1 Reply Latest reply on May 23, 2005 6:02 PM by Angelo Immediata

    ERROR [JaasSecurityManagerService] Failed to create sec mgr

    Angelo Immediata Newbie

      Hi all; i'm using JBoss 3.2.6 on Windows XP sp 2 and SDK 1.4.2_07; i have created a my .ear and i have created a my security-domain; well i have modified the auth.conf file by adding:

      eng {
       // jBoss LoginModule
       org.jboss.security.ClientLoginModule required;
      
       // Put your login modules that need jBoss here
      };


      Then i have modifed the login-config.xml in this way:

      <authentication> <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
       flag = "required"> <module-option name = "moduleName"> </module-option> <module-option name = "unauthenticatedIdentity"> </module-option> <module-option name = "dsJndiName"> </module-option> <module-option name = "daemonUsername"> </module-option> <module-option name = "daemonPassword"> </module-option> </login-module> </authentication> </application-policy> <security-domain> </security-domain> <= 3.2.5 passes login principal
       ps = con.prepareStatement
       ("SELECT PASSWORD FROM STAFFMEMBER WHERE MEMBERID = ?");
       ps.setString(1, un);
       }
       rs = ps.executeQuery();
       if(rs.next()) {
       return rs.getString(1).equals (inputPassword);
       }
       } catch(NamingException ex) {
       ex.printStackTrace();
       } catch(SQLException ex) {
       ex.printStackTrace();
       } finally {
       try {
       closeAll (rs, ps, con);
       } catch (SQLException ex) {
       ex.printStackTrace();
       }
       }
       return false;
       */
       return true;
       }
      
       protected Group[] getRoleSets() throws LoginException {
       log.info( "getting rolesets" );
       if (getUnauthenticatedIdentity() != null
       && getIdentity().equals(getUnauthenticatedIdentity())) {
       Group[] grps = new Group[0];
       return grps;
       }
       if (daemonUsername != null && getUsername().equals(daemonUsername)) {
       // Create Caller Principal
       SimpleGroup princip = new SimpleGroup("CallerPrincipal");
       princip.addMember
       (new SimplePrincipal("StaffManagementMember_Daemon"));
       // create roles, start with default role
       Group roles = new SimpleGroup("Roles");
       SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
       roles.addMember(p);
       p = new SimplePrincipal("StaffManagementRole_Daemon");
       roles.addMember(p);
       Group[] grps = new Group[] {princip, roles};
       return grps;
       }
       List groups = new ArrayList();
       // gather information
       Connection con = null;
       try {
       // prepare db connection
       InitialContext ctx = new InitialContext();
       DataSource ds = (DataSource) ctx.lookup(dsJndiName);
       con = ds.getConnection();
       // Create Caller Principal
       long memberDBId = addCallerPrincipal(con, groups);
       // create roles, start with default role
       SimpleGroup rolesGroup = new SimpleGroup("Roles");
       groups.add(rolesGroup);
       SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
       rolesGroup.addMember(p);
       // add roles from db
       addGroupsAsRoles(con, rolesGroup, memberDBId, true);
       } catch (NamingException ex) {
       throw new LoginException(ex.toString(true));
       } catch (SQLException ex) {
       ex.printStackTrace();
       throw new LoginException(ex.toString());
       } finally {
       try {
       closeAll(null, null, con);
       } catch (SQLException ex) {
       ex.printStackTrace();
       throw new LoginException(ex.toString());
       }
       }
      
