[jboss-user] [Security & JAAS/JBoss] - Basic HTTP authentication for WSDL (using JAAS LoginModule)

TimStorms do-not-reply at jboss.com
Mon Aug 17 09:41:57 EDT 2009 

Hi,

I'm trying to use basic HTTP authentication for my WSDL. The user credentials should be validated by a (JAAS) LoginModule for Atlassian Crowd. Somehow the deployment of my EAR file fails. The following stacktrace shows up in my logs:


  | java.lang.NullPointerException
  | 	at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorFactory.createPerClass(RoleBasedAuthorizationInterceptorFactory.java:49)
  | 	at org.jboss.aop.advice.AspectFactoryDelegator.createPerClass(AspectFactoryDelegator.java:107)
  | 	at org.jboss.aop.Advisor.addPerClassAspect(Advisor.java:569)
  | 	at org.jboss.aop.advice.ScopedInterceptorFactory.create(ScopedInterceptorFactory.java:72)
  | 	at org.jboss.aop.Advisor.createInterceptorChain(Advisor.java:618)
  | 	at org.jboss.aop.Advisor.pointcutResolved(Advisor.java:888)
  | 	at org.jboss.aop.Advisor.resolveMethodPointcut(Advisor.java:650)
  | 	at org.jboss.aop.ClassContainer.createInterceptorChains(ClassContainer.java:248)
  | 	at org.jboss.aop.ClassContainer.rebuildInterceptors(ClassContainer.java:115)
  | 	at org.jboss.aop.ClassContainer.initializeClassContainer(ClassContainer.java:58)
  | 	at org.jboss.ejb3.EJBContainer.processMetadata(EJBContainer.java:342)
  | 	at org.jboss.ejb3.SessionContainer.processMetadata(SessionContainer.java:140)
  | 	at org.jboss.ejb3.Ejb3Deployment.processEJBContainerMetadata(Ejb3Deployment.java:292)
  | 	at org.jboss.ejb3.Ejb3Deployment.start(Ejb3Deployment.java:356)
  | 	at org.jboss.ejb3.Ejb3Module.startService(Ejb3Module.java:91)
  | 	at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
  | 	at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
  | 	at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
  | 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  | 	at java.lang.reflect.Method.invoke(Unknown Source)
  | 	at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
  | 	at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
  | 	at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
  | 	at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
  | 	at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
  | 	at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
  | 	at $Proxy0.start(Unknown Source)
  | 

Apparantly the RoleBasedAuthorizationInterceptorFactory throws an exception on line 49. When I checked its source, I've found the following code:

ctx.lookup("java:/jaas/" + securityAnnotation.value());

Probably, this means that the class doesn't find my SecurityDomain annotation, while it IS present. I've got the following annotations on my web service:


  | @Stateless
  | @SecurityDomain("mydomain")
  | @SOAPBinding(style = SOAPBinding.Style.RPC, use = SOAPBinding.Use.LITERAL)
  | @WebService(name = "ProjectWebService", targetNamespace = "url", serviceName = "service")
  | @WebContext(urlPattern = "/url", authMethod ="BASIC", transportGuarantee ="NONE", secureWSDLAccess = false)
  | @RolesAllowed("admin")
  | @Remote(clazz.class)
  | 

Other things I've done:
web.xml:


  | <security-constraint>
  | 	<web-resource-collection>	
  | 		<web-resource-name>wsdl</web-resource-name>
  | 		<url-pattern>/url</url-pattern>	
  | 	</web-resource-collection>
  | 	<auth-constraint>	
  | 		<role-name>admin</role-name>
  | 	</auth-constraint>	
  | </security-constraint>
  | <login-config>
  | 	<auth-method>BASIC</auth-method>
  | </login-config>
  | <security-role>		
  | 	<role-name>admin</role-name>	
  | </security-role>
  | 

login-config.xml (in the conf folder):

  | <application-policy name="mydomain">
  |        <authentication>
  |           <login-module code="com.atlassian.crowd.application.jaas.CrowdLoginModule" flag = "required">
  |            <module-option name="application.name">admin</module-option>
  |            <module-option name="application.password">admin</module-option>
  |            <module-option name="crowd.server.url">server/</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 

This is the code which should be responsible for authenticating the users. What am I doing wrong here? Thanks!

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4249936#4249936

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4249936

More information about the jboss-user mailing list