2 Replies Latest reply on Feb 13, 2006 2:05 AM by Dan Berke

    JaasSecurityManager.getActiveSubject(); retruns null

    Dan Berke Newbie

      Hello,
      Im upgrading Jboss from (3.2.3+jetty) to JBoss 4.02
      I have the following code, which worked fine, but not any more:

      try {
      JaasSecurityManager manager = (JaasSecurityManager) m_ctx.lookup("java:/jaas/" + policy);
      final char[] passwordChar = password.toCharArray();
      Principal user = new SimplePrincipal(userName);
      if (manager.isValid(user, passwordChar)) {
      Subject subject = manager.getActiveSubject();
      SecurityAssociation.setCredential(passwordChar);
      SecurityAssociation.setPrincipal(user);
      SecurityAssociation.setSubject(subject);
      request.getSession().setAttribute(__J_AUTHENTICATED, user);
      request.getSession().setAttribute("j_subject", subject);
      request.setAttribute("j_subject", subject);
      return true;
      ...

      The manager returns null in getActiveSubject();

      I have added the trace for security in log4j.xml

      and this is my TRACE;

      2006-02-09 20:41:04,282 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1139517664282 sessioncount 1
      2006-02-09 20:41:04,282 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 3CB6FD586FAB1C602148BD4D48D2322E
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /danbe
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[all]' against POST /danbe --> false
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint
      2006-02-09 20:41:27,636 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] getResourceAsStream(META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findResource(META-INF/services/org.apache.xerces.xni.parser.XMLParserConfiguration)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Resource not found, returning null
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader unconditionally java.net.FactoryURLClassLoader@157011e
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Returning stream from parent
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.xerces.parsers.XML11Configuration, false)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.xerces.parsers.XML11Configuration)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.xerces.parsers.XML11Configuration)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@157011e
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl, false)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.apache.xerces.impl.dv.dtd.DTDDVFactoryImpl)
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@157011e
      2006-02-09 20:41:27,636 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
      2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] Begin isValid, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1ac9cff[Subject(24589693).principals=[dan, Roles(members:Purchaser,Controler,everyone,dan)],credential.class=[C@138093,expirationTime=1139519417914]
      2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1ac9cff[Subject(24589693).principals=[dan, Roles(members:Purchaser,Controler,everyone,dan)],credential.class=[C@138093,expirationTime=1139519417914];credential.class=[C@138093
      2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] End validateCache, isValid=true
      2006-02-09 20:41:31,762 TRACE [org.jboss.security.plugins.JaasSecurityManager.myapp] End isValid, true
      2006-02-09 20:41:33,314 TRACE [org.jboss.security.SecurityAssociation] setPrincipal, p=dan, server=true
      2006-02-09 20:41:33,314 TRACE [org.jboss.security.SecurityAssociation] setSubject, s=null, server=true
      2006-02-09 20:41:34,777 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
      2006-02-09 20:41:34,777 TRACE [org.jboss.security.SecurityAssociation] clear, server=true



      Can any one tell me If and where I was worng in the upgrade?
      Is it a tomcat issue?

      Thanks in advance,
      Dan Berke

      danbe@answers.com