Java.security entry for login module configuration

Similar Messages

• I need Java API documentation for Adapter Modules

  Hi
  Please provide me Java API documentation for Adatper Modules
  Regards
  Sowmya

  Use this
  https://help.sap.com/javadocs/pi/SP3/xpi/index.html
  http://help.sap.com/saphelp_nw04/helpdata/en/87/3ef4403ae3db12e10000000a155106/frameset.htm
  which is part of
  http://help.sap.com/saphelp_nw04/helpdata/en/8b/895e407aa4c44ce10000000a1550b0/frameset.htm
  Regards,
  Prateek

• Custom JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to point to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The access.policy file has contains content like below:
  grant Principal com.wipro.freeway.security.RolePrincipal "UserAdministration" {
       permission com.wipro.freeway.security.URLPermission "/createOtherUser.frw";
       permission com.wipro.freeway.security.URLPermission "/createDealer.frw";
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login module and code in Oracle application sever 10.1.3 and I haven't got any success yet. I am not getting how to set these JVM properties and make my application identify this custom login module. I have tried configuring the custom login module via oc4j admin console and I couldn't give a name to my configuration. I also set the system properties for
  -Djava.security.auth.login.config and -Djava.security.policy with no success.
  Could anybody please help me to get this right?
  Thanks in advance.

  Hello,
  In OracleAS 10g R3 (10.1.3.x) you can register your login module in your application (and server) using Enterprise Manager, and config file. That is easier and more flexible that the parameter.
  I would invite you to take a look to the security how-to:
  - 10.1.3 How-tos, and How to integrate a custom login module
  You can also take a look to the 10.1.3 Documentation and the LDAP/Login Module integration.
  - Security guide: Login Modules

• JAAS login module configuration in Oracle application server

  I have a LDAP login module implementing javax.security.auth.spi.LoginModule. This login module works well with tomcat and weblogic, if I configure the JVM arguments -Djava.security.auth.login.config and -Djava.security.policy to pont to the login.conf and access.policy files. The login.conf file has the below content
  FREEWAY_SERV
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=false;
  FREEWAY_PORT
  com.wipro.freeway.security.LdapLoginModule required debug=true portal=true;
  The application uses these login modules by passing Name of the JAAS configuration (FREEWAY_SERV or FREEWAY_PORT).
  I would like to use the same login modules and code in Oracle application sever 10.1.3 and I haven't got any success yet.
  Could anybody please help me to get this right?
  Thanks in advance.
  Message was edited by:
  vinayalva

  Hi,
  in OracleAs bet is to use Enterprise Manager to configure the login module. The LoginModule needs to be configured in the system-jazn-data.xml file, which is located in teh j2ee/home/config directory of the OC4J you use. Enterprise Manager does this all for you.
  In your application deployment the orion-application.xml file needs to specify that a custom LoginModule should be used. Again ENterprise Manager does it for you.
  To use the LoginModule e.d. for J2EE authentication, just make sure that the application name of the J2EE deployment matches the name of the LoginModule configuration
  If you want to use pure JAAS you may have to change the OC4J properties file in the j2ee/home/config directory. Best suggestion to give is to get the online documentation for OC4J security
  Frank

• Java Security Model for Web Apllication Security

  Hi,
  Any one can tell me about Java Security model used in web site protection. what are th eAPI's used to implement this model on Websites.
  I am keen to know only about the Authentication and Authorization secutiry.
  Thanks,
  Vivek

  Hi Ram, thanks for reply. I appreciate your comments.
  This is a very interesting topic because we need to know how much flexibility we have in order to apply security policies to our services. After all, SOA is about flexibility (with appropriate level of control), isn't it? :-P
  Option 1 (WSDL files) is a reasonable one. We could create "views" of the same service using ESB. But I'm concerned if this approach ("Security Oriented Views" of a service) can lead to difficulties in operational governance and appropriate discovery and reuse of the service.
  Option 2 is also something to be concerned, as we could end up designing "Security Oriented Architecture" :-P
  Option 3 (Customization through OAM) is also reasonable, but I don't know if this is really possible to achieve since OAM is mostly related to web resources. It would be nice if we had a chance to implement this in WSM instead.
  Denis
  Message was edited by:
  [email protected]
  Message was edited by:
  [email protected]

• Will there be a java security update for OS 10.7/10.8 users like the one for OS 10.6 users (update 12) ?

