5 Replies Latest reply on May 19, 2004 3:58 AM by raffaelecorvino

    Problem JAAS-JBOSS

    raffaelecorvino Newbie

      Hello all,
      I try to integrate JAAS module to autentihcate user, but I have a problem.
      I use the login-module org.jboss.security.auth.spi.UserRolesLoginModule, the server deploy correctly, but when I run client application I have an error:
      java.io.IOException: Impossibile trovare una configurazione di login
      at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
      at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:95)
      ... 15 more
      Can Anyone help me please??
      Thanks in advance
      Raf

        • 1. Re: Problem JAAS-JBOSS
          Scott Stark Master

          Try going through the JAAS Howto topic in this forum. Your client does not appear to be finding the client side auth.conf file.

          • 2. Re: Problem JAAS-JBOSS
            raffaelecorvino Newbie

            Thanks,Scott Stark.
            I don't solve my problem. I've read jaashowto and I follow it. I've the same problem when I use org.jboss.security.auth.spi.UsersRolesLoginModule and also when I use org.jboss.security.auth.spi.DatabaseServerLoginModule. It' s very strange!?
            I use a custom server configuration,
            my file login-confi.xml is:
            <!DOCTYPE policy (View Source for full doctype...)>
            - <!-- The JBoss server side JAAS login config file for the examples
            -->
            -
            - <application-policy name="workflow1">
            -
            - <!--
            A properties file LoginModule that supports CallerPrincipal mapping
            LoginModule options:


            -->
            <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
            - <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
            <module-option name="unauthenticatedIdentity">anonymous</module-option>
            </login-module>

            </application-policy>
            - <application-policy name="workflow2">
            -
            - <!--
            A JDBC based LoginModule
            LoginModule options:
            dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
            principalsQuery: The prepared statement query equivalent to:
            "select Password from Principals where PrincipalID=?"
            rolesQuery: The prepared statement query equivalent to:
            "select Role, RoleGroup from Roles where PrincipalID=?"
            unauthenticatedIdentity: the principal assigned to callers without any authentication info


            -->
            <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
            - <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
            <module-option name="dsJndiName">java:/DefaultDS</module-option>
            <module-option name="principalsQuery">select Password from Principals where PrincipalID=?</module-option>
            <module-option name="rolesQuery">select Role from Roles where PrincipalID=?</module-option>
            </login-module>

            </application-policy>
            - <!-- The security domain for the HSQLDB
            -->
            - <application-policy name="HsqlDbRealm">
            -
            - <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
            <module-option name="principal">sa</module-option>
            <module-option name="userName">sa</module-option>
            <module-option name="password" />
            <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
            </login-module>

            </application-policy>
            ;

            my auth.config in server conf is:
            // The JBoss server side JAAS login config file for the examples

            workflow1 {
            // A properties file LoginModule that supports CallerPrincipal mapping

            org.jboss.security.ClientLoginModule required
            ;
            org.jboss.security.auth.spi.UsersRolesLoginModule required
            unauthenticatedIdentity=nobody
            ;
            };

            workflow2 {
            /* A JDBC based LoginModule
            LoginModule options:
            dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
            principalsQuery: The prepared statement query equivalent to:
            "select Password from Principals where PrincipalID=?"
            rolesQuery: The prepared statement query equivalent to:
            "select Role, RoleGroup from Roles where PrincipalID=?"
            */
            org.jboss.security.ClientLoginModule required
            ;

            org.jboss.security.auth.spi.DatabaseServerLoginModule required
            dsJndiName="java:/DefaultDS"
            principalsQuery="select Password from Principals where PrincipalID=?"
            rolesQuery="select Role from Roles where PrincipalID=?"
            unauthenticatedIdentity=nobody
            ;
            };

            other {

            // jBoss LoginModule
            org.jboss.security.ClientLoginModule required
            ;

            // Put your login modules that need jBoss here
            };

            my client config is:
            workflow1 {
            // A properties file LoginModule that supports CallerPrincipal mapping

            org.jboss.security.ClientLoginModule required
            ;
            org.jboss.security.auth.spi.UsersRolesLoginModule required
            ;
            };

            workflow2 {
            /* A JDBC based LoginModule
            LoginModule options:
            dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
            principalsQuery: The prepared statement query equivalent to:
            "select Password from Principals where PrincipalID=?"
            rolesQuery: The prepared statement query equivalent to:
            "select Role, RoleGroup from Roles where PrincipalID=?"
            */
            org.jboss.security.ClientLoginModule required
            ;

            org.jboss.security.auth.spi.DatabaseServerLoginModule required
            ;
            };

            other {

            // jBoss LoginModule
            org.jboss.security.ClientLoginModule required
            ;

            // Put your login modules that need jBoss here
            };
            I put file users.properities and roles.properties in jar file and in directory server and client but I've ever the same error.

