JAAS NT Sample

I downloaded and installed the JAAS 1.0 jar. I then configured and ran the sample program and it worked fine. But when I changed the sample_jaas.config file to use com.sun.security.auth.module.NTLoginModule , I now get :
Unexpected Exception - unable to continue
javax.security.auth.login.LoginException: java.security.AccessControlException:
access denied (java.lang.RuntimePermission loadLibrary.nt)
Has anyone gotten the NT authentication piece to work? Can they share their experience with me?
Thanks,
Scott

Hi, Scott !
There is how...
If %JAVA_HOME% refers to the directory where the JDK was installed,
1) Copy jaasmod.jar and nt.* ( from jaasmod1_0-win.zip ) to %JAVA_HOME%\jre\lib\ext
2) Add following to sample_java2.policy:
/* grant the NTLoginModule AllPermission */
grant codebase "file:%AVA_HOME%/jre/lib/ext/jaasmod.jar" {
permission java.security.AllPermission;
permission java.lang.RuntimePermission "loadLibrary.nt";
3) Run sample.bat
I downloaded and installed the JAAS 1.0 jar. I then
configured and ran the sample program and it worked
fine. But when I changed the sample_jaas.config file
to use com.sun.security.auth.module.NTLoginModule , I
now get :
Unexpected Exception - unable to continue
javax.security.auth.login.LoginException:
java.security.AccessControlException:
access denied (java.lang.RuntimePermission
loadLibrary.nt)
Has anyone gotten the NT authentication piece to work?
Can they share their experience with me?
Thanks,
Scott

Similar Messages

JAAS LoginModule sample

Is there a sample on how to develop a custom JAAS LoginModule that uses Identity Server?

I also want the similar sample, If some has worked with it then please help us ...
Thanx
Yasir Khan

JAAS Documentation & Sample Program

Can someone point me to the web location for the WebLogic JAAS API
documentation? I have read the "Programming WebLogic Security" document
available at http://www.weblogic.com/docs60/pdf.html. The section on JAAS
refers to a number of programming interfaces in the weblogic.security.auth
package that do not seem to be documented in the online documentation
available at http://www.weblogic.com/docs60/javadocs/index.html. Also the
"Programming WebLogic Security" document refers to a sample application
stored at weblogic600/samples/examples/security/jaas. This program does not
seem to be included in the WebLogic 6.0 Beta download that I installed. Can
anyone point me to the location for this? Thanks.
Wilker Shane Bruce, Ph.D.
[email protected]

Both the API documentation and the complete sample code should be available
in the updated Beta2 version available on our website.
Wilker Shane Bruce, Ph.D. <[email protected]> wrote in message
news:[email protected]..
Can someone point me to the web location for the WebLogic JAAS API
documentation? I have read the "Programming WebLogic Security" document
available at http://www.weblogic.com/docs60/pdf.html. The section on JAAS
refers to a number of programming interfaces in the weblogic.security.auth
package that do not seem to be documented in the online documentation
available at http://www.weblogic.com/docs60/javadocs/index.html. Also the
"Programming WebLogic Security" document refers to a sample application
stored at weblogic600/samples/examples/security/jaas. This program doesnot
seem to be included in the WebLogic 6.0 Beta download that I installed.Can
anyone point me to the location for this? Thanks.
Wilker Shane Bruce, Ph.D.
[email protected]

How to Use Weblogic6.1 JAAS Sample in Servlet???