  There is a security risk for all 10.7/10.8 users according to Oracle.  When will we get a resoltuion and/or recommendation for the vunerablilities found in the Java version 1.6.0.37?

  When will we get a resoltuion and/or recommendation for the vunerablilities found in the Java version 1.6.0.37?
  There will never be a permanent resolution. Java is inherently insecure by design.
  Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was never a good idea, and Java's developers have had a lot of trouble implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it only on well-known, password-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.

• MII Workbench and java security Issue for jdk7

  Hello all,
  I am using MII version 12.2.2 Build(234) and java version jdk7.
  Now,I am not able to open or create a transaction in workbench.
  In java console, an error is shown below:
  AWT-EventQueue-0 [ERROR] - java.lang.ExceptionInInitializerError
       at com.sap.lhcommon.expressioneval.ExpressionLoader.<clinit>(ExpressionLoader.java:282)
       at com.sap.xmii.bls.expressioneval.TransactionFunctions.<clinit>(TransactionFunctions.java:27)
       at com.sap.xmii.xacute.editors.common.FunctionsComboBox.createBox(FunctionsComboBox.java:45)
       at com.sap.xmii.xacute.editors.common.FunctionsComboBox.<init>(FunctionsComboBox.java:39)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.createExpressionEditorPanel(LinkEditorPanel.java:1033)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.initialize(LinkEditorPanel.java:316)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorPanel.<init>(LinkEditorPanel.java:198)
       at com.sap.xmii.xacute.editors.transaction.dialogs.linkeditor.LinkEditorBottomPanel.<clinit>(LinkEditorBottomPanel.java:28)
       at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.initDisplay(TransactionInfo.java:353)
       at com.sap.xmii.Illuminator.gui.workbench.core.TransactionInfo.createNewFile(TransactionInfo.java:149)
       at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction.createFileInfoObject(NewAction.java:194)
       at com.sap.xmii.Illuminator.gui.workbench.components.actions.actions.NewAction$1.construct(NewAction.java:115)
       at com.sap.lhcommon.gui.ThreadCreator$2.run(ThreadCreator.java:96)
       at java.lang.Thread.run(Unknown Source)
  Caused by: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.action")
       at java.security.AccessControlContext.checkPermission(Unknown Source)
       at java.security.AccessController.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPermission(Unknown Source)
       at java.lang.SecurityManager.checkPackageAccess(Unknown Source)
       at sun.misc.Launcher$AppClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass0(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
       at com.sun.jnlp.JNLPPreverifyClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at java.lang.ClassLoader.loadClass(Unknown Source)
       at com.sap.lhcommon.expressioneval.functions.DecodeFunction.<clinit>(DecodeFunction.java:83)
       ... 14 more
  I also modified the 'java.policy' file. But it did not work. I am still getting the same error.
  Kindly advise..
  Thanks,
  Ritwika.

  I do not yet know the security implications of doing what I did to fix this issue, but here is my solution.
  I added the following to the jre7 java.policy file in the section "grant {":
  permission java.lang.RuntimePermission "accessClassInPackage.sun.security.action";

• Login Module configuration for soap adapter ?

  Hi Guys,
  I have configured XISOAPAdapter for client certificate Authentication and i have created 1443 as the HTTPS port on the ABAP stack and defined this port in the instance profile.
  Under SSL provider i have selected 50101 as the HTTPS port and the user mapping to the certificate works fine and i was able to login directly.
  https://host:50101/XISOAPAdapter/MessageServlet - I was able to login with the user mapping to certifcate.
  but when i try https://host:1443/XISOAPAdapter/MessageServlet - it is asking for the basic password authentication and the automatic login with the certifcate is not working. Our customer will be using this url to send messages to soap adapter.
  under policy configurations for XISOAPAdapter, i have defined only clientcertificateloginmodule and define the rule as Rule1.getUserFrom=wholecert.
  any help or suggestions would be appreciated.
  Thanks,
  Srini

  Hi,
  We also experienced that limitation when a vendor is connecting to our XI SOAP Sender Adapter. It is asking for basic username/password. What we did was to create a Generic XI user with a password on it and use SSL authentication at the same time. Our Scenario was PI --> XI --> SAP R3, with the PI system using an HTTP RFC destination with a Basic Logon and Active SSL option to connect to the same system as yours https://host:portnumber/XISOAPAdapter/MessageServlet
  Let me know if this helped...
  Regards,

• Is this Java Glossary entry for "static" correct?

