Hi guys,
I've been looking for a similar topic in this forum, but I didn't find any. I
hope someone knows what I'm doing wrong.
I'm trying to implement the authentication schema for the web module of my
application. I've written a custom LoginModule and a custom passive
CallbackHandler for this. I've no problem to deploy my application, and I got
to see my login page, but when I try to login, I get a LoginException caused by
a ClassCastException in login() method from my custom LoginModule.
I've saw that the JBoss got to load my custom LoginModule, but can't
initialized it with my custom CallbackHandler. Below is the part of my code
that tries to perform the authentication:
| CallbackHandler cbh = new
WebPasswordCallbackHandler(this.password);
| LoginContext lc = new LoginContext("auth-jndi", cbh);
| lc.login();
| subject = lc.getSubject();
|
And now the related code from my custom LoginModule
| public void initialize(Subject sub, CallbackHandler cbh, Map
sharedState,
| Map options) {
| this.subject = sub;
| this.callbackHandler = cbh;
|
| try {
| Context ctx = new InitialContext();
| ds = (DataSource) ctx.lookup("OracleDS");
| } catch (NamingException ne) {
|
| }
| }
|
|
| public boolean login() throws LoginException {
| if (ds == null) {
| throw new LoginException("Erro ao inicializar
DataSource");
| }
|
| if (callbackHandler == null) {
| throw new LoginException("Nenhum CallbackHandler
definido");
| }
|
| // Obtendo senha
| String password = ((WebPasswordCallbackHandler) callbackHandler)
| .getPassword();
| .
| .
| .
| }
|
The problem is in the last line from the code above. When I try to get the
password from the callbackHandler, because it is of type SecureCallbackHandler,
even I have passed a WebPasswordCallbackHandler when creating the LoginContext
(in the first code). So, I believe the problem is in the calling of the
initialize method.
I'm using JBoss 4.0.2, and my login configuration is being deployed together
with my application, through a sar file. Below I'm showing the configuration
files for my application:
jboss-app.xml
| <jboss-app>
| <loader-repository>
| myApp:loader=myApp.ear
| <loader-repository-config>
| java2ParentDelegation=false
| </loader-repository-config>
| </loader-repository>
|
| <module>
| <service>authService.sar</service>
| </module>
| </jboss-app>
|
jboss-web.xml
| <jboss-web>
| <security-domain>auth-jndi</security-domain>
| </jboss-web>
|
jboss-service.xml
| <server>
| <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
| name="jboss:service=DynamicLoginConfig">
| <attribute
name="AuthConfig">META-INF/login-config.xml</attribute>
|
| <depends optional-attribute-name="LoginConfigService">
| jboss.security:service=XMLLoginConfig
| </depends>
|
| <depends optional-attribute-name="SecurityManagerService">
| jboss.security:service=JaasSecurityManager
| </depends>
| </mbean>
| </server>
|
login-config.xml
| <policy>
| <application-policy name="auth-jndi">
| <authentication>
| <login-module code="app.util.auth.LoginModule"
| flag="required" />
| </authentication>
| </application-policy>
| </policy>
|
And here is the error from the jboss log file
| 10:29:50,512 INFO [STDOUT] [123456] class
javax.security.auth.login.LoginContext$SecureCallbackHandler
| 10:29:50,533 ERROR [InvokeApplicationPhase] #{LoginModel.login}:
javax.faces.el.EvaluationException: javax.security.auth.login.LoginException:
java.lang.ClassCastException:
javax.security.auth.login.LoginContext$SecureCallbackHandler
| at app.util.auth.LoginModule.login(LoginModule.java:76)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
| at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
| at java.security.AccessController.doPrivileged(Native Method)
| at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
| at app.util.auth.LoginModel.login(LoginModel.java:39)
| at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
| at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
| at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
| at java.lang.reflect.Method.invoke(Method.java:585)
| at com.sun.faces.el.MethodBindingImpl.invoke(MethodBindingImpl.java:126)
| at
com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:72)
| at javax.faces.component.UICommand.broadcast(UICommand.java:312)
| at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:267)
| at
javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:381)
| at
com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:75)
| at com.sun.faces.lifecycle.LifecycleImpl.phase(LifecycleImpl.java:200)
| at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:90)
| at javax.faces.webapp.FacesServlet.service(FacesServlet.java:197)
| at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:252)
| at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:81)
| at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
| at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
| at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
| at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
| at
org.jboss.web.tomcat.security.CustomPrincipalValve.invoke(CustomPrincipalValve.java:39)
| at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:153)
| at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
| at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
| at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
| at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
| at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
| at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
| at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
| at
org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
| at
org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
| at java.lang.Thread.run(Thread.java:595)
|
Hope those information be useful. I'm stuck on this for many days. Any solution
or hint is welcome.
Thanks in advance,
Alexandre
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3889266#3889266
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3889266
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
