[jboss-user] [Security & JAAS/JBoss] - Unable to implement custom LoginModule example
Ken from Mera
do-not-reply at jboss.com
Tue Jun 5 07:26:22 EDT 2007
Hello,
Probably, it is stupid problem, but I am unable to resole it myself :(
I was going to implement very simple custom LoginModule in my web app discussed in section 8.4.7.2. 'A Custom LoginModule Example' of 'The JBoss 4 Application Server Guide' book published at http://docs.jboss.org/jbossas/jboss4guide/r4/html/index.html
The following actions were done
1. jboss.xml file with the following content was put to WEB-INF directory of my web app:
<?xml version="1.0" encoding="ISO-8859-1"?>
| <jboss>
| <security-domain>java:/jaas/My_web_security</security-domain>
| </jboss>
2. login-config.xml file with the following content was put to WEB-INF directory of my web app:
<policy>
| <application-policy name = "My_web_security">
| <authentication>
| <login-module code="com.mydomain.web.security.JbossLoginModule" flag="required">
| <module-option name = "userPathPrefix">/security/store/password</module-option>
| <module-option name = "rolesPathPrefix">/security/store/roles</module-option>
| </login-module>
| </authentication>
| </application-policy>
| </policy>
3. The following security constraints were added into web.xml file
<login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/pages/common/login.htm</form-login-page>
| <form-error-page>/pages/common/loginerror.htm</form-error-page>
| </form-login-config>
| </login-config>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>MY_RESTRICTED</web-resource-name>
| <url-pattern>/pages/secure/*</url-pattern>
| </web-resource-collection>
| <auth-constraint>
| <role-name>MY_SYSADMIN</role-name>
| <role-name>MY_LOADER</role-name>
| <role-name>MY_DEFAULT</role-name>
| </auth-constraint>
| </security-constraint>
|
| <security-role>
| <role-name>MY_SYSADMIN</role-name>
| </security-role>
| <security-role>
| <role-name>MY_LOADER</role-name>
| </security-role>
| <security-role>
| <role-name>MY_DEFAULT</role-name>
| </security-role>
4. The following login module was created in my web app:
package com.mydomain.web.security;
|
| import java.security.acl.Group;
| import java.util.Map;
| import javax.security.auth.Subject;
| import javax.security.auth.callback.CallbackHandler;
| import javax.security.auth.login.LoginException;
|
| import org.jboss.security.SimpleGroup;
| import org.jboss.security.SimplePrincipal;
| import org.jboss.security.auth.spi.UsernamePasswordLoginModule;
|
| /**
| * An example custom login module.
| */
| public class JbossLoginModule extends UsernamePasswordLoginModule {
| private String userPathPrefix;
| private String rolesPathPrefix;
|
| /**
| * Override to obtain the userPathPrefix and rolesPathPrefix options.
| */
| public void initialize(Subject subject, CallbackHandler callbackHandler, Map sharedState, Map options)
| {
| super.initialize(subject, callbackHandler, sharedState, options);
| userPathPrefix = (String) options.get("userPathPrefix");
| rolesPathPrefix = (String) options.get("rolesPathPrefix");
| }
|
| /**
| * Get the roles the current user belongs to.
| */
| protected Group[] getRoleSets() throws LoginException
| {
| String rolesPath = rolesPathPrefix + '/' + super.getUsername();
| String[] roles = {"MY_SYSADMIN", "MY_LOADER", "MY_DEFAULT"};
| Group[] groups = {new SimpleGroup("Roles")};
|
| for(int r = 0; r < roles.length; r ++)
| {
| SimplePrincipal role = new SimplePrincipal(roles[r]);
| groups[0].addMember(role);
| }
|
| return groups;
| }
|
| /**
| * Get the password of the current user.
| */
| protected String getUsersPassword() throws LoginException
| {
| String userPath = userPathPrefix + '/' + super.getUsername();
| String passwd = "1";
|
| return passwd;
| }
| }
5. login.htm and loginerror.htm pages were created
Unfortunately, after deployment on JBOSS, the following exception is raised when username and password is submitted:
14:42:39,116 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
| java.lang.ClassCastException: org.jboss.security.plugins.JaasSecurityManager cannot be cast to org.jboss.security.SubjectSecurityManager
| at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
| at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:258)
| at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:417)
| at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
| at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
| at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
| at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
| at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
| at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
| at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
| at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
| at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
| at java.lang.Thread.run(Thread.java:619)
I tried to find something in Google about this error, but found nothing.
Can anyone help me?
JBOSS [Trinity] 4.2.0.GA (build: SVNTag=JBoss_4_2_0_GA date=200705111440) is used.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4051273#4051273
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4051273
More information about the jboss-user
mailing list