Hi there,
I am now developing JAAS security service based on weblogic. Here is the problem I met with:
1. There is no problem when invoking JAAS sample from application.
But Subject.doAs() is denied when moving the application to servlet.
2. It is said that when invoking JAAS from servlet,
an authenticated subject will be returned using:
Subject subjectTest = loginContext.getSubject();
How can I store the subject into the session and be called later?
3. getUserPrincipal(), isUserInRole() are two important
methods in authenticaion on web services.
How is the user principal and role stored in the session?
4. Where can I find some tutorials on invoking JAAS service from servlet?
Thanks.
============================================================
This is my source code
package examples.security.jaas;
import javax.servlet.*;
import javax.servlet.http.*;
import javax.naming.Context;
import javax.naming.InitialContext;
import java.io.*;
import java.util.*;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.TextOutputCallback;
import javax.security.auth.callback.TextInputCallback;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginContext;
import javax.security.auth.login.LoginException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.AccountExpiredException;
import javax.security.auth.login.CredentialExpiredException;
public class SampleServlet extends HttpServlet
public void doGet(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
doPost(req, res);
System.out.println("1\n");
public void doPost(HttpServletRequest req, HttpServletResponse res)
throws ServletException, IOException
HttpSession session = req.getSession(true);
res.setContentType("text/html");
PrintWriter out = res.getWriter();
System.out.println("2\n");
String username = req.getParameter("username");
String password = req.getParameter("password");
String url = req.getParameter("url");
LoginContext loginContext = null;
Context ctx = null;
try
// Set server url for SampleLoginModule
Properties property = new Properties(System.getProperties());
property.put("weblogic.security.jaas.ServerURL", "http://localhost:7001");
System.setProperties(property);
property = new Properties(System.getProperties());
property.put("weblogic.security.SSL.ignoredHostnameVerification", "TRUE");
System.setProperties(property);
// Set configuration class name to load SampleConfiguration
property = new Properties(System.getProperties());
property.put("weblogic.security.jaas.Configuration", "examples.security.jaas.SampleConfig");
System.setProperties(property);
// Set configuration file name to load sample configuration policy file
property = new Properties(System.getProperties());
property.put("weblogic.security.jaas.Policy", "Sample.policy");
System.setProperties(property);
// Create LoginContext; specify username/password login module
loginContext = new LoginContext("SamplePolicy", new MyCallbackHandler());
catch(SecurityException se)
se.printStackTrace();
System.exit(-1);
catch(LoginException le)
le.printStackTrace();
System.exit(-1);
System.out.println("SampleServlet:" + username + "\n");
// Attempt authentication
try
// If we return without an exception, authentication succeeded
loginContext.login();
catch(FailedLoginException fle)
out.println("Authentication Failed, " + fle.getMessage());
System.exit(-1);
catch(AccountExpiredException aee)
out.println("Authentication Failed: Account Expired");
System.exit(-1);
catch(CredentialExpiredException cee)
out.println("Authentication Failed: Credentials Expired");
System.exit(-1);
catch(Exception e)
out.println("Authentication Failed: Unexpected Exception, " + e.getMessage());
e.printStackTrace();
System.exit(-1);
// Retrieve authenticated subject, perform SampleAction as Subject
out.println("Authentication succeeded " );
System.out.println("===============start to trace333\n");
Subject subject = loginContext.getSubject();
System.out.println("Subject:"+subject.toString()+"\n");
System.out.println("Subject.getclass:" + subject.getClass().getName());
SampleAction sampleAction = new SampleAction();
Subject.doAs(subject, sampleAction);
System.out.println("4\n");
// System.exit(0);
========================================================
void doPost(
HttpServletRequest req,
HttpServletResponse resp) {
Principal p =
req.getUserPrincipal();
auditCall(p.getName());
if (req.isUserInRole(
"ManagersRole")) {
// Do some Manager stuff
} else if
(ctx.isUserInRole(
"SalesRole")) {
// Do some Sales stuff
I'll describe where JAAS fits in to the web app model but please note that some of this should be automatically handled by your Servlet container.
Servlet engine (or your MVC servlet controller) receives a request for a protected resource.
It then checks for the existence of an "authenticated" token in the HttpSession.
If that token doesn't exist then it forwards the user to the login page.
The user fills in the form, and the login servlet receives the username and password at which point the JAAS Login Module is called with two callback objects: one that returns the username and one that returns the password.
The JAAS Module checks to see if the credentials are valid, if not, it throws an authentication exception.
Once control is returned to the Login Servlet, the Login Servlet would add the authenticated "Subject" to the HttpSession and if necessary, an authentication "token".
So, JAAS is really only called ONCE, not for every web request, and it's called
by the "logical" Login Servlet AFTER the user submits their login information.
JAAS is not used to check for whether the user is authenticated already or not.
the weblogic 6.1 server side exception
username: joeuser
password: joepass
<May 25, 2002 11:05:20 PM PDT> <Error> <HTTP> <[WebAppServletContext(2169486,exa
mplesWebApp,/examplesWebApp)] Servlet failed with Exception
java.lang.SecurityException: Attempting Privileged Action With Unauthenticated S
ubject
at javax.security.auth.Subject.doAs(Subject.java:74)
at examples.security.jaas.SampleClient.startWeb(SampleClient.java:200)
at jsp_servlet.__poc1._jspService(__poc1.java:92)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:27)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
pl.java:265)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubIm
pl.java:200)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppSe
rvletContext.java:2495)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestIm
pl.java:2204)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:139)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:120)
>

