Gentlemen,
I am attempting to authenticate users via JAAS NTLoginModule and repeatedly
recieve an ArrayIndexOutOfBoundsException wrapped in a LoginException. The
error is (packages removed for confidentiality purposes):
javax.security.auth.login.LoginException:
java.lang.ArrayIndexOutOfBoundsException
at com.sun.security.auth.module.NTSystem.getCurrent(Native Method)
at com.sun.security.auth.module.NTSystem.<init>(Unknown Source)
at com.sun.security.auth.module.NTLoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at -------confidential-------- .UserServiceBean.authenticate(
UserServiceBean.java:40)
at -------confidential-------- .UserServiceBean.registerNewUser(
UserServiceBean.java:130)
at -------confidential-------- .servlets.AppManagerInitServlet.init(
AppManagerInitServlet.java:33)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java
:243)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Unknown Source)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java
:275)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(
SecurityUtil.java:161)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(
SecurityUtil.java:114)
at org.apache.catalina.core.StandardWrapper.loadServlet(
StandardWrapper.java:1099)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java
:932)
at org.apache.catalina.core.StandardContext.loadOnStartup(
StandardContext.java:3917)
at org.apache.catalina.core.StandardContext.start(StandardContext.java
:4201)
at org.apache.catalina.core.ContainerBase.addChildInternal(
ContainerBase.java:759)
at org.apache.catalina.core.ContainerBase.access$000(ContainerBase.java
:121)
at org.apache.catalina.core.ContainerBase$PrivilegedAddChild.run(
ContainerBase.java:143)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java
:737)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:524)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:809)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java
:698)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java
:472)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1122)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java
:310)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(
LifecycleSupport.java:119)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1021)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1013)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java
:442)
at org.apache.catalina.core.StandardService.start(StandardService.java
:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java
:709)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:294)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:432)
NTSystem.getCurrent(Native Method) is a private method of NTSystem.
This code executed as a standalone application works perfectly. This code
executed in Tomcat 5.5 (not a servlet) fails. I have exhaustively researched
this on the web and have attempted to trace the problem in the JAAS source
code. The current operation has a servlet (AppManagerInitServlet)
initializing on Tomcat startup that attempts to authenticate a known user
(for testing purposes). I am currently executing this code with the Catalina
SecurityManager in place, but I have get the exact same results not using
the Catalina SecurityManager. For testing purposes, I have given my web
application java.security.AllPermission until this can be resolved. Beyond
instantiating a LoginContext and passing it my CallbackHandler I have no
idea why this would fail, especially since it works in one environment and
not another.
Please help.
=====================================================================================================================
My environment:
Windows XP SP2
JDK 1.5.0_06 ( I have also tested on 1.5.0_08 with the same results)
Tomcat 5.5.17
Relevant JVM switches:
-Djava.security.manager
-Djava.security.policy=D:\Program Files\Apache Software Foundation\Tomcat
5.5\conf\catalina.policy
-Djava.security.auth.login.config=D:\Program Files\Apache Software
Foundation\Tomcat 5.5\conf\jaas.conf
catalina.policy
// FOR TESTING PURPOSES ONLY
grant codeBase "file:${catalina.home}/webapps/myapp/-" {
permission java.security.AllPermission;
};
JAAS Config File:
mydomain {
com.sun.security.auth.module.NTLoginModule required debug=true;
};
--
Henry McClain
"Life is hard. Wear a helmet"
"Tell your wife that she looks pretty, even if she looks like a truck."
--
