5 Replies Latest reply on Dec 22, 2005 10:24 AM by Jobby Joseph

    Simple JAAS Configuration ?

    Curtis Bergeron Newbie

      I have been trying to get a JAAS configuration running and am having alot of problems. I am using JBoss 4.0.2 which is configured as was when installed other than addition of lines below.

      Right now, I have the following and the code is below as well. I have just a simple JSP login page which call j_security_check. Here is the code and below is the exception I am getting. I am pretty sure everything is configured correctly. Prior to this I was doing a custom login which worked but I always received the unauthenticated principal error so I decided to try a simple example using j_security_check. My login module extends JBoss UsernamePasswordLoginModule.

      Anybody care to shed some light on this so that I can continue on. This thing is starting to give me a headache. Thanks alot.

      Curtis

      web.xml

      <!-- ### Security -->
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>Restricted</web-resource-name>
       <description>Declarative security tests</description>
       <url-pattern>/dashboard.jsp</url-pattern>
       <http-method>HEAD</http-method>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       <http-method>PUT</http-method>
       <http-method>DELETE</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>service_mgr</role-name>
       </auth-constraint>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/login.jsp</form-login-page>
       <form-error-page>/logoff.jsp</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-role>
       <description>Service Manager role</description>
       <role-name>service_mgr</role-name>
       </security-role>


      jboss-web.xml
      <jboss-web>
       <security-domain>java:/jaas/overdrive</security-domain>
      
       <class-loading java2ClassLoadingCompliance="false">
       <loader-repository>
       sf:loader=sf.war
       <loader-repository-config>java2ParentDelegation=false</loader-repository-config>
       </loader-repository>
       </class-loading>
      
      </jboss-web>


      login.jsp
      <form action="<%=request.getContextPath()%>/j_security_check" method="POST">
       User: <input type="text" name="j_username" ><br>
       Password: <input type="password" name="j_password" ><br>
       <input type="submit" value="Submit" />
       </form>


      Dump:
      07:15:28,302 ERROR [JaasSecurityManagerService] Failed to create sec mgr
      java.lang.NullPointerException
       at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:534)
       at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
       at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
       at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
       at $Proxy48.lookup(Unknown Source)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      07:15:28,302 ERROR [JBossSecurityMgrRealm] Error during authenticate
      javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null]
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1052)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
       at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
       at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
       at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.naming.NamingException: Failed to create sec mgr:null
       at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:547)
       at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514)
       at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66)
       at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611)
       at $Proxy48.lookup(Unknown Source)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701)
       at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572)
       at javax.naming.InitialContext.lookup(InitialContext.java:351)
       at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046)
       ... 15 more


        • 1. Re: Simple JAAS Configuration ?
          Ashwin Kumar Karkala Newbie

          have you made an entry in the login-config.xml for the overdrive security domain?

          • 2. Re: Simple JAAS Configuration ?
            Curtis Bergeron Newbie

            Yes, here is what is currently contained in the login-config.xml file. I think everything is configured correctly but issue still persists.

            <policy>
            <application-policy name="overdrive">
             <authentication>
             <login-module code="com.kadt.security.LoginModule" flag="required">
             <module-option name="url">jdbc:sapdb://localhost/dms?sqlmode=ORACLE</module-option>
             <module-option name="driverClass">com.sap.dbtech.jdbc.DriverSapDB</module-option>
             <module-option name="debug">true</module-option>
             <module-option name="ignorePasswordCase">false</module-option>
             </login-module>
             <login-module code="org.jboss.security.ClientLoginModule" flag="required"></login-module>
             </authentication>
             </application-policy>
            </policy>


            • 3. Re: Simple JAAS Configuration ?
              Jyhder Lin Newbie

              Wonder if this issue is already solved? I am having the same problem from my custom login module (throwing out same exceptions). However, I am doing it in a more complicated environment. My ear project contains 4 war files. This problem does not exist if I only include single war file in the ear project. If I don't use the custom login module, this problem does not exist either.

              The definition of the security domain defined in JBoss login-config.xml is:

              <application-policy name="alcxweb2">

              <login-module code="com.lmco.alc.security.server.ext.jboss.DBLoginModule" flag="required">
              <module-option name="dsJndiName">java:/ALCXWEB</module-option>
              <module-option name="hashAlgorithm">MD5</module-option>
              <module-option name="hashEncoding">base64</module-option>
              <module-option name="principalsQuery">
              select Password, PasswordUpdateDate from Users where username=?
              </module-option>
              <module-option name="rolesQuery">
              select r.RoleName, 'Roles' as 'Roles' from Roles r JOIN UserRoles ur ON r.RoleID = ur.RoleID JOIN Users u ON u.UserID = ur.UserID WHERE u.UserName = ?
              </module-option>
              </login-module>

              </application-policy>

              The jboss-web.xml file in the war file is:

              <?xml version="1.0" encoding="UTF-8"?>
              <jboss-web>
              <security-domain>java:/jaas/alcxweb2</security-domain>
              </jboss-web>

              Can someone tell me how this can happen and how to solve it? Thanks a lot.

              • 4. Re: Simple JAAS Configuration ?
                Jobby Joseph Newbie

                Hi Guys,
                I had the same problem and was fixed.

                What i did was set UseJBossWebLoader to true and Java2ClassLoadingCompliance to true. This is in the
                JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar\META-INF\jboss-service.xml

                <attribute name="Java2ClassLoadingCompliance">true</attribute>
                 <attribute name="UseJBossWebLoader">true</attribute>
                


                Jobby


                • 5. Re: Simple JAAS Configuration ?
                  Jobby Joseph Newbie

                  Also make sure that you don't have any jboss*.jar files in your war. I actually removed the jboss*.jar files from my deployment and that worked like a charm. So i reverted the changes i mentioned to the jboss-service.xml.
                  Mr.Scott from Jboss suggested this
                  http://www.jboss.org/index.html?module=bb&op=viewtopic&t=74266


                  Jobby