3 Replies Latest reply on Apr 22, 2004 7:26 AM by Steve Lewis

    Jaas Login module problem

    leondavis Newbie

      I am trying to have authenticated logins to my system.

      I have a database setup code, I am using hypersonic, which populates the database with necessary roles and users. From then my code uses the database to authenticate users atempting to login. I had been having a problem with the DatabaseServerLoginModule, as when I logged in users they were logging in but when they tried to perform some EJB operation I got a Security Exceptions, "principal=null" appearing.
      This is a problem that seems to have occured many times in these forums, however there was only one post that I found that actually fixed things for me. I have replied with a further question to this post, but as it was raised some months ago, I am not sure that I am going to get a reply anytime soon and I am in quite desperate need of a fix as what I am doing is part of an assessed project for my final year in Univerisity.

      The post in queston can be found at the following link:

      It advised that in adition to needing the DatabaseServerLoginModule in the defined aplication policy that also the ClientLoginModule was needed.
      This has indeed fixed my problem as far as database authentication is concerned. However now that this is in my policy and so in my login-config.xml the aplication polocy "client-login" no longer works(I recieve Authentication exception, principal=null messages again) this is what I was using for my database setup code. Removing the fix means that the client-login policy works once more, but this is no good to me.

      Here is what I added to my aplication policy:

      <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module>

      and as a result my aplication policy looks like this:
      <application-policy name="bank">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
      <module-option name="dsJndiName">java:/DefaultDS</module-option>
      <module-option name="principalsQuery">select PASSWORD from USEREJB where USERNAME=?</module-option>
      <module-option name="rolesQuery">select ROLESEJB,'Roles' from USEREJB_ROLES_ROLESEJB_USER where USEREJB=?</module-option>
      <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> </login-module>


      Having added in the above lines client-login no longer works:

      <application-policy name = "client-login">

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">


      I am pretty new to all of this so be gentle, and I am sure that there is something blindingly obvious for why it is not working, I just can't see it. Therfore I look to anyone that can give me the answer :)

      If I need to post any more information then just say.

      Many thanks,

      p.s. I am using Jboss 3.2.3

        • 1. Re: Jaas Login module problem
          leondavis Newbie

          Sorry to seem like a pain, but has anyone had a chance to consider the problem that I have raised in the message above this one? I still have not solved my problem and would really apreciate some help.

          Many thanks,

          • 2. Re: Jaas Login module problem
            Richard Barrington Newbie

            Without seeing your app, it's hard to say too much about exactly what's wrong. I'll hazard a guess and say that the error is accurate though. Maybe client login is ok, but you haven't created a callback handler and login context to use - it's saying null principal because you haven't given it one? The client doesn't do much, as the authentication is done by another module (often the DB module), it mostly just holds the username and password for when the server asks for it.

            I'm also a relative newb to this, so anyone can feel free to correct me if I'm wrong.

            • 3. Re: Jaas Login module problem
              Steve Lewis Expert

              Do you have the jsp/servlets and the ejb secured with a role? I saw a similar error recently when I forgot to log my user in.