1 Reply Latest reply on Feb 8, 2003 9:19 PM by David Jencks

    Invalid authentication attempt, principal=null

    pipo Newbie

      Hi all,
      I have configured a DATASOURCE to an Oracle Database using (LDAP) JASS authentication.
      When I deploy an entity bean that uses that DATASOURCE, just that exception occurs.

      11:39:36,918 WARN [ServiceController] Problem starting service jboss.j2ee:jndiName=DataEJB,service=EJB
      java.lang.SecurityException: Invalid authentication attempt, principal=null
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubject(BaseConnectionManager2.java:709)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:531)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:814)
      at org.jboss.resource.adapter.jdbc.local.LocalDataSource.getConnection(LocalDataSource.java:102)
      at org.jboss.ejb.plugins.cmp.jdbc.SQLUtil.fixTableName(SQLUtil.java:38)
      at org.jboss.ejb.plugins.cmp.jdbc.bridge.JDBCEntityBridge.(JDBCEntityBridge.java:103)
      at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.initStoreManager(JDBCStoreManager.java:397)
      at org.jboss.ejb.plugins.cmp.jdbc.JDBCStoreManager.start(JDBCStoreManager.java:339)
      at org.jboss.ejb.plugins.CMPPersistenceManager.start(CMPPersistenceManager.java:198)
      at org.jboss.ejb.EntityContainer.start(EntityContainer.java:376)
      at org.jboss.ejb.Container.invoke(Container.java:756)
      at org.jboss.ejb.EntityContainer.invoke(EntityContainer.java:1058)
      at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
      at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
      at $Proxy5.start(Unknown Source)


      Can someone help me? Very thank you.

      Here are my configuration files:

      dataDS-service.xml
      ------------------------------------
      <?xml version="1.0" encoding="UTF-8"?>


      DataRealm
      <depends optional-attribute-name="ManagedConnectionFactoryName">

      DataDS


      <config-property name="ConnectionURL" type="java.lang.String">jdbc:oracle:thin:@higgings.idecnet.com:1521:higgings</config-property>
      <config-property name="DriverClass" type="java.lang.String">oracle.jdbc.driver.OracleDriver</config-property>
      <config-property name="UserName" type="java.lang.String"/>
      <config-property name="Password" type="java.lang.String"/>


      <depends optional-attribute-name="OldRarDeployment">jboss.jca:service=RARDeployment,name=JBoss LocalTransaction JDBC Wrapper


      <depends optional-attribute-name="ManagedConnectionPool">

      0
      50
      5000
      15
      ByContainer


      <depends optional-attribute-name="CachedConnectionManager">jboss.jca:service=CachedConnectionManager
      <depends optional-attribute-name="JaasSecurityManagerService">jboss.security:service=JaasSecurityManager
      java:/TransactionManager
      jboss.jca:service=RARDeployer



      login-conf.xml
      <?xml version="1.0"?>
      <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd">


      .
      .
      .
      .
      <application-policy name="DataRealm">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://higgings.idecnet.com:389/</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="principalDNPrefix">cn=</module-option>
      <module-option name="uidAttributeID">uid</module-option>
      <module-option name="roleAttributeID">roleName</module-option>
      <module-option name="principalDNSuffix">,ou=Usuarios,o=Canterbury School,c=ES</module-option>
      <module-option name="rolesCtxDN">ou=Roles,o=Canterbury School,c=ES</module-option>
      <module-option name="principal">pipo</module-option>
      <module-option name="userName">pipo</module-option>
      <module-option name="password">pipo</module-option>
      </login-module>

      </application-policy>

        • 1. Re: Invalid authentication attempt, principal=null
          David Jencks Master

          You have to use a special LoginModule with a JCA adapter that provides a PasswordCredential. This credential is an object that includes username, password, and the ManagedConnectionFactory it applies to.

          So far no one has contributed a LDAP-based one. I suspect you would be able to easily combine the CallerIdentityLoginModule in the connector module (org.jboss.resource.security package) with the existing LDAP login module to make one that works with jca adpaters. If you do so I'd be happy if you contributed it back to JBoss: please put it in with the CallerIdentity one.

          If it's not obvious what to do, ask. (email me if I dont respond to the forum)