       Group[] roleSets = new Group[groups.size()];
       groups.toArray(roleSets);
       for( int i = 0; i < roleSets.length; i++ ){
      
       log.info( "Eleemnto:"+i+" "+roleSets );
       }
       return roleSets;
       }
      
       private long addCallerPrincipal(Connection con, List groups) throws
       SQLException, LoginException {
       /*
       PreparedStatement ps = null;
       ResultSet rs = null;
       long dbid = 0;
       try {
       String un = getUsername();
       if (un.startsWith ("StaffManagementMember_")) {
       // JBoss 3.2.6 passes EJB container principal
       return Long.parseLong (un.substring(22));
       }
       // JBoss <= 3.2.5 passes login principal
       ps = con.prepareStatement
       ("SELECT DBID FROM STAFFMEMBER WHERE MEMBERID = ?");
       ps.setString(1, un);
       rs = ps.executeQuery();
       if(! rs.next()) {
       throw new LoginException
       ("Authenticated user vanished from table");
       }
       dbid = rs.getLong(1);
       SimpleGroup rolesGroup = new SimpleGroup("CallerPrincipal");
       groups.add(rolesGroup);
       rolesGroup.addMember
       (new SimplePrincipal
       ("StaffManagementMember_" + dbid));
       } finally {
       closeAll (rs, ps, null);
       }
       return dbid;
       */
       log.info( "Ritorno 0" );
       return 0L;
       }
      
       private void addGroupsAsRoles(Connection con, SimpleGroup roles,
       long id, boolean isMember) throws
       SQLException, LoginException {
       /*
       PreparedStatement ps = null;
       ResultSet rs = null;
       try {
       String type = "M";
       if (!isMember) {
       type = "G";
       }
       ps = con.prepareStatement
       ("SELECT GROUPID FROM STAFFMAP "
       + "WHERE CONTAINED = ? AND TYPE = ?");
       ps.setLong(1, id);
       ps.setString(2, type);
       rs = ps.executeQuery();
       while(rs.next()) {
       long grpId = rs.getLong(1);
       if (grpId < 100) {
       roles.addMember (new SimplePrincipal
       ("StaffManagementRole_" + grpId));
       } else {
       roles.addMember
       (new SimplePrincipal (lookupGroup (con, grpId)));
       }
       addGroupsAsRoles (con, roles, grpId, false);
       }
       } finally {
       closeAll (rs, ps, null);
       }
       */
       log.info( "addGroupRoles" );
       for (int i = 0; i < 10; i++) {
      
       roles.addMember(new SimplePrincipal("StaffManagementRole_" + i));
       addGroupsAsRoles(con, roles, i, false);
       }
       }
      
       private String lookupGroup(Connection con, long grpId) throws SQLException,
       LoginException {
       PreparedStatement ps = null;
       ResultSet rs = null;
       try {
       ps = con.prepareStatement
       ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?");
       ps.setLong(1, grpId);
       rs = ps.executeQuery();
       if (!rs.next()) {
       throw new LoginException
       ("Group vanished from table");
       }
       return rs.getString(1);
       } finally {
       closeAll(rs, ps, null);
       }
       }
      
      
       private void closeAll(ResultSet rs, Statement st,
       Connection con) throws SQLException {
       if (rs != null) {
       rs.close();
       }
       if (st != null) {
       st.close();
       }
       if (con != null) {
       con.close();
       }
       }
      
       protected String getUsersPassword() throws LoginException {
      
       log.info( "Returning password" );
       return null;
       }
       }


      It seems to me all well done.... can anybody help me?
      As you can see this class i very simple... i have done nothing particular...
      Thanks.

        • 1. Re: ERROR [JaasSecurityManagerService] Failed to create sec
          Angelo Immediata Newbie

          I'm sorry i don't know why it has been created so bad formatted; this is what i have added to my auth.conf:

          eng {
           // jBoss LoginModule
           org.jboss.security.ClientLoginModule required;
          
           // Put your login modules that need jBoss here
          };


          This is what i have added to login-config.xml:

          <application-policy name = "eng">
           <authentication>
           <login-module code = "org.jboss.security.auth.spi.ProxyLoginModule"
           flag = "required">
          <module-option name = "moduleName">
           it.eng.staffmngt.jbossx.StaffMemberLoginModule
          </module-option>
          <module-option name = "unauthenticatedIdentity">nobody</module-option>
          <module-option name = "dsJndiName">java:/DefaultDS</module-option>
           <module-option name = "daemonUsername">daemon</module-option>
          <module-option name = "daemonPassword">Afaik,tiagp.</module-option>
          </login-module>
          </authentication>
           </application-policy>
          


