[jboss-user] [Beginners Corner] - Single RoadMap for User Login on Swing and JBOSS

Mon, 11 Dec 2006 06:48:25 -0800 

Hi, I am New on JBoss Security, and new in English too!

Please, I need one simple Road Map for configure JAAS Kerberos Login on client 
and propagate to JBoss 4.0.4 with EJB 3.

In the Client I have sucess with Kerberos Login, but I need use 
LoginJNDIInitialContext or other method for Authenticate on JBoss server, and I 
not have how I send my Password for KerberosLoginModule on JBoss JAAS, I Try 
use the ClientLoginModule, but even so I need send the password too, but I only 
have Kerberos Information after Login process, like KerberosPrincipal and 
KerberosTiket and KerberosKey.

I dont know if I make wrong, I have read many papers foruns, like this, on 
Internet and not undestand i need make for this work.

This is my config-login.xml:

  |     </application-policy>
  |     <application-policy name="KerberosTest">
  |             <authentication>
  |                     <login-module flag="required" 
code="org.jboss.security.ClientLoginModule">
  |                             <module-option name="debug">true</module-option>
  |                     </login-module>
  |                     <login-module 
code="com.sun.security.auth.module.Krb5LoginModule" llag="required">
  |                             <module-option name = 
"debug">true</module-option>
  |                     </login-module>
  |                 <login-module 
code="examples.jaaskeberos.loginmodule.MyLoginModule" flag="required">
  |                     <module-option 
name="group.file">data/group.properties</module-option>
  |                             <module-option name="debug">true</module-option>
  |                 </login-module>
  |     </authentication>
  |     </application-policy>
  | 
This is my Client Code for get InitialContext on JBoss:

  |         props.put("java.naming.factory.initial", 
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
  |         props.put(Context.SECURITY_PRINCIPAL,                        
((KerberosPrincipal)subject.get
  | Principals(KerberosPrincipal.class).toArray()[0]).getName());
  | // Here I need my Credencials, How I get?
  | //        props.put(Context.SECURITY_CREDENTIALS,  "?????????????????");
  |         InitialContext ctx = new InitialContext(props);
  | .....
  | // here I get and use EJB3
  | 
this is the JBoss log:

  | 2006-12-06 17:34:41,113 DEBUG 
[org.jboss.remoting.transport.socket.ServerThread] WAKEUP in SERVER TH
  | READ
  | 2006-12-06 17:34:41,114 DEBUG 
[org.jboss.remoting.transport.socket.ServerThread] beginning dorun
  | 2006-12-06 17:34:42,216 INFO  
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Inicializado
  | 2006-12-06 17:34:42,217 INFO  
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: null
  | 2006-12-06 17:34:42,218 INFO  
[examples.jaaskerberos.ejb.EJBSeguroStatefull] PostConstruct
  | 2006-12-06 17:34:42,218 INFO  
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: org.jboss.ejb3
  | [EMAIL PROTECTED]
  | 2006-12-06 17:34:42,219 INFO  [STDOUT] Debug is  true storeKey false 
useTicketCache false useKeyTab 
  | false doNotPrompt false ticketCache is null KeyTab is null 
refreshKrb5Config is false principal is n
  | ull tryFirstPass is false useFirstPass is false storePass is false 
clearPass is false
  | 2006-12-06 17:34:42,220 INFO  [STDOUT]          [Krb5LoginModule] user 
entered username: carlos.delf
  | [EMAIL PROTECTED]
  | 2006-12-06 17:34:42,360 INFO  
[examples.jaaskeberos.loginmodule.MyLoginModule] /home/projetos/java/f
  | erramentas/jboss-versions/jboss-4.0.5.GA/data/group.properties2006-12-06 
2006-12-06 17:34:42,475 DEB
  | UG [org.jboss.remoting.transport.socket.ServerThread] begin thread wait
  | 
and this is client erro msg:

  | Exception in thread "main" javax.ejb.EJBAccessException: Authentication 
failure
  |     at 
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3Authent
  | icationInterceptor.java:70)
  |     at 
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
  |     at 
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:
  | 102)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
  |     at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
  |     at 
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java
  | :82)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
  |     at 
org.jboss.remoting.RemoteClientInvoker.invoke(RemoteClientInvoker.java:190)
  |     at org.jboss.remoting.Client.invoke(Client.java:525)
  |     at org.jboss.remoting.Client.invoke(Client.java:488)
  |     at 
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:55)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:6
  | 1)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:55)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:78)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.stateful.StatefulRemoteProxy.invoke(StatefulRemoteProxy.java:133)
  |     at $Proxy1.echoComSeguranca_1(Unknown Source)
  |     at 
examples.jaaskerberos.JaasAcn.testaUsoDeAutorizacaoComEJB3(JaasAcn.java:152)
  |     at examples.jaaskerberos.JaasAcn.main(JaasAcn.java:88)
  | Caused by: javax.security.auth.login.LoginException: 
java.lang.IllegalArgumentException: EncryptionK
  | ey: Key bytes cannot be null!
  |     at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:189)
  |     at 
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:167)
  |     at 
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:626)
  |     at 
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
  |     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
  |     at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
  |     at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  |     at java.lang.reflect.Method.invoke(Method.java:585)
  |     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
  |     at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  |     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  |     at java.security.AccessController.doPrivileged(Native Method)
  |     at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  |     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
  |     at 
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java
  | :123)
  |     at 
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
  |     at 
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:
  | 102)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
  |     at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
  |     at 
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java
  | :82)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
  | 
  |     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
  |     at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
  |     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
  |     at java.security.AccessController.doPrivileged(Native Method)
  |     at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
  |     at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
  |     at 
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
  |     at 
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java
  | :123)
  |     at 
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
  |     at 
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:
  | 102)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
  |     at 
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
  |     at 
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
  |     at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
  |     at 
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java
  | :82)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
  |     at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
  |     at 
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
  | 
Thanks very much!

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3992776#3992776

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3992776
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to