5 Replies Latest reply on Sep 11, 2004 9:18 PM by Scott Stark

    Problems with UsersRolesLoginModule module

    Julien Martin Expert

      Hello,

      I am new to JBoss security and I am trying to get the UsersRolesLoginModule module to work for my application.

      I have a simple JSP instanciating a simple session ejb and calling one method.

      Here is the jsp:

      <%@ page import ="javax.ejb.*" %>
      <%@ page import ="javax.naming.*" %>
      <%@ page import ="java.util.*" %>
      <%@ page import ="java.rmi.*" %>
      <%@ page import ="javax.security.auth.callback.*" %>
      <%@ page import ="javax.security.auth.login.*" %>
      <%@ page import ="com.mycompany.*" %>
      
      <%
      try{
      
      char[] password = new char[2];
      password[0]='m';
      password[1]='p';
      AppCallbackHandler handler = new AppCallbackHandler("myLogin", password);
      LoginContext lc = new LoginContext("example1", handler);
      //
      //client-login
      System.out.println("Created LoginContext");
      lc.login();
      
      Context context = new InitialContext();
      EJBOneLocalHome home = (EJBOneLocalHome) context.lookup("example1/EJBOneHome_L");
      EJBOneLocal ejbone = home.create();
      ejbone.print();
      }
      catch(CreateException ce){
      ce.printStackTrace();
      }
      catch(LoginException le){
      le.printStackTrace();
      }
      
      %>
      


      The contents of my ejb can be viewed here:
      http://www.parispano.org/public/appOne.ear/ejbOne.jar/

      The contents of my web app can be viewed here:
      http://www.parispano.org/public/appOne.ear/webOne.war/

      Here is a snippet from my login-config.xml:

      <application-policy name = "example1">
      <authentication>
      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"></login-module>
      </authentication>
      </application-policy>
      


      I get the following exception:

      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
       Authentication exception, principal=null
       org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
       org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
       org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
       org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
       org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:614)
       org.jboss.ejb.Container.invoke(Container.java:893)
       org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:312)
       org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
       $Proxy107.create(Unknown Source)
       org.apache.jsp.index_jsp._jspService(index_jsp.java:77)
       org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
       org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
       org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
       org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      
      


      When I enable the ClientLoginModule it works. Why isn't the UsersRolesLoginModule working?

      Any comment or solution greatly appreciated.

      Julien.