Hi.
I have created a simple custom login module which uses the principal created
by the standard PropertiesFileLoginModule and adds a principal containing a
group (which is looked up in a DB). I have configured a security realm in
the geronimo-application.xml contained in my application ear file including
both of these login modules as follows:
<gbean name="my-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType"
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2";
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
<attribute name="realmName">my-realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0";>
<log:login-module control-flag="REQUISITE"
wrap-principals="false">
<log:login-domain-name>my-properties-file</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
<log:option
name="usersURI">var/security/users.properties</log:option>
<log:option
name="groupsURI">var/security/groups.properties</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL"
wrap-principals="false">
<log:login-domain-name>my-sql-role</log:login-domain-name>
<log:login-module-class>my.company.security.realm.providers.SqlRoleLoginModule</log:login-module-class>
<log:option name="roleSelect">SELECT username,
group_name FROM user_groups WHERE username=?</log:option>
<log:option
name="dataSourceApplication">null</log:option>
<log:option name="dataSourceName">MyPool</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
Further, I have packaged the
"my.company.security.realm.providers.SqlRoleLoginModule" class in a jar file
(my-login-module-1.0.jar). I have tried the following approaches to get
this login module to load:
- Added my-login-module-1.0.jar to the root of my ear file.
- Added my-login-module-1.0.jar to the root of my ear file and added this
jar file to the MANIFEST classpath of an ejb-jar file which is also in the
ear file.
- Added my-login-module-1.0.jar to the geronimo repository by placing it
in the repository/my/company/my-login-module/1.0/my-login-module-1.0.jar
and added the following dependency to the dependency list in the
environment section of my geronimo-application.xml file:
<dependency>
<groupId>my.company</groupId>
<artifactId>my-login-module</artifactId>
<version>1.0</version>
<type>jar</type>
</dependency>
I am attempting to connect/authenicate in a remote JVM by setting up the
JNDI context and performing an EJB lookup as follows:
Properties p = new Properties();
p.put(Context.INITIAL_CONTEXT_FACTORY,
"org.openejb.client.RemoteInitialContextFactory");
p.put(Context.PROVIDER_URL, "ejbd://localhost:4201");
p.put("openejb.authentication.realmName", "my-realm");
p.put(Context.SECURITY_PRINCIPAL, "my_username");
p.put(Context.SECURITY_CREDENTIALS, "my_password");
InitialContext ctx = new InitialContext(p);
Object obj = ctx.lookup("MyBusinessBeanRemote");
In all cases, I get the following error:
Caused by: javax.security.auth.login.LoginException: unable to find
LoginModule class: my.company.security.realm.providers.SqlRoleLoginModule in
classloader org.apache.geronimo.configs/openejb/2.0.2/car
[INFO] at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
[INFO] at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
[INFO] at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
[INFO] at java.security.AccessController.doPrivileged(Native Method)
[INFO] at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[INFO] at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
[INFO] at
org.apache.geronimo.security.ContextManager.login(ContextManager.java:77)
[INFO] at
org.apache.geronimo.openejb.GeronimoSecurityService.login(GeronimoSecurityService.java:52)
[INFO] at
org.apache.openejb.server.ejbd.AuthRequestHandler.processRequest(AuthRequestHandler.java:56)
[INFO] at
org.apache.openejb.server.ejbd.EjbDaemon.processAuthRequest(EjbDaemon.java:172)
[INFO] at
org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:130)
[INFO] at
org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:84)
[INFO] at
org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:60)
[INFO] at
org.apache.openejb.server.ServiceLogger.service(ServiceLogger.java:73)
[INFO] at
org.apache.openejb.server.ServiceAccessController.service(ServiceAccessController.java:55)
[INFO] at
org.apache.openejb.server.ServiceDaemon$1.run(ServiceDaemon.java:117)
[INFO] at java.lang.Thread.run(Thread.java:619)
I know that the dependency is getting at least recognized at ear deployment
time since, if I remove the login module jar file from the geronimo
repository, the deployment of the ear fails.
The only way I have been able to get the class to load is by placing it in
the lib/ext directory of my JRE installation, which doesn't seem like the
correct approach. I am using geronimo 2.0.2 on Windows XP and the 1.6.0_03
Sun JVM. Any help with resolving this issue, and getting geronimo to
correctly load this login module class, would be greatly appreciated. If
any additional information is needed, please let me know. Thanks.
- Brian
