JAAS problems

I'm trying to use the WebLogic JAAS implementation. When my demo code
manages to successfully login I get the following error:
java.lang.NoSuchMethodError
at
weblogic.security.auth.Authenticate.authenticate(Authenticate.java:124)
at
demo.kernel.security.weblogic.WebLogicLoginModuleHelper.login(WebLogicLoginM
oduleHelper.java:38)
at
demo.kernel.security.auth.JRiskLoginModule.login(JRiskLoginModule.java:110)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at demo.security.JAASDemo.run(JAASDemo.java:86)
at demo.security.JAASDemo.main(JAASDemo.java:56)
Are there mis-matches versions of class files floating around? Can anyone
help.
Thanks.

As it turns out, incompatable JAAS libs was indeed my problem. Thanks
everyone.
It seems to me that BEA has implemented a pre-1.0 version of JAAS for
Weblogic 6.0. Does anyone know if this is still the case for 6.1, and what
the plan is on this issue? The problem with pre-1.0 is there's no gentle
deprecation stage for methods - they just suddenly dissapear and things stop
working.
Loren
"Jerry" <[email protected]> wrote in message
news:[email protected]..
Hi Loren,
I believe your problem is related to having multiple JAAS implementationsin
your classpath.
Perhaps you have both Sun's and WebLogic's JAAS implementations in your
classpath?
Loren Davie wrote:
I'm trying to use the WebLogic JAAS implementation. When my demo code
manages to successfully login I get the following error:
java.lang.NoSuchMethodError
at
weblogic.security.auth.Authenticate.authenticate(Authenticate.java:124)
at
demo.kernel.security.weblogic.WebLogicLoginModuleHelper.login(WebLogicLoginM
oduleHelper.java:38)
at
demo.kernel.security.auth.JRiskLoginModule.login(JRiskLoginModule.java:110)
at java.lang.reflect.Method.invoke(Native Method)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:595)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:125)
at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:531)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:528)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:449)
at demo.security.JAASDemo.run(JAASDemo.java:86)
at demo.security.JAASDemo.main(JAASDemo.java:56)
Are there mis-matches versions of class files floating around? Cananyone
help.
Thanks.

Similar Messages

JAAS problems in jdev10g

Hey all,
I've got problems when i want to use JAAS into a struts application (with BC4J). In jdev9.0.3 everything was working perfect. At the end you will find the message i get. My colleage who use JAAS without the BC4J, everything is working good. Can anybody give me a hint ?
For mho my configuration is correct.
This is snip of my java.security (located in D:/oracle/jdev10g/jdk/jre/lib/security) :
# Default login configuration file
#login.config.url.1=file:${user.home}/.java.login.config
login.config.url.1=file:D:/oracle/jdev10g/jdk/jre/lib/security/tagish.login
This is a snip of my tagish.login (located in D:/oracle/jdev10g/jdk/jre/lib/security)
FileLogin
com.tagish.auth.FileLogin required debug=true pwdFile="D:${/}oracle${/}jdev10g${/}jdk${/}jre${/}lib${/}security${/}passwd.txt";
This is a snip of my passwd.txt (located in D:/oracle/jdev10g/jdk/jre/lib/security)
# Passwords for com.tagish.auth.FileLogin
# login admin; password admin
# login docent; password docent
admin:21232f297a57a5a743894a0e4a801fc3:administrator:docent
docent:281ab35f26dc0a6d9dab6fd4fbc304fc:docent
Here is the error stacktrace i get :
03/12/10 16:26:12 javax.security.auth.login.LoginException: No LoginModules configured for FileLogin
03/12/10 16:26:12 at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
03/12/10 16:26:12 at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
03/12/10 16:26:12 at view.checkLogin.execute(checkLogin.java:40)
03/12/10 16:26:12 at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
03/12/10 16:26:12 at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
03/12/10 16:26:12 at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1485)
03/12/10 16:26:12 at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:509)
03/12/10 16:26:12 at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
03/12/10 16:26:12 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
03/12/10 16:26:12 at com.evermind.server.http.ResourceFilterChain.doFilter(ResourceFilterChain.java:65)
03/12/10 16:26:12 at oracle.security.jazn.oc4j.JAZNFilter.doFilter(JAZNFilter.java:356)
03/12/10 16:26:12 at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:16)
03/12/10 16:26:12 at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:148)
03/12/10 16:26:12 at com.evermind.server.http.EvermindFilterChain.doFilter(EvermindFilterChain.java:20)
03/12/10 16:26:12 at oracle.adf.model.servlet.ADFBindingFilter.doFilter(ADFBindingFilter.java:148)
03/12/10 16:26:12 at com.evermind.server.http.ServletRequestDispatcher.invoke(ServletRequestDispatcher.java:610)
03/12/10 16:26:12 at com.evermind.server.http.ServletRequestDispatcher.forwardInternal(ServletRequestDispatcher.java:317)
03/12/10 16:26:12 at com.evermind.server.http.HttpRequestHandler.processRequest(HttpRequestHandler.java:784)
03/12/10 16:26:12 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:270)
03/12/10 16:26:12 at com.evermind.server.http.HttpRequestHandler.run(HttpRequestHandler.java:112)
03/12/10 16:26:12 at com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(ReleasableResourcePooledExecutor.java:192)
03/12/10 16:26:12 at java.lang.Thread.run(Thread.java:536)

