2 Replies Latest reply on Aug 4, 2005 5:42 PM by galoch

    problem upgrading 3.2 to 4.0.2, security manager config

    ahardy66
    ahardy66 Jul 18, 2005 6:34 AM

      I upgraded my dev environment to JBoss 4.0.2 and I am trying to set up the security, but I cannot work out what mistake I have made that prevents a normal form-based login succeeding.

      It is a servlet & EJB app, with seperate war and ear files.

      It throws this exception when I try to log in:

      10:56:25,070 ERROR [JaasSecurityManagerService] Failed to create sec mgr
java.lang.NullPointerException
 at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:534)
 at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
 at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
 at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
 at $Proxy129.lookup(Unknown Source)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
 at javax.naming.InitialContext.lookup(InitialContext.java:351)
 at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
 at java.lang.Thread.run(Thread.java:595)
ERROR [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Error during authenticate
javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null]
 at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1052)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
 at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
 at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
 at java.lang.Thread.run(Thread.java:595)
Caused by: javax.naming.NamingException: Failed to create sec mgr:null
 at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:547)
 at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
 at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
 at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
 at $Proxy129.lookup(Unknown Source)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
 at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
 at javax.naming.InitialContext.lookup(InitialContext.java:351)
 at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
 ... 15 more



      This is the relevant part of my web.xml: 

       <security-constraint>
 <web-resource-collection>
 <web-resource-name>Private pages</web-resource-name>
 <description>CMS</description>
 <url-pattern>/private/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <description>Anyone with 1 of these roles allowed</description>
 <role-name>user</role-name>
 </auth-constraint>
 <user-data-constraint>
 <description>SSL required</description>
 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
 </user-data-constraint>
 </security-constraint>
 <login-config>
 <auth-method>FORM</auth-method>
 <realm-name>GargantusRealm</realm-name>
 <form-login-config>
 <form-login-page>/login.html</form-login-page>
 <form-error-page>/error.html</form-error-page>
 </form-login-config>
 </login-config>
 <security-role>
 <description>average surfer</description>
 <role-name>user</role-name>
 </security-role>



      and this is the jboss-web.xml: 
      <jboss-web>
 <security-domain>java:/jaas/GargantusRealm</security-domain>
 <context-root>/</context-root>
 <ejb-ref>
 <ejb-ref-name>ejb/SurveyFacade</ejb-ref-name>
 <jndi-name>ejb/SurveyFacade</jndi-name>
 </ejb-ref>
 <ejb-ref>
 <ejb-ref-name>ejb/LibraryFacade</ejb-ref-name>
 <jndi-name>ejb/LibraryFacade</jndi-name>
 </ejb-ref>
</jboss-web>


      and finally the login-config.xml: 

       <application-policy name="GargantusRealm">
 <authentication>
 <login-module
 code="org.gargantus.realm.JBossLoginModule"
 flag="required">
 <module-option name="encryption">MD5</module-option>
 <module-option name="jndi_name">
 java:/jdbc/RealmDS
 </module-option>
 </login-module>
 </authentication>
 </application-policy>


      My bespoke login module extends AbstractServerLoginModule but I don't think JBoss is even getting as far as loading the class (which I have jarred up and put in jboss/server/default/lib).

      I turned debug-level logging on for security and can see that JBoss reads the login-config.xml but that's all the info I get, until the exception when I try to log in.

      I can see from the forum here that others have set it up successfully so I suspect through some oversight I am making a configuration error.

      Any help would be grand!

      Adam





      • 9538 Views
      • Tags:
        • 1. Re: problem upgrading 3.2 to 4.0.2, security manager config
          ahardy66
          ahardy66 Jul 21, 2005 5:57 PM (in response to ahardy66)

          I investigated as much as I can and I found that JBoss's security config service is not loading the JNDI names of my application-policies from my login-config.xml at start-up.

          I ran the JBossJAAShowto example and that works fine, so I need to find the problem in what I am doing.

          When I use the jmx-console to check the JNDI entries, I see the following for my login-config.xml:

           +- jaas (class: javax.naming.Context)
 | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
 | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
 | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)


          which is bizarre because I have only my own realm in login-context (GargantusRealm) and the obligatory HsqlDbRealm. I have searched for the JmsXARealm config in the JBoss directories, but found nothing.

          When I run the example app, JBoss loads example1 and example2 without problems, so I am at a loss.

          If I put badly-formed XML in my login-config.xml, then JBoss throws an exception, so I can see that it is reading the xml for my realm, it is just not loading it into the java:/jaas JNDI.

          Can anybody shine a little light on this?

          Thanks
          Adam

            • Actions
          • 2. Re: problem upgrading 3.2 to 4.0.2, security manager config
            galoch
            galoch Aug 4, 2005 5:42 PM (in response to ahardy66)

            Adam,

            Did you ever find out the solution for this? I have the exact same problem.


            Thanks
            g

              • Actions