Re: beware: stackTrace was: Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 10:04:57PM +0200, [EMAIL PROTECTED] wrote:
> Just checking, but in your original post you described your loginmodule
> as:
> 
>   public  class MyLoginModule implements LoginModule {
> 
> however, your ClassCastException mentions:
> 
>   com.warenform.ima_frontend.interf.DabLoginModule.login
> 
> Can you check if you really are referring to the same classes (also in
> login.conf)?
> 
> Michiel

jup - ;) doublechecked. my first post was more like an 'abstract' post.
meanwhile its getting very specific. hope not to bother...

rene

-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

beware: stackTrace was: Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 03:33:27PM -0400, Shapira, Yoav wrote:
> 
> Hi,
> What's the stack trace for the ClassCastException?

here it comes:

rene

--
javax.security.auth.login.LoginException: java.lang.ClassCastException
at
com.warenform.ima_frontend.interf.DabLoginModule.login(DabLoginModule.java:56)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at
com.warenform.ima_frontend.action.DabLoginAction.execute(DabLoginAction.java:185)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:106)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825)
at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:717)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:576)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:534)

at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:730)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at
com.warenform.ima_frontend.action.DabLoginAction.execute(DabLoginAction.java:185)
at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:525)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:214)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:407)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:106)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:825

Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 03:16:17PM -0400, Shapira, Yoav wrote:
> 
> Hi,
> Can you put the login module in common/lib as well, to see if it being
> loaded by the common classloader makes a difference?

first: thanks a lot for your efforts.

i can, i did change the location for the loginModule, so that it gets
loaded by StandardClassLoader:

DEBUG [http-8080-Processor25] (DabLoginAction.java:177) - handler in
servlet loaded : [EMAIL PROTECTED]
DEBUG [http-8080-Processor25] (DabLoginAction.java:183) - servlet
classloader logincontext: null
DEBUG [http-8080-Processor25] (DabLoginModule.java:44) - init:
callbackHandler declared by class javax.security.auth.login.LoginContext
DEBUG [http-8080-Processor25] (DabLoginModule.java:45) - init:
callbackHandler is:
javax.security.auth.login.LoginContext$SecureCallbackHandler
DEBUG [http-8080-Processor25] (DabLoginModule.java:46) - init:
callbackHandler loaded by: null
DEBUG [http-8080-Processor25] (DabLoginModule.java:54) - loginmodule
loaded by: [EMAIL PROTECTED]
DEBUG [http-8080-Processor25] (DabLoginModule.java:55) -
javax.security.auth.login.LoginContext$SecureCallbackHandler
(initialized handler) loaded: null
javax.security.auth.login.LoginException: java.lang.ClassCastExceptioni


but same cce

rene



-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 02:28:59PM -0400, Shapira, Yoav wrote:
> 
> Hi,
> I didn't follow the rest of your thread.  Your callback handler is
> loaded from common/lib, not WEB-INF/lib, right?
> 
> Yoav Shapira

if i call the handler on my servlet, the handler is loaded by StandardClassLoader
from common/lib

but i guess somewhere here is my problem - just that i dont see it.


--- snip ---
DEBUG [http-8080-Processor24] (DabLoginAction.java:177) - handler in
servlet loaded :
[EMAIL PROTECTED]
[http-8080-Processor24] (DabLoginModule.java:43) - init: callbackHandler
declared by class javax.security.auth.login.LoginContext
DEBUG [http-8080-Processor24] (DabLoginModule.java:44) - init:
callbackHandler is:
javax.security.auth.login.LoginContext$SecureCallbackHandler
DEBUG [http-8080-Processor24] (DabLoginModule.java:45) - init:
callbackHandler loaded by: null
DEBUG [http-8080-Processor24] (DabLoginModule.java:53) - loginmodule
loaded by: [WebappClassLoader 

greetings 
rene

-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 11:01:28AM -0400, Shapira, Yoav wrote:
> 
> Hi,
> I just committed a fairly big patch from Andrew Jaquith last night that
> addresses numerous issues encountered when using the JAASRealm with
> custom user and role class names.  You may wish to build from CVS and
> see if this patch fixes your exception.   The patch was in Bugzilla
> issue 28631 if you want to look it up.

thanks for your advice.

the good news:
checked out, built, deployed.

the bad news:
same ClassCastException:

i`ll give u the relevant parts:


[DabLoginModule]

...
(52) public boolean login() throws LoginException {

(54)   logger.debug("loginmodule loaded by: ["
+this.getClass().getClassLoader()+"]");
(55)   logger.debug(this.handler.getClass().getName()+ 
"(initialized handler) loaded:"
+this.handler.getClass().getClassLoader()); 

(56)  DabCallBackHandler handler = (DabCallBackHandler) this.handler;
  
(57)  logger.debug("name: ["+handler.getClass().getName()+
"] loader: ["+handler.getClass().getClassLoader()+"]");
(58)  logger.debug("test if works:"+handler.getUsername());
...


which results in a log of:

