
            INITIAL CONTEXT->javax.naming.InitialContext@64dc11
            REFERENCE->RequestMgrHome
            Exception in thread "main" java.rmi.ServerException: RemoteException occurred in
            server thread; nested exception is:
            java.rmi.ServerException: EJBException:; nested exception is:
            javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            Authentication exception, principal=sanju
            at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:292)
            at sun.rmi.transport.Transport$1.run(Transport.java:148)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
            at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:4
            60)
            at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport
            .java:701)
            at java.lang.Thread.run(Thread.java:536)
            at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(Stream
            RemoteCall.java:247)
            at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:
            223)
            at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:133)
            at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Sour
            ce)
            at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvo
            kerProxy.java:135)
            at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.jav
            a:96)
            at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.
            java:46)
            at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:4
            5)
            at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
            at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
            at $Proxy0.create(Unknown Source)
            at OptiwiseClient.main(OptiwiseClient.java:42)
            Caused by: java.rmi.ServerException: EJBException:; nested exception is:
            javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
            Authentication exception, principal=sanju
            at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.j
            ava:347)
            at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
            24)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
            actoryFinderInterceptor.java:93)
            at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS
            essionContainer.java:319)
            at org.jboss.ejb.Container.invoke(Container.java:720)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
            java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
            sorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBea
            nDispatcher.java:284)
            at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
            at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:
            367)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
            java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
            sorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
            at sun.rmi.transport.Transport$1.run(Transport.java:148)
            at java.security.AccessController.doPrivileged(Native Method)
            at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
            at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:4
            60)
            at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport
            .java:701)
            at java.lang.Thread.run(Thread.java:536)
            Caused by: javax.ejb.EJBException: checkSecurityAssociation; CausedByException i
            s:
            Authentication exception, principal=sanju
            at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
            curityInterceptor.java:165)
            at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
            tor.java:81)
            at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
            20)
            ... 21 more

            F:\sanju\work\JBoss>



            i am trying on the way what you told last, may be it is the reason , becuase when i am passing query to the database i am getting some meaningless text instead of the password i hav given. so it could be the reason, let me to see it.
            thank you for your help. ..
            see my client code too.
            thanks in advance.
            sanju

            • 3. Re: CustumLoginModule
              sanjuthomas Newbie

              i have cleared that problem, but now i am getting some other exception in the server if you know something about this please help me ..

              exception in server console

              13:15:20,544 INFO [OptiwiseServerLoginModule] FIRST LINE OF getRoleSets()
              13:15:20,564 INFO [OptiwiseServerLoginModule] (getRoleSets())USERNAME->arun
              13:15:20,564 INFO [OptiwiseServerLoginModule] (getRoleSets())NAME->plant manage
              r
              13:15:20,574 ERROR [SecurityInterceptor] Authentication exception, principal=aru
              n
              13:15:20,574 ERROR [LogInterceptor] EJBException, causedBy:
              java.lang.SecurityException: Authentication exception, principal=arun
              at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se
              curityInterceptor.java:164)
              at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep
              tor.java:81)
              at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1
              20)
              at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF
              actoryFinderInterceptor.java:93)
              at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS
              essionContainer.java:319)
              at org.jboss.ejb.Container.invoke(Container.java:720)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
              java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
              sorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(ReflectedMBea
              nDispatcher.java:284)
              at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:546)
              at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:
              367)
              at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
              at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
              java:39)
              at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
              sorImpl.java:25)
              at java.lang.reflect.Method.invoke(Method.java:324)
              at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:261)
              at sun.rmi.transport.Transport$1.run(Transport.java:148)
              at java.security.AccessController.doPrivileged(Native Method)
              at sun.rmi.transport.Transport.serviceCall(Transport.java:144)
              at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:4
              60)
              at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport
              .java:701)
              at java.lang.Thread.run(Thread.java:536)


              if you got the problem please help me..
              thaks in advance
              sanju

              • 4. Re: CustumLoginModule
                sanjuthomas Newbie

                Please help me...

                • 5. Re: CustumLoginModule
                  Janardhan Burugupalli Newbie

                  If your are connecting to database to check the Username and password

                  then you better check the DataBaseLoginModule.java and compare it with your code. Or if not better use the exisiting one by just providing the query stmts.

                  jani

                  • 6. Re: CustumLoginModule
                    sanjuthomas Newbie

                    thank you , thank you , i got the solution for this problem

                    • 7. Re: CustumLoginModule
                      vkie001 Newbie

                      Does anyone notice the security context does inheret.

                      I am using the "org.jboss.security.auth.spi.UsersRolesLoginModule" and have no problem login in. However, when I go to a url that are not protected, even those I am already successfully login it still said I am login as "nobody".

                      Can some one point me in the right direction?

                      Cheers...