1 Reply Latest reply on Aug 9, 2006 4:21 AM by Michal Steller

    DatabaseServerLoginModule configuration problem

    Michal Steller Newbie

      Hi...

      I'm using JBoss 4.0.3 and I have problems with turning on JBoss security DatabaseServerLoginModule.
      I use JBoss for processing EJB remote methods using JNDI.
      ejb-jar.xml:

      <session >
       <display-name>MyEJB</display-name>
       <ejb-name>MyEJB</ejb-name>
      
       <home>myPackage.MyEJB</home>
       <remote>myPackage.remote.MyEJB</remote>
       <local-home>myPackage.home.MyEJBHome</local-home>
       <local>myPackage.home.MyEJBLocal</local>
       <ejb-class>myPackage.MyEJBBean</ejb-class>
       <session-type>Stateless</session-type>
       <transaction-type>Container</transaction-type>
      </session>

      jboss.xml:
      <jboss>
       <security-domain>java:/jaas/xxx</security-domain>
       <enterprise-beans>
       <session>
       <ejb-name>MyEJB</ejb-name>
       <jndi-name>ejb/MyEJB</jndi-name>
       <local-jndi-name>MyEJBLocal</local-jndi-name>
       <method-attributes>
       </method-attributes>
       </session>
      ...


      When the JBoss is running and I try to create LoginContext from my Eclipse project:

      public static void main(String[] args) {
       AppCallbackHandler handler = new AppCallbackHandler("username","password".toCharArray());
       System.setProperty("java.security.auth.login.config", PATH+"/auth.conf");
       LoginContext lc;
       try {
       lc = new LoginContext("xxx", handler);
       lc.login();
      ...
      

      The program fails on new LoginContext("xxx", handler);

      javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.auth.spi.DatabaseServerLoginModule
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
      


      Do I have to include any jars to my project class path?
      I have included jaas.jar, and jbossall-client.jar...

      When I try to include jbosssx.jar into my project class path I recive:
      javax.security.auth.login.LoginException: java.lang.NoClassDefFoundError:
      
      org/jboss/system/ServiceMBeanSupport
       at java.lang.ClassLoader.defineClass1(Native Method)
       at java.lang.ClassLoader.defineClass(ClassLoader.java:620)
       at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:124)
       at java.net.URLClassLoader.defineClass(URLClassLoader.java:260)
       at java.net.URLClassLoader.access$100(URLClassLoader.java:56)
       at java.net.URLClassLoader$1.run(URLClassLoader.java:195)


      Can anybody help my to resolve this problem please?

      My auth.conf:

      xxx
      {
      org.jboss.security.ClientLoginModule required;
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      unauthenticatedIdentity="guest"
      dsJndiName ="java:/MySQLDS"
      principalsQuery="SELECT PASS FROM USERS WHERE LOGIN=?"
      rolesQuery="SELECT ROLE, ROLE_GROUP FROM USER_ROLES WHERE PRINCIPAL =?"
      ;
      };
      
      client-login
      {
      org.jboss.security.ClientLoginModule required;
      };
      
      other
      {
      org.jboss.security.ClientLoginModule required;
      };


      login-config.xml:
      <application-policy name = "xxx">
       <authentication>
       <login-module code = "org.jboss.security.ClientLoginModule" flag = "required">
       </login-module>
       <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name = "unauthenticatedIdentity">guest</module-option>
       <module-option name = "dsJndiName">java:/MySQLDS</module-option>
       <module-option name = "principalsQuery">SELECT PASS FROM USERS WHERE LOGIN=?</module-option>
       <module-option name = "rolesQuery">SELECT ROLE, ROLE_GROUP FROM USER_ROLES WHERE PRINCIPAL =?</module-option>
       </login-module>
       </authentication>
      </application-policy>
      




        • 1. Re: DatabaseServerLoginModule configuration problem
          Michal Steller Newbie

          Hi all,
          When I try to use ClientLoginModule (new LoginContext("client-login", handler); ):

          public static void main(String[] args) {
           AppCallbackHandler handler = new AppCallbackHandler("username","password".toCharArray());
           System.setProperty("java.security.auth.login.config", PATH+"/auth.conf");
           LoginContext lc;
          
           try {
          
           lc = new LoginContext("client-login", handler);
          
           lc.login();
           Properties jndiProperties = new Properties();
           jndiProperties.setProperty(Context.INITIAL_CONTEXT_FACTORY, "org.jnp.interfaces.NamingContextFactory");
           jndiProperties.setProperty(Context.URL_PKG_PREFIXES, "org.jboss.naming:org.jnp.interface");
           jndiProperties.setProperty(Context.PROVIDER_URL, "jnp://localhost:1099");
          
           Context context = new InitialContext(jndiProperties);
           MyEJBHome home = (MyEJBHome)context.lookup(MyEJBHome.JNDI_NAME);
           home.create();
          ...


          I recive exception:
          java.rmi.AccessException: SecurityException; nested exception is:
           java.lang.SecurityException: Insufficient method permissions, principal=username, ejbName=MyEJB, method=create, interface=HOME, requiredRoles=[], principalRoles=null
           at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:370)
           at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:125)
           at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:93)
           at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:613)
           at org.jboss.ejb.Container.invoke(Container.java:894)
          


          DatabaseServerLoginModule don't assign principalRoles to principal=username. The user has principalRoles=null.

          Can anybody help me pls.

          Thanks.