Unable to implement custom LoginModule example
kenfrommera Jun 5, 2007 7:26 AMHello,
Probably, it is stupid problem, but I am unable to resole it myself :(
I was going to implement very simple custom LoginModule in my web app discussed in section 8.4.7.2. 'A Custom LoginModule Example' of 'The JBoss 4 Application Server Guide' book published at http://docs.jboss.org/jbossas/jboss4guide/r4/html/index.html
The following actions were done
1. jboss.xml file with the following content was put to WEB-INF directory of my web app:
<?xml version="1.0" encoding="ISO-8859-1"?> <jboss> <security-domain>java:/jaas/My_web_security</security-domain> </jboss>
2. login-config.xml file with the following content was put to WEB-INF directory of my web app:
<policy> <application-policy name = "My_web_security"> <authentication> <login-module code="com.mydomain.web.security.JbossLoginModule" flag="required"> <module-option name = "userPathPrefix">/security/store/password</module-option> <module-option name = "rolesPathPrefix">/security/store/roles</module-option> </login-module> </authentication> </application-policy> </policy>
3. The following security constraints were added into web.xml file
<login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/pages/common/login.htm</form-login-page> <form-error-page>/pages/common/loginerror.htm</form-error-page> </form-login-config> </login-config> <security-constraint> <web-resource-collection> <web-resource-name>MY_RESTRICTED</web-resource-name> <url-pattern>/pages/secure/*</url-pattern> </web-resource-collection> <auth-constraint> <role-name>MY_SYSADMIN</role-name> <role-name>MY_LOADER</role-name> <role-name>MY_DEFAULT</role-name> </auth-constraint> </security-constraint> <security-role> <role-name>MY_SYSADMIN</role-name> </security-role> <security-role> <role-name>MY_LOADER</role-name> </security-role> <security-role> <role-name>MY_DEFAULT</role-name> </security-role>
4. The following login module was created in my web app:
package com.mydomain.web.security; import java.security.acl.Group; import java.util.Map; import javax.security.auth.Subject; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.login.LoginException; import org.jboss.security.SimpleGroup; import org.jboss.security.SimplePrincipal; import org.jboss.security.auth.spi.UsernamePasswordLoginModule; /** * An example custom login module. */ public class JbossLoginModule extends UsernamePasswordLoginModule { private String userPathPrefix; private String rolesPathPrefix; /** * Override to obtain the userPathPrefix and rolesPathPrefix options. */ public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options) { super.initialize(subject, callbackHandler, sharedState, options); userPathPrefix = (String) options.get("userPathPrefix"); rolesPathPrefix = (String) options.get("rolesPathPrefix"); } /** * Get the roles the current user belongs to. */ protected Group[] getRoleSets() throws LoginException { String rolesPath = rolesPathPrefix + '/' + super.getUsername(); String[] roles = {"MY_SYSADMIN", "MY_LOADER", "MY_DEFAULT"}; Group[] groups = {new SimpleGroup("Roles")}; for(int r = 0; r < roles.length; r ++) { SimplePrincipal role = new SimplePrincipal(roles[r]); groups[0].addMember(role); } return groups; } /** * Get the password of the current user. */ protected String getUsersPassword() throws LoginException { String userPath = userPathPrefix + '/' + super.getUsername(); String passwd = "1"; return passwd; } }
5. login.htm and loginerror.htm pages were created
Unfortunately, after deployment on JBOSS, the following exception is raised when username and password is submitted:
14:42:39,116 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager cannot be cast to org.jboss.security.SubjectSecurityManager at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:619)
I tried to find something in Google about this error, but found nothing.
Can anyone help me?
JBOSS [Trinity] 4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440) is used.