2 Replies Latest reply on May 7, 2007 8:30 AM by abhayajha

    SecurityAssociaton.getSubject is null

    abhayajha Newbie

      Hi,

      We are migrating JBoss 3.2.3 to JBoss 4.0.5.GA.
      We have configured login-config.xml and jboss-service.xml for JAAS.

      configurations are as below:

      conf/login-config.xml


      <application-policy name="settlement">

      <login-module code="com.db.dcs.model.settlements.jboss.security.LdapDBLoginModule" flag="required">
      <module-option name="validatePWD">false</module-option>
      </login-module>

      </application-policy>

      conf/jboss-service.xml


      mbean code="org.jboss.security.plugins.SecurityConfig" name="jboss.security:service=SecurityConfig">
      jboss.security:service=XMLLoginConfig


      login-config.xml

      <!-- JAAS security manager and realm mapping -->
      <!-- PACO change JaasSecurityManager by JaasSecurityDomain -->


      org.jboss.security.plugins.JaasSecurityDomain



      <!-- PACO -->

      jboss.security:service=JaasSecurityManager




      default\deploy\jbossweb-tomcat55.sar\server.xml


      <!-- SSL/TLS Connector configuration using the SSL domain keystore -->






      LoginModule is invoked properly but when we try to get the subject
      by SecurityAssociation.getSubject() then subject is null.



        • 1. Re: SecurityAssociaton.getSubject is null
          Mark Sim-Smith Newbie

          I don't know specifically about your LoginModule, but to get the logged-in Subject onto the SecurityAssocation stack we need to have two login modules, one is our own custom one, and the other is the JBoss ClientLoginModule. It is the ClientLoginModule that pushes the Subject onto the SecurityAssociation stack upon commit(), and pops on logout() and abort(). Note - make sure that you set restore-login-identity to true for the ClientLoginModule otherwise you get strange behaviour upon cache timeout.

          • 2. Re: SecurityAssociaton.getSubject is null
            abhayajha Newbie

            *************
            ***URGENT***
            *************

            Hi ,
            Please help at your earliest. Below are the detailed description for tbe above.

            We have a two ear deployed in JBoss. One ear contains all EJBs. Second Ear contains war file and internally invokes EJBs.

            When my system receives (Using MDBs) messages it?s processed perfectly but when I am unable to login in web application.

            I thought during migration just I can deploy my ear files but I found some class loader problems. But when I removed all the EJB client jars from the .war/web-inf/lib, It worked.

            But login problem is still there, I believe this problem is due to JAAS/SSL configuration.


            We have a problem with JAAS in new version of JBoss-4.0.5. The same approach is working in JBoss-3.2.3 version.


            We are using customized login module and this login module is invoked properly and subject is populated

            subject.getPrivateCredentials().add(userBean);
            logger.info("Adding role '" + userBean.getRole() + "' to context");
            userRoles.addMember(new SimplePrincipal(userBean.getRole()));

            Login module returns true.

            But from action class, when we call below code subject is null.
            EntryUser user = EISDataHelper().getUser();

            signature of getUser is as below:
            public EntryUserBean getUser() throws CustodyException, RemoteException {
            Subject subj = SecurityAssociation.getSubject(); //Here subject is null(in JBoss-4.0.5.GA), while same code is running in JBoss-3.2.3
            if (subj == null) {
            logger.debug("subject is null");
            return null;
            }
            :
            :
            :
            }

            Configuration for login module in login-config.xml is as below :
            <application-policy name="settlement">

            <login-module code="com.db.dcs.model.settlements.jboss.security.LdapDBLoginModule" flag="required">
            <module-option name="validatePWD">true</module-option>
            </login-module>

            </application-policy>


            Configuration for JAAS in conf/jboss-service.xml is as below :

            <!-- ==================================================================== -->
            <!-- Security -->
            <!-- ==================================================================== -->

            jboss.security:service=XMLLoginConfig


            login-config.xml

            <!-- JAAS security manager and realm mapping -->
            <!-- change JaasSecurityManager by JaasSecurityDomain -->


            org.jboss.security.plugins.JaasSecurityDomain



            <!--JaasSecurityDomain -->

            jboss.security:service=JaasSecurityManager




            ${jboss.server.home.dir}/ssl/abc.keystore
            XYZ


            Configuration for SSL in deploy/jbossweb-tomcat55.sar/server.xml is as below :




            Configuration for security domain in deploy/settlement-webapp.ear/settlement-webapp.war/jboss-web.xml is as below :
            <jboss-web>
            <security-domain>java:/jaas/settlement</security-domain>
            </jboss-web>