If anyone of you, has got any answers related to the above mentioned problem, Post it here, Will folks from SUN respond to this at any time.
Regards
Jayendran

LDAP error 32 no such object   (other LDAP tool finds the object...)

While I used a separate LDAP search, I can successfully find a specific uid, with base set to "o=WebAuth"
Using the JAAS Authentication sample, I get this error:
javax.enterprise.system.stream.out
[LDAP
Complete Message
error code 32 - No Such Object]
(It did acknowledge that it was logging in for the user id:xxxxxxx)
     : Logging in userxxxxxxx (details)
My settings are:
In login.conf:
ldapAuth{
jaasauthentication.MyLdapLoginModule required
URL= "ldap://sun-ds.sfbay.sun.com:389"
SEARCHBASE= "o=WebAuth";
In LdapUserData .java:
          public class LdapUserData implements UserData {
          private static LdapUserData instance = null;
          private String INIT_CTX = "com.sun.jndi.ldap.LdapCtxFactory";
          //You need to put your LDAP Host information here.
          private String LDAP_HOST = "ldap://sun-ds.sfbay.sun.com:389"; //put your LDAP host address here ldap://myhost.com:389
          private String SEARCHBASE_DN = "o=WebAuth"; // e.g. cn=Creator,ou=Groups,dc=myhost,dc=com
          private String MY_FILTER = "uid=*";
(session bean has the value for private static variable login_config set to �ldapAuth�.)
Questions:
- What is wrong with my settings?
- Is the MY_FILTER setting above ok?
One more thing:
when running the test, there was
this message earlier on (before the message of logging in and LDAP 32) :
1585      SEVERE      WebModule [JaasAuthentication] failed to deploy and has been disabled: [java.lang.IllegalArgumentEx...
(details)      javax.enter....system.container.web
Is that a problem already? But it still went on to process the login?

Did you check if the dc=NRSP_F
object exists in the ODM.
and if that object exists then in the users tab (under the object tab), you can search for the user you were trying to connect.

Windows 2000 Authentication

Hi. I've tested the sample JAAS authentication code below and it works. I have two questions: 1) How do I modify this to authenticate a Windows 2000 user and 2) how do I get it to run as a Java Servlet? Thanks for any suggestions.
Using:
java -Djava.security.auth.login.config==jaas.config JAASSampleApp testuser sasquatch
jaas.config:
Sample {
PasswordLoginModule required;
import javax.security.auth.*;
import javax.security.auth.login.*;
import java.security.*;
public class JAASSampleApp extends Object {
     public static void main(String[] args)
     throws Exception {
          if (args.length != 2) {
               System.err.println
                    ("Usage: java JAASSampleApp username password");
               System.exit(1);
          String username = args[0];
          char[] password = args[1].toCharArray();
          LoginContext loginContext = new LoginContext(
               "Sample", new UsernamePasswordCallbackHandler
                    (username, password));
          loginContext.login();
          // Now we're logged in, so we can get the current subject.
          Subject subject = loginContext.getSubject();
          // Display the subject
          System.out.println(subject);