Hi.
I have the same problem with my custom usermanager for ias90401 solaris 2.9 but I am not sure where to add that 3 lines of codes. What do you mean by "a Listener"?
javax.security.auth.login.Configuration config = new
com.sun.security.auth.login.ConfigFile();
config.refresh();
javax.security.auth.login.Configuration.setConfiguration(config);
My deployment failed when I added it as a statio block or
in the init of my usermanager class which extends com.evermind.security.AbstractUserManager.
Thx.
Ken
ADMN-300075
Nested exception
Base Exception:
java.rmi.RemoteException:deploy failed!: ; nested exception is:
 oracle.oc4j.admin.internal.DeployerException: Error initializing
userManager 'ca.bc.gov.srm.mjf.security.jaas.orion.JAASUserManager':
java.lang.ExceptionInInitializerError (null)
java.rmi.RemoteException: deploy failed!: ; nested exception is:
 oracle.oc4j.admin.internal.DeployerException: Error initializing
userManager 'ca.bc.gov.srm.mjf.security.jaas.orion.JAASUserManager':
java.lang.ExceptionInInitializerError (null)
 at
com.evermind.server.rmi.RMIConnection.EXCEPTION_ORIGINATES_FROM_THE_REMO
TE_SERVER(RMIConnection.java:1520)
 at
com.evermind.server.rmi.RMIConnection.invokeMethod(RMIConnection.java:14
73)
 at
com.evermind.server.rmi.RemoteInvocationHandler.invoke(RemoteInvocationH
andler.java:55)
 at
com.evermind.server.rmi.RecoverableRemoteInvocationHandler.invoke(Recove
rableRemoteInvocationHandler.java:22)
 at __Proxy0.deploy(Unknown Source)
 at
oracle.ias.sysmgmt.deployment.j2ee.runtime.LocalDeploy.deployOnSingleIns
tance(Unknown Source)
 at
oracle.ias.sysmgmt.deployment.j2ee.runtime.LocalDeploy.doExecute(Unknown
Source)
 at
oracle.ias.sysmgmt.deployment.j2ee.runtime.RuntimeIf.execute(Unknown
Source)
 at
oracle.ias.sysmgmt.deployment.j2ee.adapter.DeploymentAdapter.doEvaluateD
eploy(Unknown Source)
 at
oracle.ias.sysmgmt.deployment.j2ee.adapter.DeploymentAdapter.evaluate(Un
known Source)
 at oracle.ias.sysmgmt.task.TaskMaster.sync_evaluate(Unknown
Source)
 at oracle.ias.sysmgmt.task.TaskMaster.internal_evaluate(Unknown
Source)
 at oracle.ias.sysmgmt.task.RemoteEvaluate.execCommand(Unknown
Source)
 at oracle.ias.sysmgmt.task.DaemonWorker.run(Unknown Source)
Caused by: oracle.oc4j.admin.internal.DeployerException: Error
initializing userManager
'ca.bc.gov.srm.mjf.security.jaas.orion.JAASUserManager':
java.lang.ExceptionInInitializerError (null)
 at
oracle.oc4j.admin.internal.DeployerBase.execute(DeployerBase.java:91)
 at
com.evermind.server.administration.DefaultApplicationServerAdministrator
.internalDeploy(DefaultApplicationServerAdministrator.java:378)
 at
com.evermind.server.administration.DefaultApplicationServerAdministrator
.deploy(DefaultApplicationServerAdministrator.java:305)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.jav
a:39)
 at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessor
Impl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at
com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:124)
 at
com.evermind.server.rmi.RMICallHandler.run(RMICallHandler.java:48)
 at
com.evermind.util.ReleasableResourcePooledExecutor$MyWorker.run(Releasab
leResourcePooledExecutor.java:192)
 at java.lang.Thread.run(Thread.java:536)

