[jboss-user] Issue with JAAS
Claudemir Ferreira Franco
Claudemir.Franco at b2br.com.br
Tue Sep 18 15:53:30 EDT 2007
Hi guys,
I have many applications with use JAAS. When the client invoke Action
"login", I get the following error:
2007-09-13 09:19:05,510 DEBUG
[AgendaCorporativa.model.br.com.xxx.fwp.control.LoginAction] execute() -
action: LOGIN
2007-09-13 09:19:05,520 DEBUG
[AgendaCorporativa.model.br.com.xxxx.fwp.control.LoginAction] execute()
- voTela: {action=LOGIN, j_username=,
excluirMultiplos=[Ljava.lang.String;@1614ee3, page=1, j_password=}
2007-09-13 09:19:05,535 ERROR
[AgendaCorporativa.model.br.com.xxxx.fwp.control.LoginAction]
jboss.security:service=JaasSecurityManager
javax.management.InstanceNotFoundException:
jboss.security:service=JaasSecurityManager
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.getMBean(DefaultMB
eanServerInterceptor.java:1010)
at
com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBea
nServerInterceptor.java:804)
at
com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at
br.com.unimed.fwp.control.LoginAction.doActionLogIn(LoginAction.java:198
)
above the partial code the my application and login-config.xml
String domain = "jmx-console";
Principal user = new FwpPrincipal(login, null);
ObjectName jaasMgr = new ObjectName(
"jboss.security:service=JaasSecurityManager");
Object[] params = { domain, user };
String[] signature = { "java.lang.String",
Principal.class.getName() };
MBeanServer server = (MBeanServer)
MBeanServerFactory.findMBeanServer(
null).get(0);
server.invoke(jaasMgr,
"flushAuthenticationCache", params, signature);
JaasSecurityManager jaas = (JaasSecurityManager)
ServiceLocator
.getInstance().getService("java:/jaas/fwp-security");
jaas.flushCache();
login-config.xml:
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.
The outline of the application-policy is:
<application-policy name="security-domain-name">
<authentication>
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>
<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</authentication>
</application-policy>
$Revision: 1.12.2.2 $
-->
<policy>
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name = "client-login">
<authentication>
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</authentication>
</application-policy>
<application-policy name="fwp-security">
<authentication>
<login-module
code="org.jboss.security.ClientLoginModule" flag="required"
>
</login-module>
<login-module
code="br.com.unimed.fwp.security.loginmodule.FwpLoginModule
" flag="required">
</login-module>
</authentication>
</application-policy>
<!-- Security domain for JBossMQ -->
<application-policy name = "jbossmq">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name =
"unauthenticatedIdentity">guest</module-option>
<module-option name =
"dsJndiName">java:/mysql-jbossdb</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM
JMS_USERS WHERE USERID=?<
/module-option>
<module-option name = "rolesQuery">SELECT ROLEID, 'Roles'
FROM JMS_ROLES WHERE USERI
D=?</module-option>
</login-module>
</authentication>
</application-policy>
<!-- Security domain for JBossMQ when using file-state-service.xml
<application-policy name = "jbossmq">
<authentication>
<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name =
"unauthenticatedIdentity">guest</module-option>
<module-option name =
"sm.objectname">jboss.mq:service=StateManager</module-option>
</login-module>
</authentication>
</application-policy>
-->
<!-- Security domains for testing new jca framework -->
<application-policy name = "HsqlDbRealm">
<authentication>
<login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name =
"managedConnectionFactoryName">jboss.jca:service=LocalTxCM,nam
e=DefaultDS</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name = "JmsXARealm">
<authentication>
<login-module code =
"org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name =
"managedConnectionFactoryName">jboss.jca:service=TxCM,name=Jms
XA</module-option>
</login-module>
</authentication>
</application-policy>
<!-- A template configuration for the jmx-console web application.
This
defaults to the UsersRolesLoginModule the same as other and should
be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "jmx-console">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">props/jmx-console-users.properties</module-optio
n>
<module-option
name="rolesProperties">props/jmx-console-roles.properties</module-optio
n>
</login-module>
</authentication>
</application-policy>
<!-- A template configuration for the web-console web application.
This
defaults to the UsersRolesLoginModule the same as other and should
be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "web-console">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option
name="usersProperties">web-console-users.properties</module-option>
<module-option
name="rolesProperties">web-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
<!-- A template configuration for the JBossWS web application (and
transport layer!).
This defaults to the UsersRolesLoginModule the same as other and should
be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="JBossWS">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option
name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
<!-- The default login configuration used by any security domain
that
does not have a application-policy entry with a matching name
-->
<application-policy name = "other">
<!-- A simple server login module, which can be used when the
number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password
(value).
roles.properties, which holds users (key) and a comma-separated
list of
their roles (value).
The unauthenticatedIdentity property defines the name of the
principal
that will be used when a null username and password are presented
as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</authentication>
</application-policy>
<!-- Modulo de autenticacao especifico do chat -->
The unauthenticatedIdentity property defines the name of the
principal
that will be used when a null username and password are presented
as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</authentication>
</application-policy>
<!-- Modulo de autenticacao especifico do chat -->
<application-policy name="fwp_chat-security">
<authentication>
<login-module code="org.jboss.security.ClientLoginModule"
flag="required">
</login-module>
<login-module
code="br.com.unimed.chatcorporativo.security.loginmodule.ChatLoginMod
ule" flag="required">
</login-module>
</authentication>
</application-policy>
<!-- Configuracao do Lambda Probe -->
<application-policy name = "probe">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag =
"required">
<module-option
name="usersProperties">props/probe-users.properties</module-option>
<module-option
name="rolesProperties">props/probe-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
</policy>
Any idea on the issue?
Tks
- - - - - - -
Claudemir Ferreira Franco
Analista Suporte Unix
BrasilTelecom Site III - CyberDatacenter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20070918/a6e02a62/attachment.html
More information about the jboss-user
mailing list