[JBoss ESB Development] - Re: ClassCastException in CertificateLoginModule
by h.wolffenbuttel
Hi,
I'm using another callbackHandler:
| <security
| callbackHandler="org.jboss.soa.esb.services.security.auth.loginUserPassCallbackHandler"
| moduleName="CertLogin" rolesAllowed="worker" runAs="worker" useCallerIdentity="false">
| <property name="alias" value="xxxxxx"/>
| </security>
|
But with the suggested config:
| <security
| callbackHandler="org.jboss.soa.esb.services.security.auth.login.CertCallbackHandler"
| moduleName="CertLogin" rolesAllowed="worker" runAs="worker" useCallerIdentity="false">
| <property name="alias" value="xxxxxxxx"/>
| </security>
|
I still get the following error (extracted via Debugging)
| javax.security.auth.login.LoginException: java.lang.ClassCastException: [Ljava.security.cert.X509Certificate;
| at org.jboss.soa.esb.services.security.auth.login.CertificateLoginModule.getCallerCertificate(CertificateLoginModule.java:406)
| at org.jboss.soa.esb.services.security.auth.login.CertificateLoginModule.login(CertificateLoginModule.java:145)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
| at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
| at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:330)
| at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:149)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
| at java.lang.Thread.run(Thread.java:595)
|
The Object wich is called for the credentials is org.jboss.security.auth.callback.ObjectCallback. Do i have a different version or something? I'm using AS 4.2.3 and ESB 4.6 with JBoss Remoting 2.2.3 and JBoss Messaging 1.4.4 GA
Regards,
Hans
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259126#4259126
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259126
16 years, 3 months
[JBoss ESB Development] - Re: ClassCastException in CertificateLoginModule
by beve
Hi,
anonymous wrote : Is it a configuration problem or just a bug?
I'd say this might depend on how you are using the CertificateLoginModule. Are you using the login module as the moduleName for a ESB service like this:
| <security moduleName="CertLogin" rolesAllowed="worker" callbackHandler="org.jboss.soa.esb.services.security.auth.login.CertCallbackHandler">
| <property name="alias" value="certtest"/>
| </security>
|
This is from the security_cert quickstart. In this case the JBossRemotingGatewayListener's message composer is responsible for extracting the certificate from the incoming request. An AuthenticationRequest is created using the certificate and this instance is attached to the ESB Message context so that it is available to the ESB to authenticate the call.
The credentials are specified in org.jboss.soa.esb.services.security.auth.AuthenticationRequest:
public interface AuthenticationRequest
| {
| public abstract Set<?> getCredentials();
| ...
| }
I should not be possible that the getCredentials method does not return a Set<?> as far as I can tell.
Could you show me your jboss-esb.xml configuration specially the security element on the esb service?
Regards,
/Daniel
I
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259117#4259117
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259117
16 years, 3 months
[JBoss ESB Development] - ClassCastException in CertificateLoginModule
by h.wolffenbuttel
While implementing JAAS security into my JBossESB i stumbled on a ClassCastException in the CertificateLoginModule. While debugging i found the code where the problem occurs:
| private X509Certificate getCallerCertificate(final ObjectCallback objectCallback) throws LoginException
| {
| final Set<?> credentials = (Set<?>) objectCallback.getCredential();
| if (credentials == null || credentials.isEmpty())
| {
| throw new LoginException("No X509Certificate was passed to the login module");
| }
|
| X509Certificate callerCert = null;
| for (Object object : credentials)
| {
| if (object instanceof X509Certificate)
| {
| callerCert = (X509Certificate) object;
| break;
| }
| }
|
| if (callerCert == null)
| {
| throw new LoginException("No X509Certificate was passed to the login module");
| }
|
| return callerCert;
| }
|
The problem is that objectCallback.getCredential() contains an ObjectArray of X509Certificate and not a Set<?>. So this explains the ClassCastException.