Renewable Ticket using keytab (JAAS) - Problem

Hi,
I am using a Key tab file with the below JAAS configuration.
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = true
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"
The configuration works only if the Kinit is called before hand and the ticket is present in the cache. I am checking a condition for renewable ticket using JAAS API and it works.
Now if I modify the JAAS configuration not to use ticket cache i.e., by setting the useTicketCache = false then without calling Kinit and just using the keyTab is failing to set the renewable flag although I am able to get the ticket authenticated from the kerberos using JAAS API. Below is the JAAS configuration.
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab = true
useTicketCache = false
keyTab="xyz.keytab"
storeKey=true
principal="user/xyz.com"
Please let me know how do we use keytab in JAAS API bypassing kinit command and the renewable ticket flag is set.
Thanks,
Raghavendra Nandagopal

Thanks for the reply
When I run this code
loginCtx = new LoginContext( "Client",
new LoginCallbackHandler( username, password));
which uses this package import javax.security.auth.login.LoginContext;
It starts connecting to kerberos and I see it mentioning UDP ports in the console, I thought this was part of JAAS but it seems I was mistaken, that is not a problem now
So the question now is, is there a way to get SOAP in between the client and the kerberos without sending the username and password?

JAAS problem - credentials not forwarded...

Hi there,
My app looks like this:
Business layer is a spring/hibernate-based application with SLSB EJB working as session facade to some POJO hibernate-based persistance layer. It's deployed as EAR.
Client tier is a web application connecting to this service. Webapp is residing in the same server instance but NOT in the same EAR.
I am trying to use declarative security (have one role InternalRole defined as required for both: the EJB and it's methods). The problem is, that:
1. run-as within web.xml of myweb-app is not working
2. I use such code to set up login context:
System.setProperty("java.security.auth.login.config", "http://localhost:8080/Top7Web/jaas.config");
      logger.debug("creating loginContext...");
      UsernamePasswordHandler handler = null;
      handler = new UsernamePasswordHandler("top7internal", "qwe");
      LoginContext lc = new LoginContext("top7auctions", handler);
      lc.login();      And the thing is - it works for obtaining handle of service object but principle is NOT passed to business layer while trying to invoke some service method, which results in:
2005-09-17 21:40:04,811 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties, users=[top7internal]
2005-09-17 21:40:04,811 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] login
2005-09-17 21:40:04,811 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] Authenticating as unauthenticatedIdentity=null
2005-09-17 21:40:04,811 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=null
2005-09-17 21:40:04,821 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] abort
2005-09-17 21:40:04,821 TRACE [org.jboss.security.plugins.JaasSecurityManager.top7auctions] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password RequiredAny sugestions what should I do to manually set credentials under which web-app should be connecting business tier?
TIA
Wojtek

I believe you are getting ORA-12638: credentials retrieval failed.
If you search on metalink for this, you will get many threads which address this issue in different ways.
Try it.

