Re: [JBoss-user] Tomcat authentication problem 2
I'm not a Tomcat expert, but I believe that on your client side (in JSPs and servlets, that is) you should be using Tomcat style login interceptors. There is a JBoss interceptor that picks up the Tomcat principal and credential and assigns the SecurityAssociation to the thread. This way, as long as you have the JBoss security interceptor after the Tomcat interceptor, JBoss will get the principal and credential that are associated with that user's session. -danch Tobias Seelinger wrote: > > Hi, > > I am using JBoss 2.2 with embedded Tomcat and I have written my own > LoginModules for JAAS authentication. Calling secure Beans from a Java > client seems to work, but calling them from embedded Tomcat leads to a > Authentication exception. The exception gets thrown by the JBoss > SecurityInterceptor, because the Principal delivered by the > MethodInvocation is null. > But: it is not always null (which may be easy to debug). The Tomcat JSP > is calling a secure bean two times and sometimes the first call is > succesfully handled by my LoginModule and the second call has a null > Principal. Sometimes the first call leads to the exception... > > I am using a modified org.jboss.security.ClientLoginModule and it stores > the Principal in a SecurityAssociation object (ThreadLocal). Doesn't > Tomcat using several Threads to process requests from the same > client/session ? If I store the Principal in one Thread and the session > opens a new Thread, how does the Principal get updated ? This may be a > reason for the behaviour described above. > > Tobias. > > ___ > JBoss-user mailing list > [EMAIL PROTECTED] > http://lists.sourceforge.net/lists/listinfo/jboss-user Confidential e-mail for addressee only. Access to this e-mail by anyone else is unauthorized. If you have received this message in error, please notify the sender immediately by reply e-mail and destroy the original communication. ___ JBoss-user mailing list [EMAIL PROTECTED] http://lists.sourceforge.net/lists/listinfo/jboss-user
Re: [JBoss-user] Tomcat authentication problem
This problen is most probably caused by the inability of tomcat services to pass on the credential properly to the jBoss. The solution is to update your tomcat-services.jar with the latest code in contrib module. good luck ~jm Hein Saris wrote: > Hi, > > I have successfully installed jBoss2.2+Tomcat and have deployed an > application. > I have secured my EJB beans with JAAS. > When I access my beans with a Java client, I can use my ejb beans without any > problem after logging in. > If I try to access my beans from within a jsp (through a bean), I get the > following error: > > [PersonBean] javax.security.auth.login.LoginException: > java.lang.NullPointerException > at > >org.jboss.security.auth.SecurityAssociationHandler.getPassword(SecurityAssociationHandler.java:125) > at > >org.jboss.security.auth.SecurityAssociationHandler.handle(SecurityAssociationHandler.java:83) > at > javax.security.auth.login.LoginContext$4.run(LoginContext.java:731) > at java.security.AccessController.doPrivileged(Native Method) > at > >javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:727) > at > >org.jboss.security.plugins.samples.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:133) > at > >org.jboss.security.plugins.samples.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:76) > at > >org.jboss.security.plugins.samples.JaasServerLoginModule.login(JaasServerLoginModule.java:105) > at java.lang.reflect.Method.invoke(Native Method) > at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:595) > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:125) > at > javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) > at java.security.AccessController.doPrivileged(Native Method) > at > javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528) > at > javax.security.auth.login.LoginContext.login(LoginContext.java:449) > at > >org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:332) > at > >org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:301) > at > org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:193) > at > >org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:209) > at > org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:144) > at > org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:106) > at org.jboss.ejb.EntityContainer.invokeHome(EntityContainer.java:316) > at > >org.jboss.ejb.plugins.jrmp.server.JRMPContainerInvoker.invokeHome(JRMPContainerInvoker.java:436) > at > org.jboss.ejb.plugins.jrmp.interfaces.HomeProxy.invoke(HomeProxy.java:212) > at $Proxy62.findByPrimaryKey(Unknown Source) > at > be.idewe.planning.bean.PersonBean.processRequest(PersonBean.java:68) > at > >planning._0002fplanning_0002fperson_0002ejspperson_jsp_1._jspService(_0002fplanning_0002fperson_0002ejspperson_jsp_1.java:102) > at > org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) > at > org.apache.jasper.servlet.JspServlet$JspServletWrapper.service(JspServlet.java:177) > at > org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:318) > at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:391) > at javax.servlet.http.HttpServlet.service(HttpServlet.java:853) > at > org.apache.tomcat.core.ServletWrapper.doService(ServletWrapper.java:404) > at org.apache.tomcat.core.Handler.service(Handler.java:286) > at > org.apache.tomcat.core.ServletWrapper.service(ServletWrapper.java:372) > at > org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:797) > at > org.apache.tomcat.core.ContextManager.service(ContextManager.java:743) > at > >org.apache.tomcat.service.http.HttpConnectionHandler.processConnection(HttpConnectionHandler.java:210) > at > org.apache.tomcat.service.TcpWorkerThread.runIt(PoolTcpEndpoint.java:416) > at > org.apache.tomcat.util.ThreadPool$ControlRunnable.run(ThreadPool.java:498) > at java.lang.Thread.run(Thread.java:484) > > [PersonBean]at > javax.security.auth.login.LoginContext.invoke(LoginContext.java:650) > [PersonBean]at > javax.security.auth.login.LoginContext.access$000(LoginContext.java:125) > [PersonBean]at > javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) > [PersonBean]at java.security.AccessController.doPrivileged(Native Method) > [PersonBean]at > javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528) > [PersonBean]at > javax.s