  Hi all,
  I'm trying to understand static variables.
  This glossary: http://mindprod.com/jgloss/static.html, has several lines that I don't think are correct, but I could certainly be wrong myself.
  static final when applied to a variable is Javanese for "constant".
  All static methods are automatically final. It is not strictly speaking an error to
  mark them final, but it is redundant and considered bad form.I made a test class with a public static int x in it. I did not initialize the int. The compiler had no problems with it. I then made it a public static final int and the compiler (Eclipse, Java 1.5) complained that the int had not been initialized. Therefore, it seems to me that static and static final are different.
  They can call instance methods only if they use their own object
  references -- not rely on this.I made a class with a public static Object x. I then set x to be this in a method. The compiler had no problems with this.
  Am I misunderstanding what the author means in the two quotes above?
  Thanks!
  Tim
  Edit: Woops, the above quotes talk about methods, not variables. Shouldn't the same be true of variables, though? How can a static constant relay on 'this"?

  TimQuinn wrote:
  Hi all,
  I'm trying to understand static variables.
  This glossary: http://mindprod.com/jgloss/static.html, has several lines that I don't think are correct, but I could certainly be wrong myself.
  static final when applied to a variable is Javanese for "constant". This is correct.
  All static methods are automatically final.This is incorrect.
  public class Scratch {
    final static void foo() {}
  class ZZZ extends Scratch {
    static void foo() {}
  }Notice the difference when Sractch.foo is declared final vs. when it's not.
  I made a test class with a public static int x in it. I did not initialize the int. The compiler had no problems with it. I then made it a public static final int and the compiler (Eclipse, Java 1.5) complained that the int had not been initialized. Therefore, it seems to me that static and static final are different.Yes, they are.
  Note, however, that final means something different for a variable than for a method, and that Roedy was talking about both in the same paragraph.
  They can call instance methods only if they use their own object
  references -- not rely on this
  I made a class with a public static Object x. I then set x to be this in a method. The compiler had no problems with this.Because the calling method wasn't static. He's saying a static method can call an instance method only if it has it's own reference to an instance, since there is no this in a static method. He is correct.

• Java Secure channel for FTP over SSH

  Does the Jsch provided by JCRAFT support authentication and authorisation via public key certificates? If yes then is there website which gives me some info on this?
  I checked out the site http://www.jcraft.com/jsch/index.html but this does not provide much info on the certificates.
  If anyone knows some information regarding this, kindly reply ASAP
  Thanks

  One of the examples provided with the ditribution actually generates those keys. I will admit, the documentation for JSch is very thin, but they provide examples for everything with the distribution. If you wish to use a key generated by another program, make sure that the key provided is in OpenSSH format (Putty and Secure SSH formats don't work).

• Login module for the J2EE application

  Hi ,
  I am trying to use the BasicPasswordLoginModule for my J2EE application which will be deployed in the SAP J2EE engine.My application will not be accessed through the portal.
  I am having a login screen in my application for which i want to use the already avaliable login module. ie.. BasicPasswordLoginModule.
  When i am trying to get the login(). i am getting the following the error.
  "javax.security.auth.login.LoginException: No LoginModules configured for BasicPasswordLoginModule".
  Please let me know what needs to be done.
  PS: The version environment is CE 7.1
  Regards
  Abu Bakar

