[jboss-jira] [JBoss JIRA] Created: (JBAS-5236) Encrypting passwords with DIGEST prevents shutting down JBoss from command line

Marcus Moyses (JIRA) jira-events at lists.jboss.org
Fri Feb 15 11:39:26 EST 2008 

Encrypting passwords with DIGEST prevents shutting down JBoss from command line
-------------------------------------------------------------------------------

                 Key: JBAS-5236
                 URL: http://jira.jboss.com/jira/browse/JBAS-5236
             Project: JBoss Application Server
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Security
    Affects Versions: JBossAS-4.0.5.GA
            Reporter: Marcus Moyses
         Assigned To: Anil Saldhana
             Fix For: JBossAS-5.0.0.GA


Following the instructions to encrypt the login module passwords as indicated in http://jira.jboss.com/jira/browse/JBAS-2338 and then securing the jmx-invoker with the same login module causes an error when trying to shut down JBoss from the command line.

[mmoyses at mmoyses bin]$ ./shutdown.sh -s localhost -u admin
Enter password for admin: xxx
Exception in thread "main" java.lang.SecurityException: Failed to authenticate principal=admin, securityDomain=jmx-console
        at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:97)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
        at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:179)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
        at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
        at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
        at sun.rmi.transport.Transport$1.run(Transport.java:153)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
        at java.lang.Thread.run(Thread.java:595)
        at sun.rmi.transport.StreamRemoteCall.exceptionReceivedFromServer(StreamRemoteCall.java:247)
        at sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:223)
        at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:126)
        at org.jboss.invocation.jrmp.server.JRMPInvoker_Stub.invoke(Unknown Source)
        at org.jboss.invocation.jrmp.interfaces.JRMPInvokerProxy.invoke(JRMPInvokerProxy.java:133)
        at org.jboss.invocation.InvokerInterceptor.invokeInvoker(InvokerInterceptor.java:365)
        at org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:197)
        at org.jboss.jmx.connector.invoker.client.InvokerAdaptorClientInterceptor.invoke(InvokerAdaptorClientInterceptor.java:66)
        at org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:70)
        at org.jboss.proxy.ClientMethodInterceptor.invoke(ClientMethodInterceptor.java:74)
        at org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:100)
        at $Proxy0.invoke(Unknown Source)
        at org.jboss.Shutdown$ServerProxyHandler.invoke(Shutdown.java:266)
        at $Proxy1.shutdown(Unknown Source)
        at org.jboss.Shutdown.main(Shutdown.java:237)

Here is the server.log snippet:
2008-02-15 11:30:54,898 TRACE [org.jboss.security.plugins.JaasSecurityManager.jmx-console] Begin isValid, principal:admin, cache info: null
2008-02-15 11:30:54,898 TRACE [org.jboss.security.plugins.JaasSecurityManager.jmx-console] defaultLogin, principal=admin
2008-02-15 11:30:54,898 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(jmx-console), size=8
2008-02-15 11:30:54,898 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(jmx-console), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:name=hashEncoding, value=rfc2617
name=rolesProperties, value=props/jmx-console-roles.properties
name=usersProperties, value=props/jmx-console-users.properties
name=hashUserPassword, value=false
name=passwordIsA1Hash, value=true
name=hashAlgorithm, value=MD5
name=hashStorePassword, value=true
name=storeDigestCallback, value=org.jboss.security.auth.spi.RFC2617Digest

2008-02-15 11:30:54,903 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize, instance=@8295471
2008-02-15 11:30:54,903 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Security domain: jmx-console
2008-02-15 11:30:54,903 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Password hashing activated: algorithm = MD5, encoding = rfc2617, charset = {default}, callback = null, storeCallback = org.jboss.security.auth.spi.RFC2617Digest
2008-02-15 11:30:54,906 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
2008-02-15 11:30:54,909 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/opt/jboss-4.0.5.GA/server/default/conf/props/jmx-console-users.properties, defaults=null
2008-02-15 11:30:54,909 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[admin]
2008-02-15 11:30:54,909 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null
2008-02-15 11:30:54,911 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Properties file=file:/opt/jboss-4.0.5.GA/server/default/conf/props/jmx-console-roles.properties, defaults=null
2008-02-15 11:30:54,911 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[admin]
2008-02-15 11:30:54,911 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
2008-02-15 11:30:54,915 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Created DigestCallback: org.jboss.security.auth.spi.RFC2617Digest at c8d62f
2008-02-15 11:30:54,922 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] abort
2008-02-15 11:30:54,922 TRACE [org.jboss.security.plugins.JaasSecurityManager.jmx-console] Login failure
javax.security.auth.login.LoginException: storeDigestCallback callback failed
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:409)
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:209)
        at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
        at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
        at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
        at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
        at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
        at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
        at org.jboss.jmx.connector.invoker.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:89)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
        at org.jboss.invocation.jrmp.server.JRMPProxyFactory.invoke(JRMPProxyFactory.java:179)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
        at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
        at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
        at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
        at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
        at sun.rmi.transport.Transport$1.run(Transport.java:153)
        at java.security.AccessController.doPrivileged(Native Method)
        at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
        at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
        at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
        at java.lang.Thread.run(Thread.java:595)
Caused by: javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback
        at org.jboss.security.auth.callback.SecurityAssociationHandler.handle(SecurityAssociationHandler.java:128)
        at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951)
        at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:399)
        ... 42 more
2008-02-15 11:30:54,924 TRACE [org.jboss.security.plugins.JaasSecurityManager.jmx-console] End isValid, false

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list