            My client code .java is:
            public class LoginClient {


            private ap.com.tesi.session.LoginAccessHome getHome() throws NamingException {
            return (ap.com.tesi.session.LoginAccessHome) getContext().lookup(
            ap.com.tesi.session.LoginAccessHome.JNDI_NAME);
            }
            private InitialContext getContext() throws NamingException {
            Hashtable props = new Hashtable();
            props.put(InitialContext.INITIAL_CONTEXT_FACTORY,
            "org.jnp.interfaces.NamingContextFactory");
            props.put(InitialContext.PROVIDER_URL, "jnp://127.0.0.1:1099");
            // This establishes the security for authorization/authentication
            // props.put(InitialContext.SECURITY_PRINCIPAL,"username");
            // props.put(InitialContext.SECURITY_CREDENTIALS,"password");
            InitialContext initialContext = new InitialContext(props);
            return initialContext;
            }


            public String testBean() {
            LoginContext lc = null;
            SimplePrincipal user=null;
            try {
            String a=JOptionPane.showInputDialog("Inserisci il nome");
            String b=JOptionPane.showInputDialog("Inserisci la password");
            String name = a;
            char[] password = b.toCharArray();
            AppCallbackHandler handler = new AppCallbackHandler(name,password);

            lc = new LoginContext("workflow2",(CallbackHandler)handler);

            System.out.println("Created LoginContext");
            lc.login();
            }
            catch (LoginException le)
            {
            System.out.println("Login failed");
            le.printStackTrace();
            }




            //altrimrnti: Autenticazione riuscita!
            System.out.println("Autenticazione riuscita!");



            I am very unhappy because I'm working to solve this problem by a week!!!
            Please help me,
            Thanks in advance Raf

            • 3. Re: Problem JAAS-JBOSS
              raffaelecorvino Newbie

              I forget to inser the error. When I run the client, it give me:
              Exception in thread "main" java.lang.SecurityException: Impossibile trovare una configurazione di login
              at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:97)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
              at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
              at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
              at java.lang.reflect.Constructor.newInstance(Constructor.java:274)
              at java.lang.Class.newInstance0(Class.java:308)
              at java.lang.Class.newInstance(Class.java:261)
              at javax.security.auth.login.Configuration$3.run(Configuration.java:221)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:215)
              at javax.security.auth.login.LoginContext$1.run(LoginContext.java:170)
              at java.security.AccessController.doPrivileged(Native Method)
              at javax.security.auth.login.LoginContext.init(LoginContext.java:167)
              at javax.security.auth.login.LoginContext.(LoginContext.java:404)
              at ap.com.tesi.client.LoginClient.testBean(LoginClient.java:65)
              at ap.com.tesi.client.LoginClient.main(LoginClient.java:147)
              Caused by: java.io.IOException: Impossibile trovare una configurazione di login
              at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:206)
              at com.sun.security.auth.login.ConfigFile.(ConfigFile.java:95)
              ... 15 more.
              I'm using Jboss 3.2.3.
              Thanks for yours helps!!!
              Raf

              • 4. Re: Problem JAAS-JBOSS
                morenito9000 Newbie

                Hy Raffaele,
                the problem is that the client doesn't find the auth.conf file
                where it can retrieve the list of LoginModules that your
                application need to use.

                I don't know if this is the correct procedure but I copied
                an auth.conf file from <JBOSS installation dir>/client directory.

                I added in this file an entry for my application (named xmalf):

                xmalf {

                server.security.XMalfClientLoginModule required
                principalClass="server.security.XMalfSimplePrincipal"
                ;

                };

                (I use, client side, a ClientLoginModule and a SimplePrincipal,
                that I wrote on purpose: JBoss provides a ClientLoginModule
                and a SimplePrincipal if you need only to pass username and
                password to the server).

                In client code I have:

                LoginContext lc = new LoginContext("xmalf", myCallbackHandler);
                lc.login(); ... ....

                I run the client in this way:

                java -Djava.security.manager -Djava.security.policy=client.policy
                -Djava.security.auth.login.config=auth.conf MyClient

                this is OK if you run client in the same directory where you find
                auth.conf file (for example, if you are in a subdirectory you must
                indicate the path in this way:

                -Djava.security.auth.login.config=../auth.conf).

                For more precise infos visit thi site:

                www://minnigerode.org/CA-SF/dave/BasicJBossAAC.html

                Moreno



                • 5. Re: Problem JAAS-JBOSS
                  raffaelecorvino Newbie

                  Thanks very much morenito!!