2 Replies Latest reply on Jan 15, 2005 7:46 PM by Russ Loucks

    Bad password for user 'caller_java' in JaasHowto

    Russ Loucks Newbie

      I'm running the following system:

      Linux Fedora FC/3 (kernel 2.6.9)
      JBoss 3.2.6

      I downloaded the 'jaashowto' example and tried to run it. I could start the application and display the index.html, but when tried to access the first link
      ('Invoke PublicSession.echo() as java, echoman'), I received the following traceback:

      javax.servlet.ServletException: Failed to call SecuredEJB.echo
       org.jboss.docs.jaas.howto.EJBServlet.createBean(EJBServlet.java:187)
       .
       .
      root cause
      
      java.rmi.AccessException: SecurityException; nested exception is:
       java.lang.SecurityException: Authentication exception, principal=caller_java
      

      I restarted JBoss with DEBUG enabled in the 'log4j.conf' file and found more details when I tried to run the test. Note I added some debug statements to the EJBServlet.java and session beans. Note the 'UserPrincipal=caller_java' in the EJBServlet:
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=caller_java
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB
       DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=caller_java
       ERROR [org.jboss.ejb.plugins.SecurityInterceptor] Authentication exception, principal=caller_java
      

      'Bad password for username=caller_java'?
      I could get the example to work if (and only if) I changed the 'roles.properties' file by removing the following two lines:
      java.CallerPrincipal=caller_java
      duke.CallerPrincipal=caller_duke
      

      In that case, I see the following debug statments in the server.log. Note the 'UserPrincipal=java' in the EJBServlet:
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] processRequest(): method=echo
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] callEcho(): UserPrincipal=java
       DEBUG [org.jboss.docs.jaas.howto.EJBServlet] createBean(): about to call 'create()' on: java:comp/env/ejb/SecuredEJB
       DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] ejbCreate() called
       DEBUG [org.jboss.docs.jaas.howto.PublicSessionBean] echo(), arg=Hello
      

      Why would the security mechanism be handed the 'caller_java' username and then try to authenticate it by verifying its password? I didn't change any other files in the example (other than to add debug statements to the code.

      Hmmmm.