User Authentification in servlets has 2 purposes:
1) You want to be shure that the incoming user is a "true" one (user-password verification)
2) You want to use the user's object authorities inside of your servlet.
So, if you want to do the user-password verification, you have to do it youself - you have to write some JAVA class with a native method (the DLL, that was menthioned in Reply from nort_de). Inside of this DLL you have to do the user-password verification, for example, throw the LogonUser function from Windows SDK. You can do it without any using of JAAS.
If you want to use the user's object authorities inside of your JAVA code, you have to use JAAS.
Regards,
Oleg

Problem removing sample app JAAS from appServer 8

Running JSC 2.1 and packaged appserver 8.x with latest JSC updates
on windows XP SP2
Problem undeploying the JAAS sample application which shows up within the appserv admin console but does not showup from the JSC "Deployment Server" panel:
The application is not displayed within the "Deployment Server - Deployed Components" "panel" within Creator 2.1
How can I remove this application from the Application server 8 manually??
From the server log display with Creator 2.1
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
Compiling 1 source file to C:\Documents and Settings\gwheeler\My Documents\Creator\Projects\JAASAuthentication\build\web\WEB-INF\classes
compile:
compile-jsps:
pluto-hack-web-xml-run:
portlet-container-deploy:
jsCreatorDist:
run-deploy:
In-place deployment at C:\Documents and Settings\gwheeler\My Documents\Creator\Projects\JAASAuthentication\build\web
Start registering the project's server resources
Finished registering server resources
Application JAASAuthentication is already deployed on other targets. Please use create-application-ref command to create reference to the specified target; requested operation cannot be completed
deployment started : 0%
Application JAASAuthentication is already deployed on other targets. Please use create-application-ref command to create reference to the specified target; requested operation cannot be completed
deployment started : 0%
Deployment of application failed - null; requested operation cannot be completed
From "Web Application" within the Application Server Admin Console:
A "com.sun.enterprise.tools.guiframework.exception.FrameworkException" was caught. The message from the exception: "Unabled to handle pre-compiled JSP '/jsp/webApplicationsEdit.jsp'. Expected pre-compiled classname: 'org.apache.jsp.jsp.webApplicationsEdit_jsp'."
The root cause is "com.sun.enterprise.admin.common.exception.MBeanConfigException: Component not registered"
See the HTML source for more detailed (stack trace) information.
Thanks

Hi!
Try this:
1) Stop the Application Server
2) Go into $Server_Dir/domains/<domain_name>/config/ and edit domain.xml.
3) Find all the elements refering to your application and delete them.
4) Try to deploy again.
I hope it helps.
Thanks,
Roman.

Frank session expiration sample - Does it work with a Custom JAAS Module ?

I configured the sample as described in "Detecting and handling user session expiry" - http://thepeninsulasedge.com/frank_nimphius/2007/08/22/adf-faces-detecting-and-handling-user-session-expiry/
I also have a custom database JAAS login module as described in http://www.oracle.com/technology/products/jdev/howtos/1013/oc4jjaas/oc4j_jaas_login_module.htm
Thing is that when the session expires (timeout) I am redirected to the Login.jsp page of the JAAS Login Module instead of the SessionHasExpired.jspx page.
Is there any way to say that the filter should go before the JAAS module ?
Am I missing something ?
Thanks,
Claudio.

