Hi, I am New on JBoss Security, and new in English too!
Please, I need one simple Road Map for configure JAAS Kerberos Login on client
and propagate to JBoss 4.0.4 with EJB 3.
In the Client I have sucess with Kerberos Login, but I need use
LoginJNDIInitialContext or other method for Authenticate on JBoss server, and I
not have how I send my Password for KerberosLoginModule on JBoss JAAS, I Try
use the ClientLoginModule, but even so I need send the password too, but I only
have Kerberos Information after Login process, like KerberosPrincipal and
KerberosTiket and KerberosKey.
I dont know if I make wrong, I have read many papers foruns, like this, on
Internet and not undestand i need make for this work.
This is my config-login.xml:
| </application-policy>
| <application-policy name="KerberosTest">
| <authentication>
| <login-module flag="required"
code="org.jboss.security.ClientLoginModule">
| <module-option name="debug">true</module-option>
| </login-module>
| <login-module
code="com.sun.security.auth.module.Krb5LoginModule" llag="required">
| <module-option name =
"debug">true</module-option>
| </login-module>
| <login-module
code="examples.jaaskeberos.loginmodule.MyLoginModule" flag="required">
| <module-option
name="group.file">data/group.properties</module-option>
| <module-option name="debug">true</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
This is my Client Code for get InitialContext on JBoss:
| props.put("java.naming.factory.initial",
"org.jboss.security.jndi.JndiLoginInitialContextFactory");
| props.put(Context.SECURITY_PRINCIPAL,
((KerberosPrincipal)subject.getPrincipals(KerberosPrincipal.class).toArray()[0]).getName());
| // Here I need my Credencials, How I get?
| // props.put(Context.SECURITY_CREDENTIALS, "?????????????????");
| InitialContext ctx = new InitialContext(props);
| .....
| // here I get and use EJB3
|
this is the JBoss log:
| 2006-12-06 17:34:41,113 DEBUG
[org.jboss.remoting.transport.socket.ServerThread] WAKEUP in SERVER THREAD
| 2006-12-06 17:34:41,114 DEBUG
[org.jboss.remoting.transport.socket.ServerThread] beginning dorun
| 2006-12-06 17:34:42,216 INFO
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Inicializado
| 2006-12-06 17:34:42,217 INFO
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: null
| 2006-12-06 17:34:42,218 INFO
[examples.jaaskerberos.ejb.EJBSeguroStatefull] PostConstruct
| 2006-12-06 17:34:42,218 INFO
[examples.jaaskerberos.ejb.EJBSeguroStatefull] Context: [EMAIL PROTECTED]
| 2006-12-06 17:34:42,219 INFO [STDOUT] Debug is true storeKey false
useTicketCache false useKeyTab false doNotPrompt false ticketCache is null
KeyTab is null refreshKrb5Config is false principal is null tryFirstPass is
false useFirstPass is false storePass is false clearPass is false
| 2006-12-06 17:34:42,220 INFO [STDOUT] [Krb5LoginModule] user
entered username: [EMAIL PROTECTED]
| 2006-12-06 17:34:42,360 INFO
[examples.jaaskeberos.loginmodule.MyLoginModule]
/home/projetos/java/ferramentas/jboss-versions/jboss-4.0.5.GA/data/group.properties2006-12-06
2006-12-06 17:34:42,475 DEBUG
[org.jboss.remoting.transport.socket.ServerThread] begin thread wait
|
and this is client erro msg:
| Exception in thread "main" javax.ejb.EJBAccessException: Authentication
failure
| at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:70)
| at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)
| at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
| at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
| at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
| at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
| at
org.jboss.remoting.RemoteClientInvoker.invoke(RemoteClientInvoker.java:190)
| at org.jboss.remoting.Client.invoke(Client.java:525)
| at org.jboss.remoting.Client.invoke(Client.java:488)
| at
org.jboss.aspects.remoting.InvokeRemoteInterceptor.invoke(InvokeRemoteInterceptor.java:55)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.aspects.tx.ClientTxPropagationInterceptor.invoke(ClientTxPropagationInterceptor.java:61)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.aspects.security.SecurityClientInterceptor.invoke(SecurityClientInterceptor.java:55)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.remoting.IsLocalInterceptor.invoke(IsLocalInterceptor.java:78)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.stateful.StatefulRemoteProxy.invoke(StatefulRemoteProxy.java:133)
| at $Proxy1.echoComSeguranca_1(Unknown Source)
| at
examples.jaaskerberos.JaasAcn.testaUsoDeAutorizacaoComEJB3(JaasAcn.java:152)
| at examples.jaaskerberos.JaasAcn.main(JaasAcn.java:88)
| Caused by: javax.security.auth.login.LoginException:
java.lang.IllegalArgumentException: EncryptionKey: Key bytes cannot be null!
| at sun.security.krb5.EncryptionKey.<init>(EncryptionKey.java:189)
| at
sun.security.krb5.EncryptionKey.acquireSecretKeys(EncryptionKey.java:167)
| at
com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:626)
| at
com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:512)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
| at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
| at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
| at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
| at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
| at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
| at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
| at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
|
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
| at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:601)
| at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:535)
| at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
| at
org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)
| at
org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)
| at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:102)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:47)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)
| at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)
| at
org.jboss.ejb3.stateful.StatefulContainer.dynamicInvoke(StatefulContainer.java:319)
| at org.jboss.aop.Dispatcher.invoke(Dispatcher.java:106)
| at
org.jboss.aspects.remoting.AOPRemotingInvocationHandler.invoke(AOPRemotingInvocationHandler.java:82)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:828)
| at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:681)
| at
org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:358)
| at
org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:412)
| at
org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:239)
|
Thanks very much!
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3991777#3991777
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3991777
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
