3 Replies Latest reply on Sep 13, 2006 9:27 AM by Mark P Ashworth

    JAAS Active Directory Login Obscure Serialization Error

    Richard Schuller Newbie

      jboss version: 4.0.4 GA

      I have a Swing Rich Client implementing JAAS and invoking EJB3 stateless session beans. The session beans are secured against Active Directory.

      Whenever I enter bad credentials an exception thrown, which is expected. The side effect serialization exception is not.

      What is the meaning LdapCtx not being serializable? It is more of an annoyance since the behaviour on the client is not affected.
      I do not recall getting this error in previous versions of JBOSS, although I will verify.

      2006-05-17 09:11:40,656 DEBUG [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=dd
      javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09030B, comment: AcceptSecurityContext error, data 525, v893 ]
      at com.sun.jndi.ldap.LdapCtx.mapErrorCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.processReturnCode(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.connect(Unknown Source)
      at com.sun.jndi.ldap.LdapCtx.(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(Unknown Source)
      at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(Unknown Source)
      at javax.naming.spi.NamingManager.getInitialContext(Unknown Source)
      at javax.naming.InitialContext.getDefaultInitCtx(Unknown Source)
      at javax.naming.InitialContext.init(Unknown Source)
      at javax.naming.ldap.InitialLdapContext.(Unknown Source)
      at org.jboss.security.auth.spi.LdapLoginModule.createLdapInitContext(LdapLoginModule.java:307)
      at org.jboss.security.auth.spi.LdapLoginModule.validatePassword(LdapLoginModule.java:239)
      at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:210)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.invoke(Unknown Source)
      at javax.security.auth.login.LoginContext.access$000(Unknown Source)
      at javax.security.auth.login.LoginContext$4.run(Unknown Source)
      at java.security.AccessController.doPrivileged(Native Method)
      at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
      at javax.security.auth.login.LoginContext.login(Unknown Source)
      at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
      at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
      at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
      at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:121)
      at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:67)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
      at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
      at org.jboss.ejb3.stateless.StatelessContainer.dynamicInvoke(StatelessContainer.java:225)
      at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
      at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
      at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
      at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
      at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
      at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
      at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
      2006-05-17 09:11:40,734 ERROR [org.jboss.remoting.transport.socket.ServerThread] failed
      java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteObject(Unknown Source)
      at java.lang.Throwable.writeObject(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at java.io.ObjectStreamClass.invokeWriteObject(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteObject(Unknown Source)
      at java.lang.Throwable.writeObject(Unknown Source)
      at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
      at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
      at java.lang.reflect.Method.invoke(Unknown Source)
      at java.io.ObjectStreamClass.invokeWriteObject(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.defaultWriteFields(Unknown Source)
      at java.io.ObjectOutputStream.writeSerialData(Unknown Source)
      at java.io.ObjectOutputStream.writeOrdinaryObject(Unknown Source)
      at java.io.ObjectOutputStream.writeObject0(Unknown Source)
      at java.io.ObjectOutputStream.writeObject(Unknown Source)
      at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.sendObject(JavaSerializationManager.java:81)
      at org.jboss.remoting.marshal.serializable.SerializableMarshaller.write(SerializableMarshaller.java:84)
      at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:381)
      at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
      at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
      2006-05-17 09:11:40,750 DEBUG [org.jboss.remoting.transport.socket.ServerThread] begin thread wait


      Client jaas.config

      allora-server {
       org.jboss.security.ClientLoginModule required debug=true;
      };
      



      Server login-config.xml

       <application-policy name="xyz">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
       <module-option name="java.naming.provider.url">ldap://ad/</module-option>
       <module-option name="rolesCtxDN">cn=Users,dc=xty,dc=aaa,dc=com</module-option>
       <module-option name="matchOnUserDN">false</module-option>
       <module-option name="principalDNSuffix">@zxx.vv.com</module-option>
       <module-option name="uidAttributeID">sAMAccountName</module-option>
       <module-option name="roleAttributeID">memberOf</module-option>
       <module-option name="roleAttributeIsDN">true</module-option>
       </login-module>
       </authentication>
       </application-policy>