Claudio,
no, unfortunately not. The servlet filter is executed after the container checked for user authentication. This is less a problem for BASIC and cerificate based authentication because in both cases users are authenticated automatically (even if using custom LoginModules) by the brower or cerificate.
Form based authentication is different because the browser doesn't re-establish the authentication and the container checks for security before the servlet is called.
Frank

JAAS 1.0 sample error

I was trying to run the JAAS1.0 sample on win2000, jdk1.3. I have followd the steps with regard to the classpath and editing the policy files (with '/') etc. But when I run it I get this error:
C:\jaas>java -classpath lib\jaas.jar;doc\samples\sample.jar;doc\samples\sample
action.jar;doc\samples\samplemodule.jar -Djava.security.manager -Djava.securit
y.policy=doc\samples\config\sample_java2.policy -Djava.security.auth.policy=doc\
samples\config\sample_jaas.policy -Djava.security.auth.login.config=doc\samples
\config\sample_jaas.config sample.Sample
Exception in thread "main" java.lang.ExceptionInInitializerError: java.security.
AccessControlException: access denied (java.util.PropertyPermission java.securit
y.auth.debug read)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPropertyAccess(Unknown Source)
at java.lang.System.getProperty(Unknown Source)
at javax.security.auth.login.Debug$1.run(Debug.java:27)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Debug.<clinit>(Debug.java:24)
at javax.security.auth.login.LoginContext.<clinit>(LoginContext.java:147
at sample.Sample.main(Sample.java:41)
Thanks a lot,
Sanjay

Can you post your conf and policy files.
Problems are often form there.
Yann

Jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException: attempting to add an object which is not an instance of java.security.Principal to a Subjec

jaas sample progrma in weblogic 6.1 giving the following error java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subjec
on runnig the program during the call of method Authenticate.authenticate(env,
subject); giving following exceptions Error: Login Exception on authenticate,
java.lang.SecurityException: attempting to add an object which is not an instance
of java.security.Principal to a Subjec t's Principal Set Authentication Failed:
Unexpected Exception, javax.security.auth.login.LoginExce ption: java.lang.SecurityException:
attempting to add an object which is not an instance of java.security.Principal
to a Subject's Principal Set javax.security.auth.login.LoginException: javax.security.auth.login.LoginExcepti
on: java.lang.SecurityException: attempting to add an object which is not an ins
tance of java.security.Principal to a Subject's Principal Set at examples.security.jaas.SampleLoginModule.login(SampleLoginModule.java
:192) at java.lang.reflect.Method.invoke(Native Method) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 25) at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:531) at java.security.AccessController.doPrivileged(Native
Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java
:528) at javax.security.auth.login.LoginContext.login(LoginContext.java:449) at
examples.security.jaas.SampleClient.main(SampleClient.java:96)
1)what is the reason for this problem
2)in weblogic document they told to edit server.policy file in webligic\lib folder
a)what the modification is needed in this file..?

Hi jerry
i already got that problem solved by removing jaas.jar file
from class path.
i don'nt how it is working with out in classpath...?
Jerry <[email protected]> wrote:
Hi Nivas,
I think that the problem you are seeing has something to do with the
placement of jaas.jar in your classpath
On WebLogic server, put jaas.jar in the classpath after weblogic.jar.
I would bet that you have it placed before weblogic.jar right now.
I don't think the exception that you're seeing right now has anything
to do with your weblogic.policy file right now, so I think it is
safe to not worry about it right now.
Hope this helps,
Joe Jerry

Error from sample JAAS: Integrity check on decrypted field failed (31)

I am trying to follow the tutorial for JAAS Authentication located here:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html
I am trying to run the sample JaasAcn.java but am getting a strange error when I try to log on to my Active Directory.
I am using Java version: jre1.6.0_03
I can login to Active Directory fine with the credentials I am providing, just not with this client, so I know the credentials are valid.
What could this mean?
The Error message is: [Krb5LoginModule] authentication failed
Integrity check on decrypted field failed (31)
Here is the full output:
C:\Progra~1\Java\jre1.6.0_03\bin\java -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=PRSDev.local -Djava.security.krb5.kdc=192.168.40.72 -Djava.security.auth.login.config=jaas.conf JaasAcn
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos username [ILea]: sra
Kerberos password for sra:
[Krb5LoginModule] user entered username: sra
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =3, #bytes=144
KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes=144
KrbKdcReq send: #bytes read=587
KrbKdcReq send: #bytes read=587
EType: sun.security.krb5.internal.crypto.DesCbcMd5EType[Krb5LoginModule] authentication failed
Integrity check on decrypted field failed (31)
Authentication failed:
Integrity check on decrypted field failed (31)

