1 Reply Latest reply on Jun 5, 2007 10:51 AM by kenfrommera

Unable to implement custom LoginModule example

kenfrommera Jun 5, 2007 7:26 AM

Hello,

Probably, it is stupid problem, but I am unable to resole it myself :(

I was going to implement very simple custom LoginModule in my web app discussed in section 8.4.7.2. 'A Custom LoginModule Example' of 'The JBoss 4 Application Server Guide' book published at http://docs.jboss.org/jbossas/jboss4guide/r4/html/index.html

The following actions were done

1. jboss.xml file with the following content was put to WEB-INF directory of my web app:

<?xml version="1.0" encoding="ISO-8859-1"?>
<jboss>
 <security-domain>java:/jaas/My_web_security</security-domain>
</jboss>

2. login-config.xml file with the following content was put to WEB-INF directory of my web app:

<policy>
 <application-policy name = "My_web_security">
 <authentication>
 <login-module code="com.mydomain.web.security.JbossLoginModule" flag="required">
 <module-option name = "userPathPrefix">/security/store/password</module-option>
 <module-option name = "rolesPathPrefix">/security/store/roles</module-option>
 </login-module>
 </authentication>
 </application-policy>
</policy>

3. The following security constraints were added into web.xml file

<login-config>
 <auth-method>FORM</auth-method>
 <form-login-config>
 <form-login-page>/pages/common/login.htm</form-login-page>
 <form-error-page>/pages/common/loginerror.htm</form-error-page>
 </form-login-config>
 </login-config>

 <security-constraint>
 <web-resource-collection>
 <web-resource-name>MY_RESTRICTED</web-resource-name>
 <url-pattern>/pages/secure/*</url-pattern>
 </web-resource-collection>
 <auth-constraint>
 <role-name>MY_SYSADMIN</role-name>
 <role-name>MY_LOADER</role-name>
 <role-name>MY_DEFAULT</role-name>
 </auth-constraint>
 </security-constraint>

 <security-role>
 <role-name>MY_SYSADMIN</role-name>
 </security-role>
 <security-role>
 <role-name>MY_LOADER</role-name>
 </security-role>
 <security-role>
 <role-name>MY_DEFAULT</role-name>
 </security-role>

4. The following login module was created in my web app:

package com.mydomain.web.security;

import java.security.acl.Group;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.login.LoginException;

import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

/**
 * An example custom login module.
*/
public class JbossLoginModule extends UsernamePasswordLoginModule {
 private String userPathPrefix;
 private String rolesPathPrefix;

 /**
 * Override to obtain the userPathPrefix and rolesPathPrefix options.
 */
 public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
 {
 super.initialize(subject, callbackHandler, sharedState, options);
 userPathPrefix = (String) options.get("userPathPrefix");
 rolesPathPrefix = (String) options.get("rolesPathPrefix");
 }

 /**
 * Get the roles the current user belongs to.
 */
 protected Group[] getRoleSets() throws LoginException
 {
 String rolesPath = rolesPathPrefix + '/' + super.getUsername();
 String[] roles = {"MY_SYSADMIN", "MY_LOADER", "MY_DEFAULT"};
 Group[] groups = {new SimpleGroup("Roles")};

 for(int r = 0; r < roles.length; r ++)
 {
 SimplePrincipal role = new SimplePrincipal(roles[r]);
 groups[0].addMember(role);
 }

 return groups;
 }

 /**
 * Get the password of the current user.
 */
 protected String getUsersPassword() throws LoginException
 {
 String userPath = userPathPrefix + '/' + super.getUsername();
 String passwd = "1";

 return passwd;
 }
}

5. login.htm and loginerror.htm pages were created

Unfortunately, after deployment on JBOSS, the following exception is raised when username and password is submitted:

14:42:39,116 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager cannot be cast to org.jboss.security.SubjectSecurityManager
 at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
 at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
 at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
 at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
 at java.lang.Thread.run(Thread.java:619)

I tried to find something in Google about this error, but found nothing.

Can anyone help me?

JBOSS [Trinity] 4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440) is used.

1. Re: Unable to implement custom LoginModule example

kenfrommera Jun 5, 2007 10:51 AM (in response to kenfrommera)

Looks like everything written above was big mistake:

In order to make this example working I had to:

1. Rename jboss.xml to jboss-web.xml.
2. Remove login-config.xml file from WEB-INF and put its content into jboss\server\default\conf\login-config.xml file.

As for exception, root cause of it was in improper jbosssx.jar import into IDE (it was put into WEB-INF\lib\ directory).
Actions