          This is what i see whne start the application:


          23:41:57,670 INFO [EJBDeployer] Deployed: file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/de.danet.an.util-ejbs.jar
          23:41:57,850 INFO [StaffMemberLoginModule] Init of it.eng.staffmngt.jbossx.StaffMemberLoginModule
          23:41:57,850 INFO [StaffMemberLoginModule] Returning password
          23:41:57,850 INFO [StaffMemberLoginModule] validating password: Afaik,tiagp.
          23:41:57,850 INFO [StaffMemberLoginModule] getting rolesets
          23:41:58,141 WARN [TxConnectionManager] Prepare called on a local tx. Use of local transactions on a jta transaction with more than one branch may result in inconsistent data in some cases of failure.
          23:41:58,451 INFO [EJBDeployer] Deployed: file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/de.danet.an.wfcore-ejbs.jar
          23:41:58,581 INFO [TomcatDeployer] deploy, ctxPath=/WfmOpen, warUrl=file:/C:/jboss-3.2.6/server/default/tmp/deploy/tmp46979silManager.ear-contents/WfmOpen.war/


          This is the error i have:


          23:42:02,427 INFO [Server] JBoss (MX MicroKernel) [3.2.6 (build: CVSTag=JBoss_3_2_6 date=200410140106)] Started in 28s:151ms
          23:42:44,928 ERROR [JaasSecurityManagerService] Failed to create sec mgr
          java.lang.NullPointerException
          at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:488)
          at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:468)
          at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:62)
          at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:547)
          at $Proxy125.lookup(Unknown Source)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:644)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
          at javax.naming.InitialContext.lookup(InitialContext.java:347)
          at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:966)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:615)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:234)
          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
          at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
          at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
          at java.lang.Thread.run(Thread.java:534)
          23:42:44,968 ERROR [JBossSecurityMgrRealm] Error during authenticate
          javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null]
          at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:972)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:615)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
          at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:234)
          at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:235)
          at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:446)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
          at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
          at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
          at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
          at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
          at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
          at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
          at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
          at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
          at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
          at java.lang.Thread.run(Thread.java:534)
          Caused by: javax.naming.NamingException: Failed to create sec mgr:null
          at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:501)
          at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:468)
          at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:62)
          at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:547)
          at $Proxy125.lookup(Unknown Source)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:644)
          at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:509)
          at javax.naming.InitialContext.lookup(InitialContext.java:347)
          at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:966)
          ... 22 more


          And this is my java class:

          import java.security.acl.Group;
          import java.util.Map;
          import java.util.List;
          import java.util.ArrayList;
          import java.sql.Connection;
          import java.sql.Statement;
          import java.sql.PreparedStatement;
          import java.sql.ResultSet;
          import java.sql.SQLException;
          import javax.sql.DataSource;
          import javax.naming.InitialContext;
          import javax.naming.NamingException;
          import javax.security.auth.Subject;
          import javax.security.auth.callback.CallbackHandler;
          import javax.security.auth.login.LoginException;
          import org.jboss.security.SimpleGroup;
          import org.jboss.security.SimplePrincipal;
          import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
          import org.apache.log4j.Logger;
          
          public class StaffMemberLoginModule extends UsernamePasswordLoginModule {
          
           private String dsJndiName;
           private String daemonUsername = null;
           private String daemonPassword = null;
           private static final String className = StaffMemberLoginModule.class.getName();
           private static final Logger log = Logger.getLogger( className );
          
           public void initialize(Subject subject, CallbackHandler callbackHandler,
           Map sharedState, Map options) {
           super.initialize(subject, callbackHandler, sharedState, options);
           log.info( "Init of "+ className );
          
           dsJndiName = (String) options.get("dsJndiName");
           if (dsJndiName == null) {
           dsJndiName = "java:/DefaultDS";
           }
          
           daemonUsername = (String) options.get("daemonUsername");
           daemonPassword = (String) options.get("daemonPassword");
           }
          