FYI The fix for this was to chang the value for -Djava.security.krb5.realm to be all upper case
Once that change was made authentication passed
Edited by: IDL on Jan 2, 2008 9:25 AM

Error from sample JAAS client: Message stream modified (41)

I am trying to follow the tutorial for JAAS Authentication located here:
http://java.sun.com/j2se/1.4.2/docs/guide/security/jgss/tutorials/AcnOnly.html
I am trying to run the sample client JaasAcn.java but am getting a strange error when I try to log on to my Active Directory.
I am using Java version: jre1.6.0_03
I can login to Active Directory fine with the credentials I am providing, just not with this client, so I know the credentials are valid.
Here is the error I get that I don't understand. Any suggestions would be very helpful, if you provide help for this
The Error message is: [Krb5LoginModule] authentication failed
Message stream modified (41)
Here is the full output:
C:\Progra~1\Java\jre1.6.0_03\bin\java -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=PRSDev.local -Djava.security.krb5.kdc=192.168.40.72 -Djava.security.auth.login.config=jaas.conf JaasAcn
Debug is true storeKey false useTicketCache false useKeyTab false doNotPrompt f
alse ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is fa
lse principal is null tryFirstPass is false useFirstPass is false storePass is f
alse clearPass is false
Kerberos username [ILea]: sra
Kerberos password for sra:
[Krb5LoginModule] user entered username: sra
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =3, #bytes=144
KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes=144
KrbKdcReq send: #bytes read=202
KrbKdcReq send: #bytes read=202
KDCRep: init() encoding tag is 126 req type is 11
KRBError:sTime is Mon Dec 31 11:56:40 PST 2007 1199131000000
suSec is 884978
error code is 25
error Message is Additional pre-authentication required
realm is PRSDev.local
sname is krbtgt/PRSDev.local
eData provided.
msgType is 30
Pre-Authentication Data:PA-DATA type = 11
PA-ETYPE-INFO etype = 23
Pre-Authentication Data:PA-DATA type = 2
PA-ENC-TIMESTAMP
Pre-Authentication Data:PA-DATA type = 15
AcquireTGT: PREAUTH FAILED/REQUIRED, re-send AS-REQ
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17.
Pre-Authentication: Set preferred etype = 23
KrbAsReq salt is PRSDev.localsraPre-Authenticaton: find key for etype = 23
AS-REQ: Add PA_ENC_TIMESTAMP now
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
KrbAsReq calling createMessage
KrbAsReq in createMessage
KrbKdcReq send: kdc=192.168.40.72 UDP:88, timeout=30000, number of retries =3, #bytes=210
KDCCommunication: kdc=192.168.40.72 UDP:88, timeout=30000,Attempt =1, #bytes=210
KrbKdcReq send: #bytes read=1182
KrbKdcReq send: #bytes read=1182
EType: sun.security.krb5.internal.crypto.ArcFourHmacEType[Krb5LoginModule] authentication failed
Message stream modified (41)
Authentication failed:
Message stream modified (41)

FYI I have fixed this problem (and moved on to the next error)
I disabled the preauthentication requirement on the Active Directory account according to this article:
http://technet2.microsoft.com/windowsserver/en/library/a0bd7520-ef2d-4de4-b487-e105a9de9e4f1033.mspx?mfr=true

Error compiling jaas samples

hello,
i'm new to jaas module.I'have tried to compile the SampleAcn.java with j2sdk1.4.2_01 and i got the "class not found" exception about javax.security package.
what goes wrong?

Which classes exactly?

