3 Replies Latest reply on Nov 23, 2004 3:44 PM by Scott Stark

    Latest JAAS HowTo not working with Jboss3.2.6

    Hillel Bilman Newbie

      Dear JAAS Team,

      I installed the JAAS HowTO by downloading the latest version and tried to run it with Jboss 3.2.6 and the first example -1. Invoke PublicSession.echo() as java, echoman [PASS]

      The first example fails I've included the logs from Jboss Apache Tomcat/5.0.28 and then the log from the Jboss console.

      Any help appreciated as I followed the instructions in the Howto and this should work?


      1) Jboss Apache Tomcat/5.0.28 :

      HTTP Status 500 -

      type Exception report

      message

      description The server encountered an internal error () that prevented it from fulfilling this request.

      exception

      javax.servlet.ServletException: Failed to call SecuredEJB.echo
      org.jboss.docs.jaas.howto.EJBServlet.callEcho(EJBServlet.java:74)
      org.jboss.docs.jaas.howto.EJBServlet.processRequest(EJBServlet.java:31)
      org.jboss.docs.jaas.howto.EJBServlet.doGet(EJBServlet.java:41)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)

      root cause

      javax.servlet.ServletException: Failed to call SecuredEJB.echo
      org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:178)
      org.jboss.docs.jaas.howto.EJBServlet.callEcho(EJBServlet.java:68)
      org.jboss.docs.jaas.howto.EJBServlet.processRequest(EJBServlet.java:31)
      org.jboss.docs.jaas.howto.EJBServlet.doGet(EJBServlet.java:41)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)

      root cause

      java.rmi.AccessException: SecurityException; nested exception is:
      java.lang.SecurityException: Authentication exception, principal=caller_java
      org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:369)
      org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:124)
      org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
      org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
      org.jboss.ejb.Container.invoke(Container.java:729)
      sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
      sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
      java.lang.reflect.Method.invoke(Method.java:324)
      org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
      org.jboss.mx.server.Invocation.dispatch(Invocation.java:62)
      org.jboss.mx.server.Invocation.dispatch(Invocation.java:54)
      org.jboss.mx.server.Invocation.invoke(Invocation.java:82)
      org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:197)
      org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
      org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
      org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
      org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
      org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
      org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      $Proxy45.create(Unknown Source)
      org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:173)
      org.jboss.docs.jaas.howto.EJBServlet.callEcho(EJBServlet.java:68)
      org.jboss.docs.jaas.howto.EJBServlet.processRequest(EJBServlet.java:31)
      org.jboss.docs.jaas.howto.EJBServlet.doGet(EJBServlet.java:41)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:75)

      note The full stack trace of the root cause is available in the Apache Tomcat/5.0.28 logs.
      Apache Tomcat/5.0.28




