[jboss-user] [Security & JAAS/JBoss] - Form and custom LoginModule : ClassCastException

Mon Nov 20 19:45:53 EST 2006

I want to use a custom LoginModule within a webapp with the FORM auth-method.

I write a LoginModule that extends AbstractServerLoginModule and configure the login module :

web.xml :

  | <login-config>
  |     <auth-method>FORM</auth-method>
  |     <realm-name>TestJaasLdapRealm</realm-name>
  |     <form-login-config>
  | 	  <form-login-page>/loginModule.jsp</form-login-page>
  | 	  <form-error-page>/loginError.jsp</form-error-page>
  |     </form-login-config>
  |  </login-config>
  | 

jboss-web.xml : 

<jboss-web>
  |    <security-domain>java:/jaas/TestJaasLdapRealm</security-domain>
  | </jboss-web>

ga-login-config-service.xml :

  | <server>
  |    <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
  |       name="jboss:service=DynamicLoginConfig">
  |       <attribute name="AuthConfig">ga-login-config.xml</attribute>
  |       <depends optional-attribute-name="LoginConfigService">
  |          jboss.security:service=XMLLoginConfig
  |       </depends>
  |       <depends optional-attribute-name="SecurityManagerService">
  |          jboss.security:service=JaasSecurityManager
  |       </depends>
  |    </mbean>
  |  </server>
  | 

ga-login-config.xml :

  | <policy>
  | 
  |     <application-policy name = "TestJaasLdapRealm">
  |        <authentication>
  |           <login-module code = "com.sample.security.TestLoginModule" flag = "required">             
  | 		  <module-option name="additionalRole">Authenticated</module-option>			 
  |           </login-module>
  | 		 <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
  |        </authentication>
  |     </application-policy>  
  |     
  | </policy>
  | 

But when I submit the form after being redirected I've this exception :

java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
  | 	at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
  | 	at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
  | 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
  | 	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
  | 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  | 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
  | 	at java.lang.Thread.run(Thread.java:595)

And in the server.log : 
2006-11-21 01:29:39,601 TRACE [org.jboss.security.plugins.JaasSecurityManager] Constructing
  | 2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CallbackHandler: org.jboss.security.auth.callback.SecurityAssociationHandler at 16e1111
  | 2006-11-21 01:29:39,601 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager at 12277ed
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory, false)
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Searching local repositories
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]     findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Loading class from local repository
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.TimedCachePolicy, false)
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Searching local repositories
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]     findClass(org.jboss.util.TimedCachePolicy)
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 1e4605c
  | 2006-11-21 01:29:39,601 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Loading class from parent
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.util.CachePolicy, false)
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Searching local repositories
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader]     findClass(org.jboss.util.CachePolicy)
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Delegating to parent classloader at end: java.net.FactoryURLClassLoader at 1e4605c
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader]   Loading class from parent
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.InvalidNameException, false)
  | 2006-11-21 01:29:39,616 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.security.auth.Subject, false)
  | 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManager.TestJaasLdapRealm] CachePolicy set to: org.jboss.util.TimedCachePolicy at 33cf0f
  | 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy at 33cf0f
  | 2006-11-21 01:29:39,616 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added TestJaasLdapRealm, org.jboss.security.plugins.SecurityDomainContext at 15ef45a to map
  | 2006-11-21 01:29:39,616 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
  | 2006-11-21 01:29:39,616 ERROR [org.apache.catalina.connector.CoyoteAdapter] An exception or error occurred in the container during the request processing
  | java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager
  | 	at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
  | 	at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
  | 	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
  | 	at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
  | 	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
  | 	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
  | 	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
  | 	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
  | 	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
  | 	at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
  | 	at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
  | 	at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
  | 	at java.lang.Thread.run(Thread.java:595)

I try and succed to use my custom LoginModule in a action struts trough the LoginContext("TestJaasLdapRealm", ...) object. But I would like to use a automatic feature within the webcontainer.

Matthieu

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3987448#3987448

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3987448