Hello,
I was wondering if anyone familiar with
JBoss could help me with this JAAS and
checkSecurityAssociation problem.
Also, if it helps, this is a relevant
snippet frm ejb-jar.xml, which in indcluded
in the JAR file that is int he EAR file:
<assembly-descriptor>
<method-permission>
<role-name>guest</role-name>
...
...
Thank you,
Otis
---- On Mon, 18 Nov 2002, otisg
([EMAIL PROTECTED]) wrote:
> Hello,
>
> I am using JBoss 3.0.4 and trying to perform
> user authentication using JAAS, but I am
> getting the following error:
>
> Caused by: javax.ejb.EJBException:
> checkSecurityAssociation;
CausedByException is:
> Authentication exception, principal=admin
> at
>
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:174)
> at
>
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
> at
>
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
> ... 30 more
>
> In login-config.xml I have a custom Login
> Module defined.
> In that custom Login Module, which extends
> AbstractServerLoginModule, I have overridden
> methods:
>
> protected Principal getIdentity()
> protected Object getCredentials()
> protected String getUsername()
> protected Group[] getRoleSets()
>
> The body of my login() method looks like this:
>
> // if shared credentials exist already
> if (super.login() == true)
> {
> // get the previously set username
> Object username =
>
sharedState.get("javax.security.auth.login.name");
> if (username instanceof Principal)
> _userPrincipal = (Principal)
> username;
> else
> {
> // FIXME: OG: throw an
exception
> System.out.println("Username
> not instanceof Principal'");
> }
>
> // get the previously set password
> Object password =
>
sharedState.get("javax.security.auth.login.password");
> if (password instanceof char[])
> _credential = (char[])
password;
> else if (password != null)
> {
> String tmp =
> password.toString();
> _credential =
tmp.toCharArray();
> }
> return true;
> }
>
> // if shared credentials DO NOT
> exist yet
> loginOk = false;
>
> // hard-coded to correct
> username/password
> String username = "admin";
> String password = "password";
>
> // store the username and password
> in the shared state map
> if (getUseFirstPass() == true)
> {
>
>
sharedState.put("javax.security.auth.login.name",
> username);
>
>
sharedState.put("javax.security.auth.login.password",
> password);
> }
>
> // set AbstractServerLoginModule's
> loginOk instance variable to true, as
> // instructed by the
> AbstractServerLoginModule's javadoc
> loginOk = true;
> return true;
>
>
> Does anyone see any mistakes in this code?
> I have looked at UsernamePasswordLoginModule
> and DatabaseServerLoginModule, and the code
> above looks correct to me.
>
> And here is getRoleSets() method, in case
> that is the culprit:
>
> protected Group[] getRoleSets()
> throws LoginException
> {
> HashMap setsMap = new HashMap();
> String groupName = "Roles";
> SimpleGroup group = new
> SimpleGroup(groupName);
> setsMap.put(groupName, group);
> group.addMember(new
> SimplePrincipal("guest"));
>
> Group[] roleSets = new
> Group[setsMap.size()];
> setsMap.values().toArray(roleSets);
> return roleSets;
> }
>
> This is essentially lifted from
> DatabaseServerLoginModule.
>
> I've been stuck on this problem for a while
> (too embarrassing to say exactly how long).
>
> I have enabled DBEUG level logging via
> log4j-config.xml, but I still don't see
> anything that would help me figure out what
> the source of the problem is.
>
> Ladies and gentlemen, your donations will be
> greatly appreciated.
> (Can anyone from NYC recognize the blind
> subway musician usually riding the N line?
> The above is his line. :))
>
> Thank you,
> Otis
>
>
>
________________________________________________
> Get your own "800" number
> Voicemail, fax, email, and a lot more
> http://www.ureach.com/reg/tag
>
>
>
-------------------------------------------------------
> This sf.net email is sponsored by: To
learn the basics of securing
> your web site with SSL, click here to get
a FREE TRIAL of a Thawte
> Server Certificate:
http://www.gothawte.com/rd524.html
>
_______________________________________________
> JBoss-user mailing list
> [EMAIL PROTECTED]
>
https://lists.sourceforge.net/lists/listinfo/jboss-user
>
>
________________________________________________
Get your own "800" number
Voicemail, fax, email, and a lot more
http://www.ureach.com/reg/tag
-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