      2) THE JBOSS LOG GIVES THE FOLLOWING ERROR:
      21:51:57,340 INFO [Server] JBoss (MX MicroKernel) [3.2.6 (build: CVSTag=JBoss_3 _2_6 date=200410140106)] Started in 39s:647ms
      21:52:59,637 INFO [STDOUT] JaasLoginFilter, login as: java
      21:52:59,800 INFO [STDOUT] PublicSessionBean.ejbCreate() called
      21:52:59,802 INFO [STDOUT] PublicSessionBean.echo, arg=Hello
      21:52:59,802 INFO [STDOUT] PublicSessionBean.echo, callerPrincipal=caller_java
      21:52:59,803 INFO [STDOUT] PublicSessionBean.echo, isCallerInRole('EchoUser')=t rue
      21:52:59,812 INFO [STDOUT] PrivateSessionBean.ejbCreate() called
      21:52:59,815 INFO [STDOUT] PublicSessionBean.echo, created PrivateSession
      21:52:59,826 INFO [STDOUT] PrivateSessionBean.echo, arg=Hello
      21:52:59,826 INFO [STDOUT] PrivateSessionBean.echo, callerPrincipal=caller_java
      21:52:59,827 INFO [STDOUT] PrivateSessionBean.echo, isCallerInRole('InternalUse r')=false
      21:52:59,883 INFO [STDOUT] JaasLoginFilter, logout
      21:53:05,867 INFO [STDOUT] JaasLoginFilter, login as: java
      21:53:05,870 INFO [STDOUT] PublicSessionBean.noop
      21:53:05,870 INFO [STDOUT] PublicSessionBean.noop, callerPrincipal=caller_java
      21:53:05,872 INFO [STDOUT] JaasLoginFilter, logout
      21:53:20,390 ERROR [SecurityInterceptor] Authentication exception, principal=cal ler_java
      21:53:20,435 ERROR [Engine] StandardWrapperValve[SecureServlet]: Servlet.service () for servlet SecureServlet threw exception
      java.rmi.AccessException: SecurityException; nested exception is:
      java.lang.SecurityException: Authentication exception, principal=caller_ java
      at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.j ava:369)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1 24)
      at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyF actoryFinderInterceptor.java:93)
      at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessS essionContainer.java:319)
      at org.jboss.ejb.Container.invoke(Container.java:729)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25)
      at java.lang.reflect.Method.invoke(Method.java:324)
      at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher. java:60)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:62)
      at org.jboss.mx.server.Invocation.dispatch(Invocation.java:54)
      at org.jboss.mx.server.Invocation.invoke(Invocation.java:82)
      at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker. java:197)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
      at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
      at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.jav a:90)
      at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor. java:46)
      at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:5 5)
      at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
      at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
      at $Proxy45.create(Unknown Source)
      at org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:173)
      at org.jboss.docs.jaas.howto.EJBServlet.callEcho(EJBServlet.java:68)
      at org.jboss.docs.jaas.howto.EJBServlet.processRequest(EJBServlet.java:3 1)
      at org.jboss.docs.jaas.howto.EJBServlet.doGet(EJBServlet.java:41)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:237)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:157)
      at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi lter.java:75)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:186)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:157)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:214)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:520)
      at org.apache.catalina.core.StandardContextValve.invokeInternal(Standard ContextValve.java:198)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:152)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:104)
      at org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrinc ipalValve.java:66)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:102)
      at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit yAssociationValve.java:158)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:102)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authentica torBase.java:540)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:520)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:137)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:104)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:118)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:102)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:520)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:109)
      at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValv eContext.java:104)
      at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav a:520)
      at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
      at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:16 0)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java :799)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.proce ssConnection(Http11Protocol.java:705)
      at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java :577)
      at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadP ool.java:683)
      at java.lang.Thread.run(Thread.java:534)
      Caused by: java.lang.SecurityException: Authentication exception, principal=call er_java
      at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(Se curityInterceptor.java:155)
      at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityIntercep tor.java:74)
      at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:1 20)
      ... 59 more

        • 1. Re: Latest JAAS HowTo not working with Jboss3.2.6
          Scott Stark Master

          There was a bug introduced into 3.2.6 that changed the caller principal when the role mapping defined a caller principal mapping. This can be seen by the username passed to the login module:

          2004-11-23 10:27:19,531 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=caller_java
          


          This has been fixed for the 3.2.7 release. You can work around this by disabling the caller principal mapping by commenting out the *.CallerPrincipal entries in the roles.properties file:
          # The username to role(s) mapping properties file
          java=Echo
          duke=Java,Coder
          #java.CallerPrincipal=caller_java
          #duke.CallerPrincipal=caller_duke
          



          • 2. Re: Latest JAAS HowTo not working with Jboss3.2.6
            Hillel Bilman Newbie

            Thanks the first example now work.

            The second example now fails for the same reason as seen below, how would you recommend fixing it?