JAAS problem with config file

hello,
my scenario
EJB application, with JCA and JAAS.
My problem is, that I'm not able to read the config file. where i have to copy the .conf file that my application find that file.
System.setProperty("java.security.auth.login.config", "demo.conf");
kind regards
Johannes

Hello!
I've done the following tasks:
Searched for jazn-data.xml file of OC4J-installation.
Added information of jaas.conf-file to a new entry of application.
e.g.
TestJaas { com.sun.security.auth.module.Krb5LoginModule required debug=false useTicketCache=false; };
<application>
<name>TestJaas</name>
<login-modules>
<login-module>
<class>com.sun.security.auth.module.Krb5LoginModule</class>
<control-flag>required</control-flag>
<options>
<option>
<name>debug</name>
<value>false</value>
<name>useTicketCache</name>
<value>false</value>
</option>
</options>
</login-module>
</login-modules>
</application>
It should work.
regards
Harald.

Oracle 9I JAAS problem: javax.security.auth.login.LoginException

I have problem with Oracle 9IAS JAAS. I got "javax.security.auth.login.LoginException: unable to find LoginModule class" no matter where I put the classfile, either on JVM options(-cp), WAR file, or add it on the Web Admin, or manually edit 9iAS's configuration file.
None works, any one can help, I am using JDK1.3
I had the same problem on Tomcat, but I solved the problem by put the Class in the the JVM's classpath. But for 9iAS, it just ain't work.
Thank you for the help

Bet you have solved this, but
the right place for jaas related stuff is
as installed extension i.e:
jre/lib/ext
where jaas.jar and jars containing login modules should be located.
/Kullervo

JAAS - problem in compiling the program

Hi,
I am working on JAAS .
I tried the Authorization example given in this link of sun site.
http://java.sun.com/javase/6/docs/technotes/guides/security/jaas/tutorials/GeneralAcnAndAzn.html
I was trying to compile that program but SamplAzn.java..is not compiling.
when I try it given the error below :
--------------------Configurat
ion: <Default>--------------------
D:\AZN\sample\SampleAzn.java:135: cannot find symbol
symbol : class SampleAction
location: class sample.SampleAzn
PrivilegedAction action = new SampleAction();
^
Note: D:\AZN\sample\SampleAzn.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.
1 error
Process completed.
--------------------------------------------------------------------------------So,What should I do ?
Thankx..

Yes , I created the directory structure as given in the link.
I can compile all other ".java" file.
But I don't know why I can't compile SampleAzn.java file.

To CMP or not to CMP....that is the question!

Hey guys.
I have a problem which I am hoping you can help me solve.
Let's say that we are designing a simple J2EE address book web application.
The application design must follow these requirements:
1. The application stores all data in a relational database.
2. The user interface to the application is browser based only.
3. The application must be independent of the database type (Oracle, MS Sql, Informix).
4. The application must be independent of the application server type.
5. The application must be portable between databases and application servers.
The application allows the user to do the following:
A. Search for entries in the address book
B. Display (read only) entry details
C. Add/edit/delete entry
Now, what I'm wondering is: Should we use CMPs to encapsulate the address book entries,
or should we use Java classes with JDBC access to the database (managed through session beans).
I know that if we use CMPs, we don't have to code the database access calls.
Not only does this approach save us time, but it makes the bean portable across various database
servers.
But if we use CMPs, it seems to me that we face the following problem
(please correct me if I am wrong):
The application server creates tables in the database for storing the CMP data. The names of these
tables are not specified by the J2EE specification (because the persistent storage does not need to
be a relational database). Therefore if we deploy the application on application server A, and
then later decide to change to application server B, then B might have other naming rules for tables
than A (and would therefore be unable to read the data from the database).
Therefore, by using CMPs, our application is no longer portable between application servers, and
this violates design requirement number 5.
Now, I know that many application servers allow you to specify a mapping for CMP to an existing table,
but the configuration files for specifying these mappings are different between
application servers. And since we do not want our application to have to know anything about the
server it is to be deployed on, that solution is unacceptable.
Another way would be to implement the address book without CMPs, using Java classes with JDBC access
to the database (caching frequently accessed data, perhaps with the A.C.E. Smart Cache pattern).
My question is: What exactly is the tradeoff between these two implementations (in this limited web
access only context)?
Will the non-CMP implementation come in second in performance (and if so, why?)?
When the application server tier is clustered, does the application server synchronize the cached
CMP data in the cluster? This will have to be done manually in the non-CMP implementation.
Any thoughts on the above issues are greatly appreciated.
Thanks.
OGG.