Is it a configuration problem or just a bug?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259104#4259104
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259104
16 years, 3 months
[jBPM Development] - is async execution considered inactive?
by mwohlf
Hi guys,
I have a (pretty hackish) process definition with custom task activities implemented as java classes, these activities basically just create a default task, the relevant part of the process definition looks like this:
| <custom class="net.package.CustomTaskActivity" name="custom01">
| <on continue="async" event="forward">
| <mail class="net.package.CustomMailProducer" >
| <field name="tmplName"><string value="templatename"/></field>
| </mail>
| </on>
|
| <transition name="forward" to="custom01"/>
| <transition name="toCreateBusinessKey" to="custom02"/>
| </custom>
|
the forward transition is supposed to be a loop just creating the same task activity for a different user, this is handled in a custom task implementation.
The Problem is when i take the "forward" transition I get an exception telling me the Execution is not active:
| org.jbpm.api.JbpmException: execution[ChangeRequest.15] is not active: async
| at org.jbpm.pvm.internal.model.ExecutionImpl.checkActive(ExecutionImpl.java:999)
| at org.jbpm.pvm.internal.model.ExecutionImpl.take(ExecutionImpl.java:447)
| at org.jbpm.jpdl.internal.activity.TaskActivity.signal(TaskActivity.java:140)
I checked the code and according to my understanding it all boils down to the implementation of the ScopedInstanceImpl.isActive() method:
public boolean isActive() {
| return Execution.STATE_ACTIVE_ROOT.equals(state)
| || Execution.STATE_ACTIVE_CONCURRENT.equals(state);
| }
|
My question is: Why isn't there a check for Execution.STATE_ASYNC? Is an async continuation considered to be not active?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259092#4259092
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259092
16 years, 3 months
[JBoss Transactions Development] - Re: Starting with JBoss Transactions
by adinn
anonymous wrote :
| I have a problem building AS. When I execute build.bat some errors appears:
|
| Error building POM (may not be this projectÃÂôs POM)
| Project ID: org.jboss.jbossas:jboss-as-component-matrix:5.1.0.GA
| Reason: Cannot find parent: org.jboss:jboss-parent for project: org.jboss.jbossas: jboss-as-component-matrix:pom:5.1.0.GA
|
Hmm, well I am afraid I am no maven guru . . . I actually have 5.1.0.CR1 installed on my machine. Looking at the pom hierarchy starting from the build directory I see that the parent entries in the pom.xml files points from ASTree/build/pom.xml to ASTree/pom.xml to ASTree/component-matrix/pom.xml. The respective maven projects are jboss-as-build, jboss-as-parent and jboss-as-component-matrix. The last of these three projects does indeed declare its parent to be jboss-parent (not jboss-as-parent). Clearly the error is referring to this last entry but I don't know why it works on my machine but fails on yours.
Which maven version are you using? I built my AS using maven 2.0.10. Perhaps that is the problem. If not then perhaps you could try the CR1 release as I have. Failing that the AS users forum is the best place to aks.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4259059#4259059
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4259059
16 years, 3 months
[jBPM Development] - Re: Extension of schema and Task-objects
by kukeltje
This is indeed what I used something similar for in jBPM 3. It's not that difficult since you can retrieve the processdefinition in xml as a resource from the deployment and use xpath on it for retrieving the additional attributes.
What I did (amongs other things) was adding an attribute to a task with the average duration (different from the duedate). Without extending the database, I was able to use this.
Otoh, in jBPM 4 it is much easier to extend an activity then it was in jBPM 3 since there is no database model to be extended. Just extend the activity and change the activities xml config file and you are done. The two solutions can coexist without any problem, although I think the activities config file was more for new node types than extending existing ones.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258982#4258982
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4258982
16 years, 3 months
[jBPM Development] - Re: making references to usercode more consistent in jpdl
by kukeltje
Some small remarks:
- I agree with your latest two posts
- What is the advantage of having a method attribute with a class on decision, condition etc... There should be well defined interfaces like execute and decide that need to return the correct type. Adding methods is not needed there imo.
- With expr I'd ditch the method completely in favour of the normal EL notations for it.
- <decision handler-ref="xxx" is exactly the same as <decision ...><handler expr="#{xxx}" would not be my choice. I'd give the handler a name and have the handler-ref point to that name. Unless that is what you mean if xxx is the name of the handler in the jbpm context. Then what you state is what I mean as well.
- What is the '' element?
- The ref on condition should also be handler-ref like on decision, or the other way around, just be concise
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4258980#4258980
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4258980
16 years, 3 months