[JBoss JIRA] (SECURITY-652) ClassNotFoundException for custom principal implementation provided in EAR
11:14 a.m.
Bernd Zeitler created SECURITY-652:
--------------------------------------
Summary: ClassNotFoundException for custom principal implementation provided
in EAR
Key: SECURITY-652
URL: https://issues.jboss.org/browse/SECURITY-652
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: PicketBox_v3_0_CR2
Reporter: Bernd Zeitler
Assignee: Anil Saldhana
We implemented our own custom {{ClientLoginModule}} along with the matching
{{ServerLoginModule}} and a custom {{Principal}}. I tried to deploy these within an EAR,
along with a {{my-jboss-beans.xml}}, where the application policy is configured.
The EAR contains an EJB (J2EE) which is secured with this policy.
When calling the EJB from a remote client, I get the following exception:
{code}
2012-03-02 15:46:39,548 ERROR [org.jboss.remoting.transport.socket.ServerThread]
(WorkerThread#0[127.0.0.1:54670]) WorkerThread#0[127.0.0.1:54670] exception occurred
during first invocation: java.lang.ClassNotFoundException: test.me.MyPrincipal
at java.net.URLClassLoader$1.run(URLClassLoader.java:202) [:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at java.net.URLClassLoader.findClass(URLClassLoader.java:190) [:1.6.0_29]
at java.lang.ClassLoader.loadClass(ClassLoader.java:306) [:1.6.0_29]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) [:1.6.0_29]
at java.lang.ClassLoader.loadClass(ClassLoader.java:247) [:1.6.0_29]
at java.lang.Class.forName0(Native Method) [:1.6.0_29]
at java.lang.Class.forName(Class.java:247) [:1.6.0_29]
at
org.jboss.classloader.spi.base.BaseClassLoaderDomain.loadClass(BaseClassLoaderDomain.java:304)
[jboss-classloader.jar:2.2.1.GA]
at
org.jboss.classloader.spi.base.BaseClassLoaderDomain.loadClass(BaseClassLoaderDomain.java:1172)
[jboss-classloader.jar:2.2.1.GA]
at
org.jboss.classloader.spi.base.BaseClassLoader.loadClassFromDomain(BaseClassLoader.java:886)
[jboss-classloader.jar:2.2.1.GA]
at
org.jboss.classloader.spi.base.BaseClassLoader.doLoadClass(BaseClassLoader.java:505)
[jboss-classloader.jar:2.2.1.GA]
at org.jboss.classloader.spi.base.BaseClassLoader.loadClass(BaseClassLoader.java:450)
[jboss-classloader.jar:2.2.1.GA]
at java.lang.ClassLoader.loadClass(ClassLoader.java:247) [:1.6.0_29]
at java.lang.Class.forName0(Native Method) [:1.6.0_29]
at java.lang.Class.forName(Class.java:247) [:1.6.0_29]
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:603) [:1.6.0_29]
at
org.jboss.remoting.loading.ObjectInputStreamWithClassLoader.resolveClass(ObjectInputStreamWithClassLoader.java:172)
[:]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574)
[:1.6.0_29]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1731)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
[:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at java.util.HashSet.readObject(HashSet.java:291) [:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
[:1.6.0_29]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
[:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
[:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
[:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at
org.jboss.invocation.MarshalledInvocation.readExternal(MarshalledInvocation.java:665)
[:6.1.0.Final]
at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1791)
[:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1750)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946)
[:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752)
[:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at
org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObjectVersion2_2(JavaSerializationManager.java:238)
[:]
at
org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObject(JavaSerializationManager.java:138)
[:]
at
org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.read(SerializableUnMarshaller.java:123)
[:]
at
org.jboss.invocation.unified.marshall.InvocationUnMarshaller.read(InvocationUnMarshaller.java:59)
[:6.1.0.Final]
at
org.jboss.remoting.transport.socket.ServerThread.versionedRead(ServerThread.java:900) [:]
at
org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:754)
[:]
at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744)
[:]
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548) [:]
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234) [:]
{code}
Everything is working as exptected when I am using a JBoss principal implementation (like
{{SimplePrincipal}}). But we need a custom principal, since we have to provide additional
data.
Moving login modules and principal implementation in a jboss lib dir is not an option
since we even need some application specific (deployed) resources during the
authentication and authorisation process, which leads us to classloading hell and several
complicated workarounds. I was hoping to get rid off this unhandy installation and
workarounds since JBoss 6.1 supports deployment of application policies.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
4622
days inactive
4622
days old
0 comments
1 participants
participants (1)
-
Bernd Zeitler (JIRA)