DEBUG [http-8080-Processor25] (DabLoginModule.java:54) - loginmodule
loaded by: [WebappClassLoader ...
DEBUG [http-8080-Processor25] (DabLoginModule.java:55) -
javax.security.auth.login.LoginContext$SecureCallbackHandler
(initialized handler) loaded: null

javax.security.auth.login.LoginException: java.lang.ClassCastException
at
com.warenform.ima_frontend.interf.DabLoginModule.login(DabLoginModule.java:56)



any more hints? 

greetings
rene


-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: RE : too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 04:26:44PM +0200, LERBSCHER Jean-Pierre wrote:
> Why do you have a ClassCastException exception ?
> Could you give us more detail on your realm configuration ?
> Do you configured a jass realm with custom userClassNames and roleClassNames
> attributes ? or any thing else.


okay, my context configuration looks like:



my login.conf shows:

dabRealm {
  com.warenform.ima_frontend.interf.DabLoginModule  REQUIRED;
};

loginModule/Role/Principal-classes are visible to $CATALINA_HOME/common/lib

and the way i invoke the whole thing is via 

servlet which is called by url /login.do - 

creates my DabCallBackHandler ,
pushes this into new LoginContext
module gets invoked - and creates exception like described in the
thread-start.

hm - am i lost?

rene




-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: too many JAAS...

2004-09-22 Thread Rene Paulokat 
On Wed, Sep 22, 2004 at 03:47:08PM +0200, Michiel Toneman wrote:

> You can have a look at 
> http://www.kopz.org/public/documents/tomcat/jaasintomcat.html
> 
> It contains a "known-good" approach so it may be of some use to you.

hi michiel,
yes, i found that already, but i thought this is not *very* different
from my approach:

in this example 'SecurityFilter' does the same thing like my
Login-servlet:

creates new LoginContext - passes over the CallBackhandler - here
'HttpAuthCallBackhandler' and finally calls login-method of loginModule.

additionally it puts 'Subject' into user's Session, to be reused when
needed. fine thing.

i think i am missing some more basic thing - cause of my beloved
ClassCastException, when my loginModule starts to act...

or - is it the only way to accomplish the task with that kind of
'SecurityFilter' - which in the example acts upon every request?

thanks for your hint, i'am gonna implement it test-wise...

greetings
rene












-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

too many JAAS...

2004-09-22 Thread Rene Paulokat 
hi again,
fiddled araound with JAASRealm in tomcat 5.0.28
but still did not succeed.

so i`ll ask a few simple questions:
(which actually seemed already answered to me while reading tons of
faq/documentation - but it still does not work)

is it possible to authenticate users via servlet, when the actual page
does not include action-url 'j_security_check'
e.g. 

i need to do so, because 'MyCallbackHandler' needs more specific data

if so, is it fuerthermore possible to do smthng like:
 
 LoginContext ctx = new LoginContext("logonDef", new 
MyCallbackHandler(user,pass,object));
 ctx.login();

if so, why do i have loads of problems when i try to retrieve
MyCallbackHandler in my custom LoginModule when simple doin:

public  class MyLoginModule implements LoginModule {

 private Subject subject;
 private CallbackHandler handler;
 private Map sharedState;
 private Map options;
 private Logger logger;

 public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState,Map options) {

this.subject = subject;
this.handler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
this.logger = Logger.getLogger(MyLoginModule.class);
 }

 pubic boolean login() {
MyCallbackHandler myhandler = (MyCallbackHandler) this.handler;
// do something with it..
// but here the ClassCastException shows up ...

 }
...
}


thanks in advance..

insanely
rene

 
-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

JAASRealm / ClassCastException

2004-09-20 Thread Rene Paulokat 
hello,
since a couple days i try to increase my understanding of JAASRealm.
but this ongoing classcastexceptions do give me a hard time...

tomcat 5.0.28

my goal is to authenticate users via servlet (FORM).
so i tried this;

[LoginServlet]:
 
 MyCallbackHandler handler = new MyCallbackHandler(name,password);
 LoginContext context = new LoginContext("ModulName", handler);
 context.login();


which results in that wellknown cce, as soon as my modul in its
login-method wants to retrieve 'MyCallbackHandler'

[AuthModul]:
...

 public boolean login() throws LoginException {
   ...
   MyCallBackHandler handler = (MyCallBackHandler) this.handler;
   // right here the cce is thrown
   ...
...

so my thinking melts down to the following:
i would like to keep all classes below WEB-INF and dont want to touch 
$CATALINA_HOME/server/lib or - /common/lib

but where to put the custom AuthenticationModule, Handler, Principals
if this results in the reported loader-issue

the changelog for 5.0.28 mentions that u can define in your Realm-definition,
if the Auth-Module should be loaded by your context-classloader.
useContextClassLoader="true" //default

but even if i set it to false, its still loaded by the webappclassloader
AuthModule/MyCallbackhandler loaded by  WebAppClassloader, 
LoginContext / SecureCallbackhandler loaded by 'null' 

can anybody point me in the right direction?

thanks in advance

rene



-- 
gpg-key 8FC78254 http://www.so36.net/keys/rene.asc
fingerprint: E883 D359 3F56 51AF 0294  8BEB 16B3 15BD 8FC7 8254

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]