2 Replies Latest reply on Nov 19, 2004 5:25 PM by Rick Wong

    request.getUserPrincipal() returns org.jboss.security.Simple

    Rick Wong Newbie

      For reference, I posted about this on the JCA forum here:
      http://www.jboss.org/?module=bb&op=viewtopic&t=56269

      And bug report #1067726, here:
      http://sourceforge.net/tracker/?group_id=22866&atid=376685&func=detail&aid=1067726

      Adrian Brock suggested I post my config and a trace log on this list.

      I'm using jboss v3.2.6, and I'm using the SimpleServerLoginModule to login a web application. I'm then using the CallerIdentityLoginModule to pass the same credentials on to a JCA connection. The CallerIdentityLoginModule throws a
      SecurityException when it tries to get the login information from a web application to resuse with a JCA connection.

      The real exception is a ClassCastException, but the
      CallerIdentityLoginModule is catching it and rethrowing
      SecurityException on line 137. The ClassCastException is here on line 122:

      password = (char[]) o; // o is really a String


      My web.xml has:
      <security-role>
      <role-name>user</role-name>
      </security-role>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Myecaddy Realm</realm-name>
      <form-login-config>
      <form-login-page>/login.jsp</form-login-page>
      <form-error-page>/login.jsp</form-error-page>
      </form-login-config>
      </login-config>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>myecaddy</web-resource-name>
      <url-pattern>/protected/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>

      <user-data-constraint>
      Encryption is not required for the application in general.
      <transport-guarantee>NONE</transport-guarantee>
      </user-data-constraint>
      </security-constraint>

      My jboss-web.xml has:
      <jboss-web>
      <security-domain>java:/jaas/myecaddyRealm</security-domain>
      </jboss-web>


      My *-ds.xml has:
      <tx-connection-factory>
      <jndi-name>WebDAV-Connector</jndi-name>
      <xa-transaction/>
      <adapter-display-name>WebDAV-Connector</adapter-display-name>
      <config-property name="ConnectionURL" type="java.lang.String">http://localhost:8080/webdav</config-property>
      <config-property name="UserName" type="java.lang.String">root</config-property>
      <config-property name="Password" type="java.lang.String">root</config-property>
      <config-property name="Timeout" type="java.lang.Integer">10</config-property>
      <security-domain>webdavRealm</security-domain>
      </tx-connection-factory>



      My login config has:
      <application-policy name="myecaddyRealm">

      <login-module code="org.jboss.security.auth.spi.SimpleServerLoginModule"
      flag="required" />

      </application-policy>

      <application-policy name = "webdavRealm">

      <login-module code = "org.jboss.resource.security.CallerIdentityLoginModule" flag = "required">
      <module-option name = "userName">root</module-option>
      <module-option name = "password">root</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=WebDAV-Connector</module-option>
      </login-module>

      </application-policy>


      The trace log with the SecurityException:
      2004-11-19 15:36:45,998 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
      2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@16c1227
      2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManager.myecaddyRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy@1be20c
      2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@1be20c
      2004-11-19 15:36:45,998 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added myecaddyRealm, org.jboss.security.plugins.SecurityDomainContext@959fa1 to map
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(myecaddyRealm), size=6
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(myecaddyRealm), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.SimpleServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] initialize
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] login
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] User 'root' authenticated, loginOk=true
      2004-11-19 15:36:46,013 TRACE [org.jboss.security.auth.spi.SimpleServerLoginModule] commit, loginOk=true
      2004-11-19 15:36:46,029 TRACE [org.jboss.security.plugins.JaasSecurityManager.myecaddyRealm] updateCache, subject=Subject:
      Principal: root
      Principal: Roles(members:user,guest)

      2004-11-19 15:36:52,841 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(webdavRealm), size=6
      2004-11-19 15:36:52,841 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(webdavRealm), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.resource.security.CallerIdentityLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=managedConnectionFactoryName, value=jboss.jca:service=TxCM,name=WebDAV-Connector
      name=password, value=root
      name=userName, value=root

      2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] initialize
      2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.AbstractPasswordCredentialLoginModule] mcfname: jboss.jca:service=TxCM,name=WebDAV-Connector
      2004-11-19 15:36:52,857 DEBUG [org.jboss.resource.security.CallerIdentityLoginModule] got default principal: root, username: root, password: ****
      2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] Caller Association login called
      2004-11-19 15:36:52,857 TRACE [org.jboss.resource.security.CallerIdentityLoginModule] abort
      2004-11-19 15:36:52,857 TRACE [org.jboss.security.plugins.JaasSecurityManager.webdavRealm] Login failure
      javax.security.auth.login.LoginException: Unable to get the calling principal or its credentials for resource association
      at org.jboss.resource.security.CallerIdentityLoginModule.login(CallerIdentityLoginModule.java:137)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
      at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
      at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
      at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:480)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:431)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:664)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
      at org.apache.webdav.connector.WebDAVConnectionFactory.getConnection(WebDAVConnectionFactory.java:56)
      at org.apache.jsp.protected_.davtest_jsp._jspService(davtest_jsp.java:66)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)
      2004-11-19 15:36:52,873 ERROR [org.jboss.web.localhost.Engine] StandardWrapperValve[jsp]: Servlet.service() for servlet jsp threw exception
      java.lang.SecurityException: Invalid authentication attempt, principal=root
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:666)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:495)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:887)
      at org.apache.webdav.connector.WebDAVConnectionFactory.getConnection(WebDAVConnectionFactory.java:56)
      at org.apache.jsp.protected_.davtest_jsp._jspService(davtest_jsp.java:66)
      at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:324)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:292)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:236)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:186)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:66)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:158)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:540)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
      at java.lang.Thread.run(Thread.java:534)