[jboss-user] [JBoss Messaging] - Re: JAAS login module - client jar incompatibility w/ jbosss

[susan.c.weber]

The stack trace is

  | Caused by: javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.ClientLoginModule
  | 	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:711)
  | 	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  | 	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  | 	at java.security.AccessController.doPrivileged(Native Method)
  | 	at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  | 	at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  | 	at edu.stanford.irt.mercury.authentication.ProgrammaticLogin.login(ProgrammaticLogin.java:64)
  | 	at edu.stanford.irt.mercury.authentication.LoginDialog.doLogin(LoginDialog.java:311)
  | 

where line 64 of ProgrammaticLogin is simply "lc.login()":


  | 62    Configuration.setConfiguration(new DefaultJaasConfiguration());
  | 63    lc =  new LoginContext(getContextName(), getCallbackHandler());
  | 64    lc.login();  
  | 

The configuration is where the reference to org.jboss.security.ClientLoginModule is coming from:


  | protected class DefaultJassConfiguration extends Configuration {
  |     public AppConfigurationEntry[] getAppConfigurationEntry(String arg0) {
  |       Map options = new HashMap();
  |       AppConfigurationEntry[] entries =
  |         {
  |            new AppConfigurationEntry(
  |             "org.jboss.security.ClientLoginModule",
  |             AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
  |             options)};
  |       return entries;
  |     }
  |     public void refresh() {}
  | }
  | 

Here's a sample deployment descriptor for one of our secured queues:


  | <?xml version="1.0" encoding="UTF-8"?>
  | <server>
  |  <loader-repository>jboss.messaging:loader=ScopedLoaderRepository
  |  <loader-repository-config>java2ParentDelegation=false</loader-repository-config>
  |  </loader-repository>
  |  <mbean code="org.jboss.jms.server.destination.Queue"
  |            name="jboss.messaging.destination:service=Queue,name=trisAuditQueue"
  |            xmbean-dd="xmdesc/Queue-xmbean.xml">
  |            <depends optional-attribute-name="ServerPeer">jboss.messaging:service=ServerPeer</depends>
  |            <attribute name="SecurityConfig">
  |               <security>
  |                  <role name="IRT_TRUSTED" read="true" write="true" create="true"/>
  |                </security>
  |            </attribute>
  |  </mbean>
  | </server>
  | 

where IRT_TRUSTED is set in this login module in login-config.xml


  |     <application-policy name = "IrtHeadless">
  |       <authentication>
  |               <login-module code="edu.stanford.irt.security.TrisX509LoginModule"
  |                      flag="required">
  |                      <module-option name="keyStorePath">path_to_keystore</module-option>
  |                      <module-option name="keyStorePassword">password</module-option>
  |                      <module-option name="defaultRole">IRT_TRUSTED</module-option>
  |                </login-module>
  |       </authentication>
  |    </application-policy>
  | 

and I've modified messaging-service.xml as follows


  |       <attribute name="SecurityDomain">java:/jaas/IrtHeadless</attribute>
  |       <attribute name="DefaultSecurityConfig">
  |         <security>
  |             <role name="IRT_TRUSTED" read="true" write="true" create="true"/>
  |         </security>
  |       </attribute>
  | 

Let me know whether this sufficiently clarifies my situation.

thanks
susan

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3976379#3976379

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3976379