How to get both JDNI context and JAAS Subject with EJB

I looked at the JAAS docs and sample, but I'm still confused about
something. There is a sample of JAAS in a regular, non-EJB scenario. The
client initializes the LoginContext, calls login(), then retrieves the
Subject (and possibly later does something with Subject.doAs()). However, in
the typical EJB scenario, the client initializes the JNDI context, then does
the lookup on the bean name (which implicitly does the authentication to the
container). How do they work together, thought? I.e., what does the client
code look like if JAAS authentication is to be used from an EJB client?
Thank you!

In your login module you have to authenticate the user to the Weblogic Server as
well . For simplicity, Weblogic comes with a class weblogic.security.auth.Authenticate
to login a subject with Weblogic Server.
Once logged in, any thread that is invoked within the context of a Subject.doAs
call gets that subject associated with it.
Hope that helps
"Allan" <dfusdfsdfsd> wrote:
I looked at the JAAS docs and sample, but I'm still confused about
something. There is a sample of JAAS in a regular, non-EJB scenario.
The
client initializes the LoginContext, calls login(), then retrieves the
Subject (and possibly later does something with Subject.doAs()). However,
in
the typical EJB scenario, the client initializes the JNDI context, then
does
the lookup on the bean name (which implicitly does the authentication
to the
container). How do they work together, thought? I.e., what does the client
code look like if JAAS authentication is to be used from an EJB client?
Thank you!

Using a JAAS compliant LoginModule in OC4j

Hi.
I'm trying to set up an application to use a custom LoginModule in OC4J. The OC4J security FAQ states that this can be done by adding ... to the jazn-data.xml file as it is done with the oracle.security.jazn.tools.Admintool. The only users I seem to be able to authenticate with is the ones defined in the <jazn-realm> section of jazn-data.xml. If I try to remove this or parts of this section, the application fails to start.
If I deliberately misspells the classname of the login module, no error message is displayed.
Do I have to enable the use of custom login modules in any way other then adding them to the jazn-data.xml file? I not, can anyone tell me why I cant get it to work, and what I can do to get it to work?
I am using a SampleLoginModule from sun.
The classfiles for the login module is placed in a jar file in <j2ee-home>\lib directory
The OC4J is version 9.0.3.0.0
(standalone)
The login module data in jazn-data.xml:
<jazn-loginconfig>
<application>
<name>jazntest</name>
<login-modules>
<login-module>
<class>sample.module.SampleLoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>true</value>
</option>
</options>
</login-module>
</login-modules>
<application>
I am wondering about the name tag in application. What name is this?
The name of the app IS jazntest.
Both in server.xml:
<application name="jazntest" path="../applications/jazntest.ear" auto-start="true" />
and in http-web-site.xml:
<web-app application="jazn-test" name="jazntest" root="/jazntest" />
Any help appreciated.
Ole

Ole, Anders,
A custom LoginModule can indeed be setup with JAZN if it's JAAS-compliant. In order to setup this up, you'll need to do the following:
1. Define the custom LoginModule in the global jazn-data.xml file (i.e. in the j2ee/home/config directory). The name-value tags are for optional parameters. Most LoginModules have a debug mode but this is optional (see the LoginModule specific documentation).
2. Put all the LoginModule files in the lib/ext directory of whichever JRE you are using (e.g. $oracle_home/jdk/jre/lib/ext). You may also need to place a copy of the "jaas.jar" file in that same directory.
3. For the actual application, you want to make sure that you do not use the container's security and authentication constraints defined in the application's web.xml file. Note: unlike the default JAZN RealmLoginModule, custom LoginModules are not integrated with these container security constraints. This means that with the custom LoginModule, you need to programmatically create a LoginContext and explicitly do a "login()" (as described in most JAAS tutorials). You may also need to restart the OC4J instance for some of these changes to take affect.
Regards,
-Lee

JAAS NT Sample

Similar Messages

Maybe you are looking for