7 Replies Latest reply on Oct 31, 2008 11:52 AM by Micah Cleveland

    SimplePrincipal ClassCastException

    Micah Cleveland Newbie

      I am trying to use a custom Princpal class with my custom JAAS LoginModule. I am doing programmatic authentication and thus using Jboss' WebAuthentication class. My LoginModule extends AbstractServerLoginModule. When declaring my login module within login-config.xml I added <module-option name="principalClassName"> and referenced my custom login module.

      When I try to cast to my custom type I get a classcastexception. If anyone knows what I may be doing wrong, please advice. I would greatly appreciate it.

        • 1. Re: SimplePrincipal ClassCastException
          Ragav Gomatam Novice

          ClassCastException implies that the class was loaded by different classloader.
          and you are trying to cast a class loaded by different classloader..How did you package and deploy the class ?

          • 2. Re: SimplePrincipal ClassCastException
            Micah Cleveland Newbie

            I packaged my custom Principal, lets call it, "MyCustomPrincipal" and MyCustomLoginModule within the WAR file containing my web application. I figured as long as it's in the class path it should be fine.

            Within the MyCustomLoginModule when I call request.getPrincipal after authentication and cast it to MyCustomPrincipal. I get the classcast because some kind of way It is returning a JBoss simple principal. Even though I configured my login module to have a MyCustomPrincipal.

            • 3. Re: SimplePrincipal ClassCastException
              Ragav Gomatam Novice

              Try this :- (1) JAR the following classes MyCustomPrincipal and MyCustomLoginModule .
              (2) Put the JAR in $HOME/server/default/lib.
              (3) Modify the run.sh or run.bat to pick up this JAR in its classpath.
              (4) Remove these classes from your WAR.

              This way, the module and its customPrincipal are in the server's CLASSLOADER and not in the WAR's CLASSLOADER. Remember, the JAAS module is used for securing all applications that run on the Server & not individual web application

              (5) Now the casting should work.

              • 4. Re: SimplePrincipal ClassCastException
                Micah Cleveland Newbie

                Moving my LoginModule to a seperate JAR still does not work. I have one correction. The classcastexception does not occur in the CustomLoginModule. It occurs in a servlet(spring controller) that has access to the httprequest object.

                The following calls: request.getUserPrincipal().getClass() returns an object of type: org.jboss.security.SimplePrincipal

                Where as I am expecting my custom class. I have updated login-config as follows:

                <application-policy name = "xxx-Domain">

                <login-module code="xxx.xxx.CustomLoginModule"
                flag = "required">
                <module-option name="principalClassName">
                xxx.xxx.CustomPrincipal
                </module-option>
                <module-option name="principalClass">
                xxx.xxx.CustomPrincipal
                </module-option>
                </login-module>

                </application-policy>

                I am also using JBoss' WebAuthentication class to have JAAS authentication work with programmatic security.

                • 5. Re: SimplePrincipal ClassCastException
                  Ragav Gomatam Novice

                   

                  The classcastexception does not occur in the CustomLoginModule. It occurs in a servlet(spring controller) that has access to the httprequest object.


                  This means that the CustomPrincipal is located in 2 places. May be in your WEB-INF/lib or WEB-INF/classes. Get rid of that. The jar containing your login module and CustomPrincipal should be in the server classpath, visible to Server Classloader. This indicates your class is being picked up by 2 classloaders

                  • 6. Re: SimplePrincipal ClassCastException
                    Ragav Gomatam Novice

                    Also why do you have your login-config.xml have 2 entires as below ? Shouldn't there be one entry ? Please also check your login Module to make sure you are instantiating your CustomPrincipal as opposed to Jboss SimplePrincipal

                    <module-option name="principalClassName">
                    xxx.xxx.CustomPrincipal
                    </module-option>
                    <module-option name="principalClass">
                    xxx.xxx.CustomPrincipal


                    • 7. Re: SimplePrincipal ClassCastException
                      Micah Cleveland Newbie

                      The extra module option was just experimination. A forum that I went to had principalClassName instead of principalClass.

                      I was able to figure out my problem using the following URL:

                      http://www.jboss.org/community/docs/DOC-12517

                      Group customGroup = new SimpleGroup("CallerPrincipal");
                      customGroup.addMember(getIdentity()); where get Identity returns the principal that i want to be at request.getUserPrincipal().

                      The URL read:

                      "You can also include a custom principal by using code from a login module. A custom principal must be installed under the Subject using a java.security.acl.group named "CallerPrincipal" with the sole group member being the custom "

                      I oringinally took "also" to mean not required and that I can use just the module-option. But that didnt work.