I entirely agree! I think this is a general problem with java going forward that they didn't think about. Look for my post on problems with JAAS with JavaBeans and EJBs. They have not thought enough about how to truly ensure integration and portability of 3rd party tools. Yes, in this regard M$ is a little better, as their ActiveX integration has produced a pretty rich 3rd party industry, but that's helped by the fact that they don't really worry about security. (Although their COM+ security integration for 3rd party tools is better than JAAS with Java. In COM+, I can take your component and actually set security levels/roles for any method within your component! You can't do that in JAAS - see the JAAS Problems and Misconceptions discussion somewhere in the Java Forums).

Turn oc4j 9.0.4.0.1 Jazn off

How can I turn jazn off in oc4j 9.0.4.0.1. We have our own custom jaas implementation but it's not working in 9.0.4.0.1 because oc4j is setting the login.configuration.provider to oracle.security.jazn.spi.LoginConfigProvider. Are implementation is using the standard com.sun.security.auth.login.ConfigFile for the login config provider. Since it's using the jazn LoginConfigProvider it's not finding our config with our custom LoginModules.
I've tried removing the jazn elements from the application.xml file but it seems that oc4j is internally setting the LoginConfigProvider and overriding the one listed in the jdk (1.4.2) java.security file.
This problem does not exist in 9.0.4 developer preview.
Thanks in advance for any help!
-Mark

Actually, I was a little bit off... My LoginModules are correctly getting called. Because of the response that Mark provided in this posting:
Re: JAAS problems in jdev10g
The problem was actually, in the setting of our custom Policy class. It seems that in 9.0.4, OC4J is calling the old javax.security.auth.Policy.setPolicy() method (setting it to a oracle.security.jazn.spi.PolicyProvider) which causes some code way down deep in the javax.security.auth.SubjectDomainCombiner.combine() method to invoke a "backwards compatibility" clause. To fix it, we set the java.security.Policy to our own custom Policy class, and the "reset" the javax.security.auth.Policy to the com.sun.security.auth.PolicyFile policy. This causes the backwards compatibility check to pass, and then our custom Policy class gets used... Wow. hope that was as clear as mud!
--Leif

Problem removing sample app JAAS from appServer 8

Running JSC 2.1 and packaged appserver 8.x with latest JSC updates
on windows XP SP2
Problem undeploying the JAAS sample application which shows up within the appserv admin console but does not showup from the JSC "Deployment Server" panel:
The application is not displayed within the "Deployment Server - Deployed Components" "panel" within Creator 2.1
How can I remove this application from the Application server 8 manually??
From the server log display with Creator 2.1
init:
deps-module-jar:
deps-ear-jar:
deps-jar:
library-inclusion-in-archive:
library-inclusion-in-manifest:
Compiling 1 source file to C:\Documents and Settings\gwheeler\My Documents\Creator\Projects\JAASAuthentication\build\web\WEB-INF\classes
compile:
compile-jsps:
pluto-hack-web-xml-run:
portlet-container-deploy:
jsCreatorDist:
run-deploy:
In-place deployment at C:\Documents and Settings\gwheeler\My Documents\Creator\Projects\JAASAuthentication\build\web
Start registering the project's server resources
Finished registering server resources
Application JAASAuthentication is already deployed on other targets. Please use create-application-ref command to create reference to the specified target; requested operation cannot be completed
deployment started : 0%
Application JAASAuthentication is already deployed on other targets. Please use create-application-ref command to create reference to the specified target; requested operation cannot be completed
deployment started : 0%
Deployment of application failed - null; requested operation cannot be completed
From "Web Application" within the Application Server Admin Console:
A "com.sun.enterprise.tools.guiframework.exception.FrameworkException" was caught. The message from the exception: "Unabled to handle pre-compiled JSP '/jsp/webApplicationsEdit.jsp'. Expected pre-compiled classname: 'org.apache.jsp.jsp.webApplicationsEdit_jsp'."
The root cause is "com.sun.enterprise.admin.common.exception.MBeanConfigException: Component not registered"
See the HTML source for more detailed (stack trace) information.
Thanks

