[jboss-jira] [JBoss JIRA] (SECURITY-652) ClassNotFoundException for custom principal implementation provided in EAR
Bernd Zeitler (JIRA)
jira-events at lists.jboss.org
Wed Mar 14 12:14:47 EDT 2012
Bernd Zeitler created SECURITY-652:
--------------------------------------
Summary: ClassNotFoundException for custom principal implementation provided in EAR
Key: SECURITY-652
URL: https://issues.jboss.org/browse/SECURITY-652
Project: PicketBox (JBoss Security and Identity Management)
Issue Type: Bug
Security Level: Public (Everyone can see)
Affects Versions: PicketBox_v3_0_CR2
Reporter: Bernd Zeitler
Assignee: Anil Saldhana
We implemented our own custom {{ClientLoginModule}} along with the matching {{ServerLoginModule}} and a custom {{Principal}}. I tried to deploy these within an EAR, along with a {{my-jboss-beans.xml}}, where the application policy is configured.
The EAR contains an EJB (J2EE) which is secured with this policy.
When calling the EJB from a remote client, I get the following exception:
{code}
2012-03-02 15:46:39,548 ERROR [org.jboss.remoting.transport.socket.ServerThread] (WorkerThread#0[127.0.0.1:54670]) WorkerThread#0[127.0.0.1:54670] exception occurred during first invocation: java.lang.ClassNotFoundException: test.me.MyPrincipal
at java.net.URLClassLoader$1.run(URLClassLoader.java:202) [:1.6.0_29]
at java.security.AccessController.doPrivileged(Native Method) [:1.6.0_29]
at java.net.URLClassLoader.findClass(URLClassLoader.java:190) [:1.6.0_29]
at java.lang.ClassLoader.loadClass(ClassLoader.java:306) [:1.6.0_29]
at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:301) [:1.6.0_29]
at java.lang.ClassLoader.loadClass(ClassLoader.java:247) [:1.6.0_29]
at java.lang.Class.forName0(Native Method) [:1.6.0_29]
at java.lang.Class.forName(Class.java:247) [:1.6.0_29]
at org.jboss.classloader.spi.base.BaseClassLoaderDomain.loadClass(BaseClassLoaderDomain.java:304) [jboss-classloader.jar:2.2.1.GA]
at org.jboss.classloader.spi.base.BaseClassLoaderDomain.loadClass(BaseClassLoaderDomain.java:1172) [jboss-classloader.jar:2.2.1.GA]
at org.jboss.classloader.spi.base.BaseClassLoader.loadClassFromDomain(BaseClassLoader.java:886) [jboss-classloader.jar:2.2.1.GA]
at org.jboss.classloader.spi.base.BaseClassLoader.doLoadClass(BaseClassLoader.java:505) [jboss-classloader.jar:2.2.1.GA]
at org.jboss.classloader.spi.base.BaseClassLoader.loadClass(BaseClassLoader.java:450) [jboss-classloader.jar:2.2.1.GA]
at java.lang.ClassLoader.loadClass(ClassLoader.java:247) [:1.6.0_29]
at java.lang.Class.forName0(Native Method) [:1.6.0_29]
at java.lang.Class.forName(Class.java:247) [:1.6.0_29]
at java.io.ObjectInputStream.resolveClass(ObjectInputStream.java:603) [:1.6.0_29]
at org.jboss.remoting.loading.ObjectInputStreamWithClassLoader.resolveClass(ObjectInputStreamWithClassLoader.java:172) [:]
at java.io.ObjectInputStream.readNonProxyDesc(ObjectInputStream.java:1574) [:1.6.0_29]
at java.io.ObjectInputStream.readClassDesc(ObjectInputStream.java:1495) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1731) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at java.util.HashSet.readObject(HashSet.java:291) [:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [:1.6.0_29]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [:1.6.0_29]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [:1.6.0_29]
at java.lang.reflect.Method.invoke(Method.java:597) [:1.6.0_29]
at java.io.ObjectStreamClass.invokeReadObject(ObjectStreamClass.java:974) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1848) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at org.jboss.invocation.MarshalledInvocation.readExternal(MarshalledInvocation.java:665) [:6.1.0.Final]
at java.io.ObjectInputStream.readExternalData(ObjectInputStream.java:1791) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1750) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.defaultReadFields(ObjectInputStream.java:1946) [:1.6.0_29]
at java.io.ObjectInputStream.readSerialData(ObjectInputStream.java:1870) [:1.6.0_29]
at java.io.ObjectInputStream.readOrdinaryObject(ObjectInputStream.java:1752) [:1.6.0_29]
at java.io.ObjectInputStream.readObject0(ObjectInputStream.java:1328) [:1.6.0_29]
at java.io.ObjectInputStream.readObject(ObjectInputStream.java:350) [:1.6.0_29]
at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObjectVersion2_2(JavaSerializationManager.java:238) [:]
at org.jboss.remoting.serialization.impl.java.JavaSerializationManager.receiveObject(JavaSerializationManager.java:138) [:]
at org.jboss.remoting.marshal.serializable.SerializableUnMarshaller.read(SerializableUnMarshaller.java:123) [:]
at org.jboss.invocation.unified.marshall.InvocationUnMarshaller.read(InvocationUnMarshaller.java:59) [:6.1.0.Final]
at org.jboss.remoting.transport.socket.ServerThread.versionedRead(ServerThread.java:900) [:]
at org.jboss.remoting.transport.socket.ServerThread.completeInvocation(ServerThread.java:754) [:]
at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:744) [:]
at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:548) [:]
at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:234) [:]
{code}
Everything is working as exptected when I am using a JBoss principal implementation (like {{SimplePrincipal}}). But we need a custom principal, since we have to provide additional data.
Moving login modules and principal implementation in a jboss lib dir is not an option since we even need some application specific (deployed) resources during the authentication and authorisation process, which leads us to classloading hell and several complicated workarounds. I was hoping to get rid off this unhandy installation and workarounds since JBoss 6.1 supports deployment of application policies.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list