2 Replies Latest reply on Aug 4, 2005 5:42 PM by Pavnit Bhatia

    problem upgrading 3.2 to 4.0.2, security manager config

    ahardy66 Novice

      I upgraded my dev environment to JBoss 4.0.2 and I am trying to set up the security, but I cannot work out what mistake I have made that prevents a normal form-based login succeeding.

      It is a servlet & EJB app, with seperate war and ear files.

      It throws this exception when I try to log in:

      10:56:25,070 ERROR [JaasSecurityManagerService] Failed to create sec mgr
      java.lang.NullPointerException
       at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:534)
       at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
       at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
       at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
       at $Proxy129.lookup(Unknown Source)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      ERROR [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Error during authenticate
      javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null]
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1052)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.naming.NamingException: Failed to create sec mgr:null
       at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:547)
       at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
       at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
       at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
       at $Proxy129.lookup(Unknown Source)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
       ... 15 more
      



      This is the relevant part of my web.xml:

       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Private pages</web-resource-name>
       <description>CMS</description>
       <url-pattern>/private/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <description>Anyone with 1 of these roles allowed</description>
       <role-name>user</role-name>
       </auth-constraint>
       <user-data-constraint>
       <description>SSL required</description>
       <transport-guarantee>CONFIDENTIAL</transport-guarantee>
       </user-data-constraint>
       </security-constraint>
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>GargantusRealm</realm-name>
       <form-login-config>
       <form-login-page>/login.html</form-login-page>
       <form-error-page>/error.html</form-error-page>
       </form-login-config>
       </login-config>
       <security-role>
       <description>average surfer</description>
       <role-name>user</role-name>
       </security-role>
      



      and this is the jboss-web.xml:
      <jboss-web>
       <security-domain>java:/jaas/GargantusRealm</security-domain>
       <context-root>/</context-root>
       <ejb-ref>
       <ejb-ref-name>ejb/SurveyFacade</ejb-ref-name>
       <jndi-name>ejb/SurveyFacade</jndi-name>
       </ejb-ref>
       <ejb-ref>
       <ejb-ref-name>ejb/LibraryFacade</ejb-ref-name>
       <jndi-name>ejb/LibraryFacade</jndi-name>
       </ejb-ref>
      </jboss-web>
      


      and finally the login-config.xml:

       <application-policy name="GargantusRealm">
       <authentication>
       <login-module
       code="org.gargantus.realm.JBossLoginModule"
       flag="required">
       <module-option name="encryption">MD5</module-option>
       <module-option name="jndi_name">
       java:/jdbc/RealmDS
       </module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      My bespoke login module extends AbstractServerLoginModule but I don't think JBoss is even getting as far as loading the class (which I have jarred up and put in jboss/server/default/lib).

      I turned debug-level logging on for security and can see that JBoss reads the login-config.xml but that's all the info I get, until the exception when I try to log in.

      I can see from the forum here that others have set it up successfully so I suspect through some oversight I am making a configuration error.

      Any help would be grand!

      Adam





        • 1. Re: problem upgrading 3.2 to 4.0.2, security manager config
          ahardy66 Novice

          I investigated as much as I can and I found that JBoss's security config service is not loading the JNDI names of my application-policies from my login-config.xml at start-up.

          I ran the JBossJAAShowto example and that works fine, so I need to find the problem in what I am doing.

          When I use the jmx-console to check the JNDI entries, I see the following for my login-config.xml:

           +- jaas (class: javax.naming.Context)
           | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
           | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
           | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)
          


          which is bizarre because I have only my own realm in login-context (GargantusRealm) and the obligatory HsqlDbRealm. I have searched for the JmsXARealm config in the JBoss directories, but found nothing.

          When I run the example app, JBoss loads example1 and example2 without problems, so I am at a loss.

          If I put badly-formed XML in my login-config.xml, then JBoss throws an exception, so I can see that it is reading the xml for my realm, it is just not loading it into the java:/jaas JNDI.

          Can anybody shine a little light on this?

          Thanks
          Adam

          • 2. Re: problem upgrading 3.2 to 4.0.2, security manager config
            Pavnit Bhatia Newbie

            Adam,

            Did you ever find out the solution for this? I have the exact same problem.


            Thanks
            g