          
           protected boolean validatePassword
           (String inputPassword, String expectedPassword) {
           log.info( "validating password: "+ inputPassword );
           if (getUsername() == null || inputPassword == null) {
           return false;
           }
           if (daemonUsername != null && getUsername().equals(daemonUsername)
           && daemonPassword != null
           && inputPassword.equals(daemonPassword)) {
           return true;
           }
          
           return true;
           }
          
          
           protected Group[] getRoleSets() throws LoginException {
           log.info( "getting rolesets" );
           if (getUnauthenticatedIdentity() != null
           && getIdentity().equals(getUnauthenticatedIdentity())) {
           Group[] grps = new Group[0];
           return grps;
           }
           if (daemonUsername != null && getUsername().equals(daemonUsername)) {
           // Create Caller Principal
           SimpleGroup princip = new SimpleGroup("CallerPrincipal");
           princip.addMember
           (new SimplePrincipal("StaffManagementMember_Daemon"));
           // create roles, start with default role
           Group roles = new SimpleGroup("Roles");
           SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
           roles.addMember(p);
           p = new SimplePrincipal("StaffManagementRole_Daemon");
           roles.addMember(p);
           Group[] grps = new Group[] {princip, roles};
           return grps;
           }
           List groups = new ArrayList();
           // gather information
           Connection con = null;
           try {
           // prepare db connection
           InitialContext ctx = new InitialContext();
           DataSource ds = (DataSource) ctx.lookup(dsJndiName);
           con = ds.getConnection();
           // Create Caller Principal
           long memberDBId = addCallerPrincipal(con, groups);
           // create roles, start with default role
           SimpleGroup rolesGroup = new SimpleGroup("Roles");
           groups.add(rolesGroup);
           SimplePrincipal p = new SimplePrincipal("StaffManagementUser");
           rolesGroup.addMember(p);
           // add roles from db
           addGroupsAsRoles(con, rolesGroup, memberDBId, true);
           } catch (NamingException ex) {
           throw new LoginException(ex.toString(true));
           } catch (SQLException ex) {
           ex.printStackTrace();
           throw new LoginException(ex.toString());
           } finally {
           try {
           closeAll(null, null, con);
           } catch (SQLException ex) {
           ex.printStackTrace();
           throw new LoginException(ex.toString());
           }
           }
          
           Group[] roleSets = new Group[groups.size()];
           groups.toArray(roleSets);
           for( int i = 0; i < roleSets.length; i++ ){
          
           log.info( "Eleemnto:"+i+" "+roleSets );
           }
           return roleSets;
           }
          
           private long addCallerPrincipal(Connection con, List groups) throws
           SQLException, LoginException {
          
           log.info( "Ritorno 0" );
           return 0L;
           }
          
           private void addGroupsAsRoles(Connection con, SimpleGroup roles,
           long id, boolean isMember) throws
           SQLException, LoginException {
          
           log.info( "addGroupRoles" );
           for (int i = 0; i < 10; i++) {
          
           roles.addMember(new SimplePrincipal("StaffManagementRole_" + i));
           addGroupsAsRoles(con, roles, i, false);
           }
           }
          
           private String lookupGroup(Connection con, long grpId) throws SQLException,
           LoginException {
           PreparedStatement ps = null;
           ResultSet rs = null;
           try {
           ps = con.prepareStatement
           ("SELECT NAME FROM STAFFGROUP WHERE DBID = ?");
           ps.setLong(1, grpId);
           rs = ps.executeQuery();
           if (!rs.next()) {
           throw new LoginException
           ("Group vanished from table");
           }
           return rs.getString(1);
           } finally {
           closeAll(rs, ps, null);
           }
           }
          
           private void closeAll(ResultSet rs, Statement st,
           Connection con) throws SQLException {
           if (rs != null) {
           rs.close();
           }
           if (st != null) {
           st.close();
           }
           if (con != null) {
           con.close();
           }
           }
          
           protected String getUsersPassword() throws LoginException {
          
           log.info( "Returning password" );
           return null;
           }
           }
          



          It seems to me all ok... why have i that error?
          Thanks to all and stil excuse me for the previous message :-)