2 Replies Latest reply on Aug 20, 2009 10:57 AM by Kapil Nayar

    RMIAdaptor and JAAS

    Tom Robins Newbie

      I'm trying to configure JAAS for a remote client calling MBeans via RMIAdaptor server. I'm using DatabaseServerLoginModule for authentication with a DB. This module was tested and works fine for session beans (using LoginContext). Looking through the logs, I can see that the correct security domain module is being invoked (in my case that's the DatabaseServerLoginModule) and that the DB call is made to get the userId. However, it looks like the credencial field is empty and the authentication process fails. Here are the relevent traces from the log:

      2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Begin isValid, cache info: null
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(kyoto), size=9
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(kyoto), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.auth.spi.DatabaseServerLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:name=rolesQuery, value=select roles, 'Roles' from users where userId=?
      name=principalsQuery, value=select password 'Password' from users where userId=?
      name=unauthenticatedIdentity, value=guest
      name=dsJndiName, value=java:/kyotoDS
      
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] initialize
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] Saw unauthenticatedIdentity=guest
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] DatabaseServerLoginModule, dsJndiName=java:/kyotoDS
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] principalsQuery=select password 'Password' from users where userId=?
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] rolesQuery=select roles, 'Roles' from users where userId=?
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] login
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.auth.spi.DatabaseServerLoginModule] abort
      2005-09-24 13:12:43,605 TRACE [org.jboss.security.plugins.JaasSecurityManager.kyoto] Login failure
      javax.security.auth.login.FailedLoginException: No matching username found in Principals
      at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:111)
      



      and here's the client code:

      env.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jboss.security.jndi.LoginInitialContextFactory");
      env.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099/");
      env.setProperty(Context.SECURITY_CREDENTIALS, "userName");
      env.setProperty(Context.SECURITY_PRINCIPAL, "1");
      env.setProperty(Context.SECURITY_PROTOCOL, "kyoto");
      
      try {
       setAuthConfig(AUTH_CONFIG); // using ClientLoginModule
       InitialContext ctx = new InitialContext(env);
       RMIAdaptor server = (RMIAdaptor) ctx.lookup("jmx/rmi/RMIAdaptor");
       server.getDomains(); // failure
      }
      .
      .
      .
      


      I'm sure, being a complete JBoss newb (with full 48 hours worth of experience :), I've missed something obvious. However I couldn't find a good example, which uses both JMX invoker service with security domains on a remote client (SWT in my case).