3:38 a.m.
[ http://jira.jboss.com/jira/browse/JBAS-4484?page=comments#action_12365146 ]
Dirk Gfroerer commented on JBAS-4484:
-------------------------------------
Another note on this. This doesn't seem to be related to having not two login modules.
org.jboss.security.auth.spi.UsersRolesLoginModule seems to be the culprit. When I try to
access using this application-policy I do get the exception on the client.
<application-policy name="ProtectedArea">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="sufficient">
<module-option
name="usersProperties">props/xxx-users.properties</module-option>
<module-option
name="rolesProperties">props/xxx-roles.properties</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
<module-option name="hashEncoding">rfc2617</module-option>
<module-option
name="hashUserPassword">false</module-option>
<module-option
name="hashStorePassword">true</module-option>
<module-option
name="passwordIsA1Hash">false</module-option>
<module-option
name="storeDigestCallback">org.jboss.security.auth.spi.RFC2617Digest</module-option>
</login-module>
</authentication>
</application-policy>
org.jboss.security.auth.callback.MapCallback not serializable
-------------------------------------------------------------
Key: JBAS-4484
URL: http://jira.jboss.com/jira/browse/JBAS-4484
Project: JBoss Application Server
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Security
Affects Versions: JBossAS-4.0.5.GA
Environment: Linux ghlx06 2.4.21-50.EL #1 SMP Tue May 8 17:10:00 EDT 2007 x86_64
x86_64 x86_64 GNU/Linux
RHEL 3 x86_64
Reporter: Dirk Gfroerer
Assigned To: Scott M Stark
I'm securing access to my EJBs via a security domain. Everything was working fine
until I had to add a second login module to my application-policy in login-config.xml. I
now do have to login-modules both of them are flagged as being sufficient. However if now
a user tries to login and uses an invalid account / password I get the following
exception:
Exception in thread "main" java.rmi.UnmarshalException: Error unmarshaling
return; nested exception is:
java.io.WriteAbortedException: writing aborted; java.io.NotSerializableException:
org.jboss.security.auth.callback.MapCallback
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:217)
at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
at
org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:133)
at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:365)
at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:197)
at org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:61)
at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
at org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:184)
at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
at $Proxy0.create(Unknown Source)
at
de.guhsoft.eDHR.OrderManager.testclient.GetUserInformation.doAction(GetUserInformation.java:71)
at
de.guhsoft.eDHR.OrderManager.testclient.GetUserInformation.main(GetUserInformation.java:92)
Caused by: java.io.WriteAbortedException: writing aborted;
java.io.NotSerializableException: org.jboss.security.auth.callback.MapCallback
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1309)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1908)
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1832)
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1719)
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1305)
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:348)
at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:215)
... 12 more
Caused by: java.io.NotSerializableException:
org.jboss.security.auth.callback.MapCallback
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1156)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1474)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.defaultWriteObject(ObjectOutputStream.java:416)
at java.lang.Throwable.writeObject(Throwable.java:648)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at java.io.ObjectStreamClass.invokeWriteObject(ObjectStreamClass.java:945)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1461)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1474)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1509)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1474)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1392)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1150)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:326)
at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:343)
at sun.rmi.transport.Transport$1.run(Transport.java:159)
at java.security.AccessController.doPrivileged(Native Method)
at sun.rmi.transport.Transport.serviceCall(Transport.java:155)
at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:535)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:790)
at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:649)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:885)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:907)
at java.lang.Thread.run(Thread.java:619)
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira