Hi, I am New on JBoss Security, and new in English too! Please, I need one simple Road Map for configure JAAS Kerberos Login on client and propagate to JBoss 4.0.4 with EJB 3.
In the Client I have sucess with Kerberos Login, but I need use LoginJNDIInitialContext or other method for Authenticate on JBoss server, and I not have how I send my Password for KerberosLoginModule on JBoss JAAS, I Try use the ClientLoginModule, but even so I need send the password too, but I only have Kerberos Information after Login process, like KerberosPrincipal and KerberosTiket and KerberosKey. I dont know if I make wrong, I have read many papers foruns, like this, on Internet and not undestand i need make for this work. This is my config-login.xml: | </application-policy> | <application-policy name="KerberosTest"> | <authentication> | <login-module flag="required" code="org.jboss.security.ClientLoginModule"> | <module-option name="debug">true</module-option> | </login-module> | <login-module code="com.sun.security.auth.module.Krb5LoginModule" llag="required"> | <module-option name = "debug">true</module-option> | </login-module> | <login-module code="examples.jaaskeberos.loginmodule.MyLoginModule" flag="required"> | <module-option name="group.file">data/group.properties</module-option> | <module-option name="debug">true</module-option> | </login-module> | </authentication> | </application-policy> | This is my Client Code for get InitialContext on JBoss: | props.put("java.naming.factory.initial", "org.jboss.security.jndi.JndiLoginInitialContextFactory"); | props.put(Context.SECURITY_PRINCIPAL, ((KerberosPrincipal)subject.get | Principals(KerberosPrincipal.class).toArray()[0]).getName()); | // Here I need my Credencials, How I get? | // props.put(Context.SECURITY_CREDENTIALS, "?????????????????"); | InitialContext ctx = new InitialContext(props); | ..... | // here I get and use EJB3 | this is the JBoss log: | 2006-12-06 17:34:41,113 DEBUG [org.jboss.remoting.transport.socket.ServerThread] WAKEUP in SERVER TH | READ | 2006-12-06 17:34:41,114 DEBUG [org.jboss.remoting.transport.socket.ServerThread] beginning dorun | 2006-12-06 17:34:42,216 INFO [examples.jaaskerberos.ejb.EJBSeguroStatefull] Inicializado | 2006-12-06 17:34:42,217 INFO [examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: null | 2006-12-06 17:34:42,218 INFO [examples.jaaskerberos.ejb.EJBSeguroStatefull] PostConstruct | 2006-12-06 17:34:42,218 INFO [examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: org.jboss.ejb3 | [EMAIL PROTECTED] | 2006-12-06 17:34:42,219 INFO [STDOUT] Debug is true storeKey false useTicketCache false useKeyTab | false doNotPrompt false ticketCache is null KeyTab is null refreshKrb5Config is false principal is n | ull tryFirstPass is false useFirstPass is false storePass is false clearPass is false | 2006-12-06 17:34:42,220 INFO [STDOUT] [Krb5LoginModule] user entered username: carlos.delf | [EMAIL PROTECTED] | 2006-12-06 17:34:42,360 INFO [examples.jaaskeberos.loginmodule.MyLoginModule] /home/projetos/java/f | erramentas/jboss-versions/jboss-4.0.5.GA/data/group.properties2006-12-06 2006-12-06 17:34:42,475 DEB | UG [org.jboss.remoting.transport.socket.ServerThread] begin thread wait | and this is client erro msg: | Exception in thread "main" javax.ejb.EJBAccessException: Authentication failure | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3Authent | icationInterceptor.java:70) | at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70) | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java: | 102) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319) | at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106) | at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java | :82) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681) | at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358) | at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412) | at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239) | at org.jboss.remoting.RemoteClientInvoker.invoke(RemoteClientInvoker.java:190) | at org.jboss.remoting.Client.invoke(Client.java:525) | at org.jboss.remoting.Client.invoke(Client.java:488) | at org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:55) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:6 | 1) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:55) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:78) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.stateful.StatefulRemoteProxy.invoke(StatefulRemoteProxy.java:133) | at $Proxy1.echoComSeguranca_1(Unknown Source) | at examples.jaaskerberos.JaasAcn.testaUsoDeAutorizacaoComEJB3(JaasAcn.java:152) | at examples.jaaskerberos.JaasAcn.main(JaasAcn.java:88) | Caused by: javax.security.auth.login.LoginException: java.lang.IllegalArgumentException: EncryptionK | ey: Key bytes cannot be null! | at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:189) | at sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:167) | at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:626) | at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java | :123) | at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66) | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java: | 102) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319) | at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106) | at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java | :82) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681) | at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358) | at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412) | at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239) | | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java | :123) | at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66) | at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java: | 102) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106) | at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101) | at org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319) | at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106) | at org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java | :82) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828) | at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681) | at org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358) | at org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412) | at org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239) | Thanks very much! View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992776#3992776 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3992776 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user