1 Reply Latest reply on Jun 5, 2007 10:51 AM by Konstantin Larionov

    Unable to implement custom LoginModule example

    Konstantin Larionov Newbie

      Hello,

      Probably, it is stupid problem, but I am unable to resole it myself :(

      I was going to implement very simple custom LoginModule in my web app discussed in section 8.4.7.2. 'A Custom LoginModule Example' of 'The JBoss 4 Application Server Guide' book published at http://docs.jboss.org/jbossas/jboss4guide/r4/html/index.html

      The following actions were done

      1. jboss.xml file with the following content was put to WEB-INF directory of my web app:

      <?xml version="1.0" encoding="ISO-8859-1"?>
      <jboss>
       <security-domain>java:/jaas/My_web_security</security-domain>
      </jboss>

      2. login-config.xml file with the following content was put to WEB-INF directory of my web app:
      <policy>
       <application-policy name = "My_web_security">
       <authentication>
       <login-module code="com.mydomain.web.security.JbossLoginModule" flag="required">
       <module-option name = "userPathPrefix">/security/store/password</module-option>
       <module-option name = "rolesPathPrefix">/security/store/roles</module-option>
       </login-module>
       </authentication>
       </application-policy>
      </policy>

      3. The following security constraints were added into web.xml file
      <login-config>
       <auth-method>FORM</auth-method>
       <form-login-config>
       <form-login-page>/pages/common/login.htm</form-login-page>
       <form-error-page>/pages/common/loginerror.htm</form-error-page>
       </form-login-config>
       </login-config>
      
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>MY_RESTRICTED</web-resource-name>
       <url-pattern>/pages/secure/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>MY_SYSADMIN</role-name>
       <role-name>MY_LOADER</role-name>
       <role-name>MY_DEFAULT</role-name>
       </auth-constraint>
       </security-constraint>
      
       <security-role>
       <role-name>MY_SYSADMIN</role-name>
       </security-role>
       <security-role>
       <role-name>MY_LOADER</role-name>
       </security-role>
       <security-role>
       <role-name>MY_DEFAULT</role-name>
       </security-role>

      4. The following login module was created in my web app:
      package com.mydomain.web.security;
      
      import java.security.acl.Group;
      import java.util.Map;
      import javax.security.auth.Subject;
      import javax.security.auth.callback.CallbackHandler;
      import javax.security.auth.login.LoginException;
      
      import org.jboss.security.SimpleGroup;
      import org.jboss.security.SimplePrincipal;
      import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
      
      /**
       * An example custom login module.
      */
      public class JbossLoginModule extends UsernamePasswordLoginModule {
       private String userPathPrefix;
       private String rolesPathPrefix;
      
       /**
       * Override to obtain the userPathPrefix and rolesPathPrefix options.
       */
       public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
       {
       super.initialize(subject, callbackHandler, sharedState, options);
       userPathPrefix = (String) options.get("userPathPrefix");
       rolesPathPrefix = (String) options.get("rolesPathPrefix");
       }
      
       /**
       * Get the roles the current user belongs to.
       */
       protected Group[] getRoleSets() throws LoginException
       {
       String rolesPath = rolesPathPrefix + '/' + super.getUsername();
       String[] roles = {"MY_SYSADMIN", "MY_LOADER", "MY_DEFAULT"};
       Group[] groups = {new SimpleGroup("Roles")};
      
       for(int r = 0; r < roles.length; r ++)
       {
       SimplePrincipal role = new SimplePrincipal(roles[r]);
       groups[0].addMember(role);
       }
      
       return groups;
       }
      
       /**
       * Get the password of the current user.
       */
       protected String getUsersPassword() throws LoginException
       {
       String userPath = userPathPrefix + '/' + super.getUsername();
       String passwd = "1";
      
       return passwd;
       }
      }

      5. login.htm and loginerror.htm pages were created

      Unfortunately, after deployment on JBOSS, the following exception is raised when username and password is submitted:

      14:42:39,116 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
      java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager cannot be cast to org.jboss.security.SubjectSecurityManager
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
       at java.lang.Thread.run(Thread.java:619)


      I tried to find something in Google about this error, but found nothing.

      Can anyone help me?


      JBOSS [Trinity] 4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440) is used.