Hi All,
I have web application running on JBoss 4.0.4. I use LdapLoginModule to secure the EJB tier. In the web tier, I add a filter that perform JAAS login (using client-login module) for every incoming request. Everything works fine, user's principal and credentials are propagated successfully from web tier to EJB tier. Problem arises when I try to move web tier to standalone Tomcat(version 5.5.17). The user's principal is lost in the middle of method calls. Here's the call sequence: 1. do JAAS login in web tier 2. call method1 in EJB tier - successful 3. call method2 in EJB tier - successful 4. call method3 in EJB tier - failed, user's principal is NULL 5. do JAAS logout The strange thing is, I can invoke method3 in EJB tier successfully at least once if I try it a few times. Here's the stacktrace in Web tier (Tomcat): | java.rmi.AccessException: SecurityException; nested exception is: | javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required | at org.jboss.ejb.plugins.LogInterceptor.handleException(LogInterceptor.java:388) | at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:209) | at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor.java:1 36) | at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648) | at org.jboss.ejb.Container.invoke(Container.java:954) | at sun.reflect.GeneratedMethodAccessor96.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155) | at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94) | at org.jboss.mx.server.Invocation.invoke(Invocation.java:86) | at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264) | at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659) | at org.jboss.invocation.jrmp.server.JRMPInvoker$MBeanServerAction.invoke(JRMPInvoker.java:819) | at org.jboss.invocation.jrmp.server.JRMPInvoker.invoke(JRMPInvoker.java:420) | at sun.reflect.GeneratedMethodAccessor101.invoke(Unknown Source) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:294) | at sun.rmi.transport.Transport$1.run(Transport.java:153) | at java.security.AccessController.doPrivileged(Native Method) | at sun.rmi.transport.Transport.serviceCall(Transport.java:149) | at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:460) | at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:701) | at java.lang.Thread.run(Thread.java:595) | Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required | at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java: 213) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:585) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) | at javax.security.auth.login.LoginContext.login(LoginContext.java:579) | at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601) | at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535) | at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) | at org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:211 ) | at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:158) | at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205) | ... 23 more | Here's the stacktrace in EJB tier (JBoss): | 2006-09-29 17:24:29,011 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=admin | 2006-09-29 17:24:29,011 DEBUG [org.jboss.cache.interceptors.TxInterceptor] local transaction exists - registering global tx if not present for Thread[RMI TCP Connection(428)-127.0.0.1,5,RMI Runtime] | 2006-09-29 17:24:29,011 DEBUG [org.jboss.cache.interceptors.TxInterceptor] Transaction TransactionImpl:XidImpl[FormatId=257, GlobalId=quark/3739, BranchQual=, localId=3739] is already registered. | 2006-09-29 17:24:29,011 DEBUG [org.jboss.cache.interceptors.TxInterceptor] Running commit phase. One phase? false | 2006-09-29 17:24:29,011 DEBUG [org.jboss.cache.interceptors.TxInterceptor] Finished local commit/rollback method for GlobalTransaction:<null>:939 | 2006-09-29 17:24:29,011 DEBUG [org.jboss.cache.interceptors.TxInterceptor] Finished commit phase | 2006-09-29 17:24:29,011 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-09-29 17:24:29,011 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, [EMAIL PROTECTED],subject=null} | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] Begin isValid, principal:admin, cache info: [EMAIL PROTECTED](2890892)[EMAIL PROTECTED](admin)[EMAIL PROTECTED](Roles(members)),[EMAIL PROTECTED],expirationTime=1159522784170] | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] Begin validateCache, [EMAIL PROTECTED](2890892)[EMAIL PROTECTED](admin)[EMAIL PROTECTED](Roles(members)),[EMAIL PROTECTED],expirationTime=1159522784170];[EMAIL PROTECTED] | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] End validateCache, isValid=true | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] End isValid, true | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: admin | Principal: Roles(members) | , [EMAIL PROTECTED],subject=26629440} | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-09-29 17:24:29,014 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, [EMAIL PROTECTED],subject=26629440} | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] Begin isValid, principal:admin, cache info: [EMAIL PROTECTED](2890892)[EMAIL PROTECTED](admin)[EMAIL PROTECTED](Roles(members)),[EMAIL PROTECTED],expirationTime=1159522784170] | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] Begin validateCache, [EMAIL PROTECTED](2890892)[EMAIL PROTECTED](admin)[EMAIL PROTECTED](Roles(members)),[EMAIL PROTECTED],expirationTime=1159522784170];[EMAIL PROTECTED] | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] End validateCache, isValid=true | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] End isValid, true | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject: | Principal: admin | Principal: Roles(members) | , [EMAIL PROTECTED],subject=13167287} | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-09-29 17:24:29,022 TRACE [org.jboss.security.SecurityAssociation] getCallerPrincipal, principal=admin2006-09-29 17:24:29,022 TRACE [org.jboss.security.plugins.JaasSecurityManager.ofs-app] getPrincipal, cache info: [EMAIL PROTECTED](2890892)[EMAIL PROTECTED](admin)[EMAIL PROTECTED](Roles(members)),[EMAIL PROTECTED],expirationTime=1159522784170] | 2006-09-29 17:24:29,037 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-09-29 17:24:29,037 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, [EMAIL PROTECTED],subject=13167287} | 2006-09-29 17:24:29,040 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=null, [EMAIL PROTECTED],subject=null} | 2006-09-29 17:24:29,040 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-09-29 17:24:29,040 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null | 2006-09-29 17:24:29,040 TRACE [org.jboss.security.SecurityAssociation] popSubjectContext, [EMAIL PROTECTED],subject=null} | 2006-09-29 17:24:29,046 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=null, [EMAIL PROTECTED],subject=null} | 2006-09-29 17:24:29,046 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null | 2006-09-29 17:24:29,046 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null | 2006-09-29 17:24:29,046 DEBUG [org.jboss.cache.interceptors.TxInterceptor] local transaction exists - registering global tx if not present for Thread[RMI TCP Connection(428)-127.0.0.1,5,RMI Runtime] | I've searched the forum but I couldnt find any useful information related to my problem. Are there any additional configuration/steps that I've to do if I want to implement JAAS on seperate Tomcat + JBoss? Any help will be greatly appreciated. regards, View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975393#3975393 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975393 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