            Thanks

            2004-11-23 22:18:14,654 INFO [org.jboss.system.server.Server] JBoss (MX MicroKernel) [3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)] Started in 48s:94ms
            2004-11-23 22:18:27,382 INFO [STDOUT] JaasLoginFilter, login as: java
            2004-11-23 22:18:27,526 INFO [STDOUT] PublicSessionBean.ejbCreate() called
            2004-11-23 22:18:27,527 INFO [STDOUT] PublicSessionBean.noop
            2004-11-23 22:18:27,528 INFO [STDOUT] PublicSessionBean.noop, callerPrincipal=caller_java
            2004-11-23 22:18:27,557 INFO [STDOUT] JaasLoginFilter, logout
            2004-11-23 22:18:37,311 INFO [STDOUT] JaasLoginFilter, login as: java
            2004-11-23 22:18:37,317 INFO [STDOUT] PublicSessionBean.echo, arg=Hello
            2004-11-23 22:18:37,317 INFO [STDOUT] PublicSessionBean.echo, callerPrincipal=caller_java
            2004-11-23 22:18:37,318 INFO [STDOUT] PublicSessionBean.echo, isCallerInRole('EchoUser')=true
            2004-11-23 22:18:37,327 DEBUG [org.jboss.ejb.StatefulSessionContainer] Created new session ID: e1wij0cu-5
            2004-11-23 22:18:37,327 DEBUG [org.jboss.ejb.StatefulSessionContainer] Using create method for session: public void org.jboss.docs.jaas.howto.PrivateSessionBean.ejbCreate() throws javax.ejb.CreateException
            2004-11-23 22:18:37,327 INFO [STDOUT] PrivateSessionBean.ejbCreate() called
            2004-11-23 22:18:37,328 DEBUG [org.jboss.proxy.ejb.ProxyFactory] seting invoker proxy binding for stateful session: stateful-rmi-invoker
            2004-11-23 22:18:37,330 INFO [STDOUT] PublicSessionBean.echo, created PrivateSession
            2004-11-23 22:18:37,342 INFO [STDOUT] PrivateSessionBean.echo, arg=Hello
            2004-11-23 22:18:37,342 INFO [STDOUT] PrivateSessionBean.echo, callerPrincipal=caller_java
            2004-11-23 22:18:37,343 INFO [STDOUT] PrivateSessionBean.echo, isCallerInRole('InternalUser')=false
            2004-11-23 22:18:37,344 INFO [STDOUT] JaasLoginFilter, logout
            2004-11-23 22:18:40,127 INFO [STDOUT] JaasLoginFilter, login as: java
            2004-11-23 22:18:40,129 INFO [STDOUT] PublicSessionBean.noop
            2004-11-23 22:18:40,130 INFO [STDOUT] PublicSessionBean.noop, callerPrincipal=caller_java
            2004-11-23 22:18:40,131 INFO [STDOUT] JaasLoginFilter, logout
            2004-11-23 22:18:50,168 ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=caller_java
            2004-11-23 22:18:50,169 DEBUG [org.jboss.ejb.plugins.LogInterceptor] SecurityException in method: public abstract org.jboss.docs.jaas.howto.Session org.jboss.docs.jaas.howto.SessionHome.create() throws java.rmi.RemoteException,javax.ejb.CreateException
            java.lang.SecurityException: Authentication exception, principal=caller_java
            at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:155)
            at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:74)
            at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:120)
            at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
            at org.jboss.ejb.StatelessSessionContainer.internalInvokeHome(StatelessSessionContainer.java:319)
            at org.jboss.ejb.Container.invoke(Container.java:729)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
            at java.lang.reflect.Method.invoke(Method.java:324)
            at org.jboss.mx.server.ReflectedDispatcher.dispatch(ReflectedDispatcher.java:60)
            at org.jboss.mx.server.Invocation.dispatch(Invocation.java:62)
            at org.jboss.mx.server.Invocation.dispatch(Invocation.java:54)
            at org.jboss.mx.server.Invocation.invoke(Invocation.java:82)
            at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:197)
            at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:473)
            at org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:97)
            at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:90)
            at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:46)
            at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:55)
            at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:173)
            at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:85)
            at $Proxy67.create(Unknown Source)
            at org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:171)
            at org.jboss.docs.jaas.howto.EJBServlet.callEcho(EJBServlet.java:72)
            at org.jboss.docs.jaas.howto.EJBServlet.processRequest(EJBServlet.java:31)
            at org.jboss.docs.jaas.howto.EJBServlet.doGet(EJBServlet.java:40)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
            ...

            • 3. Re: Latest JAAS HowTo not working with Jboss3.2.6
              Scott Stark Master

              Edit the build.xml to remove the CallerPrincipal entries:

               INSERT INTO Roles VALUES ('java', 'caller_java', 'CallerPrincipal');
               INSERT INTO Roles VALUES ('duke', 'caller_duke', 'CallerPrincipal')
              


              to produce:
               <sql driver="org.hsqldb.jdbcDriver"
               url="jdbc:hsqldb:${jboss.server.data.dir}/hypersonic/localDB"
               userid="sa"
               password=""
               classpath="${jboss.dist}/server/default/lib/hsqldb.jar"><![CDATA[
              
               DROP TABLE Principals IF EXISTS;
               DROP TABLE Roles IF EXISTS;
               CREATE TABLE Principals (PrincipalID VARCHAR(64) PRIMARY KEY, Password V
              ARCHAR(64) );
               CREATE TABLE Roles (PrincipalID VARCHAR(64), Role VARCHAR(64), RoleGro
              up VARCHAR(64) );
               INSERT INTO Principals VALUES ('java', 'echoman');
               INSERT INTO Principals VALUES ('duke', 'javaman');
               INSERT INTO Roles VALUES ('java', 'Echo', 'Roles');
               INSERT INTO Roles VALUES ('duke', 'Java', 'Roles');
               INSERT INTO Roles VALUES ('duke', 'Coder', 'Roles');
               ]]></sql>