Hi!
Try this:
1) Stop the Application Server
2) Go into $Server_Dir/domains/<domain_name>/config/ and edit domain.xml.
3) Find all the elements refering to your application and delete them.
4) Try to deploy again.
I hope it helps.
Thanks,
Roman.

JAAS + VPD with BC4J problem

Following the instructions in http://otn.oracle.com/products/jdev/howtos/bc4j/bc4jvpdjaas.html, we set up an vpd+jazn-data.xml application according to which users see portions of the database.
In development with only one JAAS user created, this appeared to work properly.
In testing with several JAAS users created, we have discovered that the application username, as known to the Application Module, will drift in and out of sync with the setting in the database context. In other words
ApplicationModuleImpl.getUserPrincipalName()
remains correct, but
"select context_pkg.get_ctx_appuser from dual" in BC4J/JSP
varies.
Or, an example, one login as user1 sees user2's data, but not the data he is supposed to see.
Please help!!!!

Hi,
Is your client app a JSP? How do you start each session? Do you have settings on SessionCookie state? Could you create a small test case? A test case will greatly help me diagnose the problem. BTW, the application user context get set/reset only after new transaction since it is in afterConnect().
Thanks,
Yvonne

Problem with JAAS authentication using jboss client

I'm trying to make a little compiled application works. It has two parts: a little client(one class) and a server part which runs on a jboss server, and comunicates between them using JAAS + SSL. It works perfectly alone if I run it in a java project, without the messing sap JAAS implementation.
I followed all the steps in:
https://websmp101.sap-ag.de/~sapidb/011000358700003517632004E.PDF
and managed to apply the configuration into the security service of WAS, using jboss-client.jar as the library with the login module, and org.jboss.security.ClientLoginModule as the login module.
I included the client class into a web service developed for my WAS, packing the class and its library plus jboss-client.jar into my EAR.
But when it tries to do the authentication, sometimes it uses:
org.jboss.security.ClientLoginModule (that's the correct class) but throws a "User is locked" exception.
Have I need to create the user who I use to connect to jboss in my WAS UME ? This has no much sense. Anyway doesn't work either, and the user is not locked.
Other times (withouth changing anything) it uses:
com.sap.engine.system.SystemLoginModule and throws this exception:
com.sap.engine.services.security.exceptions.BaseLoginException: Call logout before login
I have nightmares trying to integrate things which works in every application server but WAS. Why couldn't they simply follow the standard!?
I'm thinking in installing a tomcat with the client, and use axis to wrap it with a web service I can consume from my WAS. Not very elegant solution.
I think it maybe has something to do with specific callback classes from sap implementation.
Any idea? I can't go forward.

Did you resolve this problem? Please let me know. I have the same issue now and don;t know what I should be doing next

Problems with JAAS setup in WL 8.1 SP3

Hi all,
I have WL 8.1 SP3 installed on a XP Prof box with JDK 1.4.2
I have an application that makes use of the JAAS. I keep getting the following error
javax.security.auth.login.LoginException: No LoginModules configured for <XXXXXX>
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
I know that this means that it couldnt find the login modules defined in the configuration file. But I have it defined there. The following is what I am doing
1. I have the startWebLogic.cmd as below.
%JAVA_HOME%\bin\java %JAVA_VM% %MEM_ARGS% %JAVA_OPTIONS% -Dweblogic.Name=%SERVER_NAME% -Dweblogic.ProductionModeEnabled=%PRODUCTION_MODE% -Djava.security.policy=%JAVA_HOME%\jre\lib\security\java.policy weblogic.Server
2. In the Java policy file located in security folder of the JDK home, I changed the security file to point to config file as below
login.config.url.1=file:${JAVA_HOME}/jre/lib/security/jaas.conf
Can someone suggest me a solution ?
Thanks
meka toka

Did you ever find a solution to this?
I am having the same problem.

