[jboss-user] [Security & JAAS/JBoss] - (frustrated) cannot authenticate client against JAAS enabled

lesclayes do-not-reply at jboss.com
Fri Jul 18 04:49:04 EDT 2008 

I have read many forums and books on this topic but I cannot get my client (which is a standalone command line app) to invoke a protected SLSB on JBoss 4.05GA.

My client is getting this error. 

anonymous wrote : 
  |      [java] java.rmi.AccessException: SecurityException; nested exception is:
  |      [java]     javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
  |      [java]     at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:388)
  |      [java]     at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:136)
  |      [java]     at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invokeHome(ProxyFactoryFinderInterceptor.java:107)
  |      [java]     at org.jboss.ejb.SessionContainer.internalInvokeHome(SessionContainer.java:637)
  |      [java]     at org.jboss.ejb.Container.invoke(Container.java:975)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |      [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |      [java]     at java.lang.reflect.Method.invoke(Method.java:585)
  |      [java]     at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
  |      [java]     at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
  |      [java]     at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
  |      [java]     at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
  |      [java]     at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
  |      [java]     at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819)
  |      [java]     at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |      [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |      [java]     at java.lang.reflect.Method.invoke(Method.java:585)
  |      [java]     at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294)
  |      [java]     at sun.rmi.transport.Transport$1.run(Transport.java:153)
  |      [java]     at java.security.AccessController.doPrivileged(Native Method)
  |      [java]     at sun.rmi.transport.Transport.serviceCall(Transport.java:149)
  |      [java]     at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:466)
  |      [java]     at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:707)
  |      [java]     at java.lang.Thread.run(Thread.java:595)
  |      [java] Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
  |      [java]     at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:213)
  |      [java]     at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |      [java]     at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |      [java]     at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |      [java]     at java.lang.reflect.Method.invoke(Method.java:585)
  |      [java]     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  |      [java]     at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  |      [java]     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  |      [java]     at java.security.AccessController.doPrivileged(Native Method)
  |      [java]     at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  |      [java]     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  |      [java]     at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
  |      [java]     at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
  |      [java]     at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
  |      [java]     at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:211)
  |      [java]     at org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:135)
  |      [java]     at org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:132)
  |      [java]     ... 25 more
  | 


On the server side, I get:

anonymous wrote : 
  | 16:36:31,383 DEBUG [UsersRolesLoginModule] Loaded properties, users=[kamil, gavin]
  | 16:36:31,383 DEBUG [UsersRolesLoginModule] Bad password for username=
  | 

Server JAAS info

My domain on the server is called: "mydomain"

and it is configured to use UsersRolesLoginModule.

The login-config.xml looks like this:


  |     <application-policy name="mydomain">
  |        <authentication>
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required">
  |            <module-option name="usersProperties">props/gavinjaas-users.properties</module-option>
  |            <module-option name="rolesProperties">props/gavinjaas-roles.properties</module-option>
  |           </login-module>
  |           <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
  |        </authentication>
  |     </application-policy>
  | 

I've checked the config via the jmx-console and it exists.


CLIENT SIDE

In my clientside auth.conf; I've tried to define it under the domain name "mydomain" and "other". Both will give me the same error.


  | mydomain {
  |    // jBoss LoginModule
  |    org.jboss.security.ClientLoginModule  required
  |    password-stacking="useFirstPass"
  |    ;
  |    //org.jboss.security.auth.spi.UsersRolesLoginModule required;
  | };
  | 

No LoginException is thrown during LoginContext.login(). It only happens when I call doAsPrivileged(..) like this:


  | LoginContext lc = new LoginContext( "mydomain", handler ); // also tried with "other" domain
  | lc.login(); // No errors
  | 
  | Subject subject = lc.getSubject();
  | System.out.println( "logined as [" + subject.toString() + "]" );  // Subject is empty
  | 
  | Subject.doAsPrivileged( subject, new PrivilegedAction() {   // exception thrown here
  |    public Object run()
  |    .....snip....
  | 
  | 

Please give me some ideas/tips because this is driving me insane. Thanks a lot.

Regards,

Tim

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4165276#4165276

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4165276

More information about the jboss-user mailing list