5 Replies Latest reply on Sep 11, 2004 9:18 PM by starksm64

    Problems with UsersRolesLoginModule module

    balteo
    balteo Aug 27, 2004 5:49 PM

      Hello,

      I am new to JBoss security and I am trying to get the UsersRolesLoginModule module to work for my application.

      I have a simple JSP instanciating a simple session ejb and calling one method.

      Here is the jsp:

      <%@ page import ="javax.ejb.*" %>
<%@ page import ="javax.naming.*" %>
<%@ page import ="java.util.*" %>
<%@ page import ="java.rmi.*" %>
<%@ page import ="javax.security.auth.callback.*" %>
<%@ page import ="javax.security.auth.login.*" %>
<%@ page import ="com.mycompany.*" %>

<%
try{

char[] password = new char[2];
password[0]='m';
password[1]='p';
AppCallbackHandler handler = new AppCallbackHandler("myLogin", password);
LoginContext lc = new LoginContext("example1", handler);
//
//client-login
System.out.println("Created LoginContext");
lc.login();

Context context = new InitialContext();
EJBOneLocalHome home = (EJBOneLocalHome) context.lookup("example1/EJBOneHome_L");
EJBOneLocal ejbone = home.create();
ejbone.print();
}
catch(CreateException ce){
ce.printStackTrace();
}
catch(LoginException le){
le.printStackTrace();
}

%>


      The contents of my ejb can be viewed here:
      http://www.parispano.org/public/appOne.ear/ejbOne.jar/

      The contents of my web app can be viewed here:
      http://www.parispano.org/public/appOne.ear/webOne.war/

      Here is a snippet from my login-config.xml: 

      <application-policy name = "example1">
<authentication>
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"></login-module>
</authentication>
</application-policy>


      I get the following exception: 

      javax.ejb.EJBException: checkSecurityAssociation; CausedByException is:
 Authentication exception, principal=null
 org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
 org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:96)
 org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
 org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
 org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:614)
 org.jboss.ejb.Container.invoke(Container.java:893)
 org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invokeHome(BaseLocalProxyFactory.java:312)
 org.jboss.ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:118)
 $Proxy107.create(Unknown Source)
 org.apache.jsp.index_jsp._jspService(index_jsp.java:77)
 org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
 org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
 org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
 org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
 javax.servlet.http.HttpServlet.service(HttpServlet.java:810)


      When I enable the ClientLoginModule it works. Why isn't the UsersRolesLoginModule working?

      Any comment or solution greatly appreciated.

      Julien.

      • 3767 Views
      • Tags:
        • 1. Re: Problems with UsersRolesLoginModule module
          starksm64
          starksm64 Aug 27, 2004 11:44 PM (in response to balteo)

          Read the JAAS Howto in this forum. There is authentication of the caller which is what the UsersRolesLoginModule does, and there is integration with the ejb invocation layer to propagate the caller identity which is what the ClientLoginModule does.

            • Actions
          • 2. Problems with UsersRolesLoginModule module
            balteo
            balteo Aug 28, 2004 12:44 PM (in response to balteo)

            Hello Scott,

            I had actually read the howto and my question related to it. If I understand you, the ClientLoginModule is in charge of propagating the caller identity to the ejb layer.

            What I don't understand then is that without using the UsersRolesLoginModule (I commented out the login-module element), my two properties files get read and are used in order to authenticate the user. I thought those two properties files were used only by the UsersRolesLoginModule...

            Julien.

              • Actions
            • 3. Reactivating my thread
              balteo
              balteo Sep 2, 2004 6:34 PM (in response to balteo)

              Hello,
              I am just reactivating my thread hoping someone will answer it.
              Julien.

                • Actions
              • 4. Re: Problems with UsersRolesLoginModule module
                cobraflow
                cobraflow Sep 9, 2004 10:33 AM (in response to balteo)

                Commenting out your entry will not help (in this case) as if an entry with the correct name is not found, it will default to 'other' which, by default, is using the UsersRolesLoginModule also!

                  • Actions
                • 5. Re: Problems with UsersRolesLoginModule module
                  starksm64
                  starksm64 Sep 11, 2004 9:18 PM (in response to balteo)

                  You need to be using the ClientLoginModule in the example1 configuration. This allows the username/password passed to the JAAS layer via the LoginContext.login done in the jsp page to the ejb layer. The ejb deployer will validate the username/password using whatever login modules you have configured for the ejb deployment.

                    • Actions