Problems deploying custom JAAS login module (ClassNotFound)

Hi,
I've developed a custom made JAAS login module that filters on IP addresse which I am moving from 6.20 to 6.40.
I've pretty much followed the procedures from http://help.sap.com/saphelp_nw04/helpdata/de/46/3ce9402f3f8031e10000000a1550b0/content.htm , the only major difference is that I needed a reference to WebCallback and therefore a reference to com.sap.security.api.sda from my library project.
I've especially followed the step with "Adding a Reference to the Classloader of the Security Provider" (http://help.sap.com/saphelp_nw04/helpdata/de/2b/23e4407211732ae10000000a155106/content.htm) , but I think its this step that fails. This has been set to library:<library name> , where <library name> is what is written on the right hand side of visual admin under library. I see that the library is deployed under the folder bin\ext\customer.com~com.customer.portal.login.IPRuleLibrary , so maybe I will try that name tomorrow morning.
The exceptions I get are
#1.5#001321B3B106005C0000000800002E380004039375E59BA6#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error#1#/System/Audit#Java###Exception #1#com.sap.engine.services.security.exceptions.BaseSecurityException: Cannot load a login module.
 at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:95)
 at com.sap.engine.services.security.login.LoginContextFactory.getLoginContext(LoginContextFactory.java:133)
 at com.sap.engine.services.security.server.AuthenticationContextImpl.getLoginContext(AuthenticationContextImpl.java:227)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at com.sap.engine.system.SystemLoginModule.initialize(SystemLoginModule.java:72)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
 at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:86)
 at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:305)
 at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
 at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
 at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:295)
 at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:351)
 at com.sap.portal.navigation.Gateway.service(Gateway.java:68)
 at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
 at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
 at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
 at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
 at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
 at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
 at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
 at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
 at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
 at java.security.AccessController.doPrivileged(Native Method)
 at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:95)
 at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:159)
Caused by: java.lang.ClassNotFoundException: com.customer.portal.login.IPRuleLoginModule
Found in negative cache
- Loader Info -
ClassLoader name: [common:library:com.sap.security.api.sda;library:com.sap.security.core.sda;library:security.class;library:webservices_lib;service:adminadapter;service:basicadmin;service:com.sap.security.core.ume.service;service:configuration;service:connector;service:dbpool;service:deploy;service:jmx;service:jmx_notification;service:keystore;service:security;service:userstore]
Parent loader name: [Frame ClassLoader]
References:
 library:com.sap.ip.basecomps
 library:core_lib
 common:library:IAIKSecurity;library:activation;library:mail;library:tcsecssl
 library:servlet
 library:sapxmltoolkit
 library:com.sap.mw.jco
 library:com.sap.util.monitor.jarm
 library:j2eeca
 library:opensql
 interface:security
 interface:log
 interface:shell
 interface:keystore_api
 library:ejb20
 interface:webservices
 library:com.sap.guid
 interface:appcontext
 interface:endpoint_api
 interface:resourceset_api
 interface:resourcecontext_api
 common:service:iiop;service:naming;service:p4;service:ts
 interface:ejbcomponent
 interface:container
 interface:visual_administration
 interface:transactionext
 interface:dsr_ejbcontext_api
 service:timeout
 library:tc~jmx
 library:tcSLUTIL
 service:memory
 library:antlr
 library:jdbdictionary
 library:opensqlextensions
 interface:cross
 service:locking
 service:file
Resources:
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
adminadapter
adminadapter.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
com.sap.security.core.ume.service
com.sap.security.core.ume.service.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxrpc-api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
opensqllib.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx_sec.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
jaxm-api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
keystore
keystore.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
security
security.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupapi.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_jaas.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
connector
connectorimpl.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
webservices_lib.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_service_api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_userstore_lib.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
webservices_lib
saaj-api.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.core.sda
com.sap.security.core.tpd.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_csi.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_ssf.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
userstore
userstore.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
sqljimpl.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_xmlbind.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_util.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
dbpool
dbpool.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
deploy
deploy.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_saml_toolkit_core.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx
jmx.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_compat.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
jmx_notification
jmx_notification.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
configuration
configuration.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
jstartupimpl.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_https.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
services
basicadmin
basicadmin.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
security.class
tc_sec_jaas_test.jar
 C:
usr
sap
EQ2
J13
j2ee
cluster
server1
bin
ext
com.sap.security.api.sda
com.sap.security.api.perm.jar
Loading model: {parent,local,references}
 at com.sap.engine.frame.core.load.ReferencedLoader.loadClass(ReferencedLoader.java:348)
 at com.sap.engine.services.security.Util.loadClass(Util.java:262)
 at com.sap.engine.services.security.Util.loadClassFromAdditionalLoaders(Util.java:204)
 at com.sap.engine.services.security.login.LoginContextFactory.init(LoginContextFactory.java:92)
 ... 45 more
#1.5#001321B3B106005C0000000900002E380004039375E5A109#1129831779936#com.sap.engine.services.security#sap.com/irj#com.sap.engine.services.security#Guest#1####ae7c5500419411daa7fd001321b3b106#SAPEngine_Application_Thread[impl:3]_17##0#0#Error##Java###Cannot load login module class .#1#com.customer.portal.login.IPRuleLoginModule#

Hi,
The problem was solved by using the name customer.com~com.customer.portal.login.IPRuleLibrary for the library (so basically look at the name of your library folder under cluster\j2ee\serverx\bin\ext , not the name reported by visual admin).
Also I was able to modify the properties of the login module runtime, which made me very happy
Dagfinn

Custom JAAS Login Module 9.0.4 configuration problems

Hello,
We have created a custom JAAS Login Module on OC4J 9.0.4 and are having some sort of configuration problem
We always get this error:
Caused by: javax.security.auth.login.LoginException: Login Failure: all modules ignored
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:779)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:535)
The Login Module is configured for a specific deployed application in the global jazn-data.xml and is being run as I have attached a debugger to the app server.
Our authentication process succeeds and we return a "true" from the login() method. No exceptions are thrown from our Login Module.
our ORACLE_HOME/j2ee/home/config/jazn-data.xml has this added
<application>
<name>helloworld</name>
<login-modules>
<login-module>
<class>com.test.JaasLoginModule</class>
<control-flag>required</control-flag>
<options>
</options>
</login-module>
</login-modules>
</application>
The j2ee/home/application-deployments/helloworld/jazn-data.xml looks like this:
<?xml version="1.0" encoding="UTF-8" standalone='yes'?>
<!DOCTYPE jazn-data PUBLIC "JAZN-XML Data" "http://xmlns.oracle.com/ias/dtds/jazn-data.dtd">
<jazn-data />
and we added this into the j2ee/home/application-deployments/helloworld/orion-applicaton.xml
<jazn provider="XML" location="jazn-data.xml" >
<property name="role.mapping.dynamic" value="true"/>
<property name="custom.loginmodule.provider" value="true"/>
<property name="jaas.username.simple" value="true" />
</jazn>
Are we missing anything? Our code runs, it seems like there is something lacking in the configuration on the OC4J side of things.
Anyone know what we are missing?
Thanks....

Hi,
if you are on 9.0.4 then <property name="custom.loginmodule.provider" value="true"/> shouldn't work because its a parameter of 10.1.3
Frank

JAAS problems

Similar Messages

Maybe you are looking for