  Hi Julius
  I am totally confused, my application is a pure J2EE application which has only one screen which just displays the details. And i want only the login screen to be implemented. I have gone through a couple of dec from sap which tells to created a custom login module if requiredl but i want to user the FORM based authentication and use the BasicPasswordLoginModule(in-built in WAS)
  All that i am doing is written a web.xml with the following information:
  <login-config>
     <auth-method>FORM</auth-method>
     <form-login-config>
     <form-login-page>/home.jsp</form-login-page>
     <form-error-page>/relogin.jsp</form-error-page>
     </form-login-config>
    </login-config>
    <security-role>
      <role-name>App_Viewer</role-name>
    </security-role>
  web-j2ee-engine with following information:
  <security-role-map>
            <role-name>App_Viewer</role-name>
             <server-role-name>Administrator</server-role-name>
       </security-role-map>
       <login-module-configuration>
       <login-module-stack>
       <!-- Contains all login modules used for authentication -->
            <login-module>
            <!-- Contains information about one login module -->
                 <login-module-name>BasicPasswordLoginModule</login-module-name>
                 <flag>SUFFICIENT</flag>
                 <options>
                      <option>
                      <!-- The option UserNamePrefix determines that the user name must start with "Admin" -->
                      <name>UserNamePrefix</name>
                      <value>Admin</value>
                      </option>
                 </options>
            </login-module>
       </login-module-stack>
       <security-policy-domain></security-policy-domain>
  </login-module-configuration>
  And I am not sure, if the above mentioned details are enough. My implementation code is as follows:
  try {
            HttpServletRequest request = (HttpServletRequest) FacesContext.getCurrentInstance().getExternalContext().getRequest();
            HttpServletResponse response = (HttpServletResponse) FacesContext.getCurrentInstance().getExternalContext().getResponse();
            request.setAttribute(ILoginConstants.LOGON_UID_ALIAS, this.getUserName());
            request.setAttribute(ILoginConstants.LOGON_PWD_ALIAS, this.getPassword());
            UMFactory.getLogonAuthenticator().logon(request, response, "BasicPasswordLoginModule");
            status = success;
       } catch (Exception e) {
            e.printStackTrace();
            status = e.toString();
  In the NWA i have just configured the UserNamePrefix with Admin, thats all . Since the form login authentication method is already configure with the BasicPasswordLoginModule, I left it untouched.
  I also implemented a custom login module and deployed it but not sure how to use it in my code.
  Please let me know if i am in the rite track. Correct me if i am wrong. At the end of the day i want to use the login screen just to get authenticated. I am also not bothered about the password changing etc.. As the users who are going to use my application are the users in the Identity Management. Few portions of my screen should be allowed to be displayed based on the roles.
  PS: My application is not configured in the portal. Its an independent application deployed on the WAS(CE 7.1).
  Please advice
  Regards
  Abu Bakar

• Weblogic 8.1 JAAS login.configuration.provider from java.security does not seem to work?

  We configure a custom implementation of the JAAS
  javax.security.auth.login.Configuration class for our applications security
  framework in JRE_LIB/security/java.security using the entry
  login.configuration.provider=com.foo.SecurityConfiguration
  However, this does not seem get picked up and the configuration provider
  class instead seems to default to
  weblogic.security.service.ServerConfiguration
  instead.
  Has anyone else seen this?
  We're using the JDK bundled with Weblogic 8.1
  TIA for your help

  Thanks for all the posting re. this issue....
  I think the way Weblogic implemented "support" for JAAS in 8.1 totally
  blows. In fact, when I asked BEA support about this, they basically sent me
  an email saying that "Weblogic owns the JAAS configuration" so if you have a
  security framework that is application server agnostic, but leverages JAAS
  then you are screwed when deploying on Weblogic 8.1.
  I looked for a workaround and believe that instead of using an entry in
  java.security for your custom configuration class, if you set the JVM
  parameter
  -Dlogin.configuration.provider=com.foo.SecurityConfiguration
  then what happens is that the Weblogic custom class
  weblogic.security.service.ServerConfiguration is invoked by JAAS. It tries
  to load the login module configuration and if that fails, it delegates to
  com.foo.SecurityConfiguration. So this should enable both the weblogic
  security framework and a custom security framework that are both based on
  JAAS
  I'm currently testing this out
  "Lloyd Fernandes" <[email protected]> wrote in message
  news:[email protected]...
  >
  Robert Greig <[email protected]> wrote:
  Lloyd Fernandes wrote:
  "Lloyd Fernandes" <[email protected]> wrote:
  "Prashant Nayak" <[email protected]> wrote:
  We configure a custom implementation of the JAAS
  javax.security.auth.login.Configuration class for our applications
  security
  framework in JRE_LIB/security/java.security using the entry
  login.configuration.provider=com.foo.SecurityConfiguration
  However, this does not seem get picked up and the configuration
  provider
  class instead seems to default to
  weblogic.security.service.ServerConfiguration
  instead.
  Has anyone else seen this?
  We're using the JDK bundled with Weblogic 8.1
  TIA for your help
  As per documentation in the API JAVADOCS forjavax.security.auth.login.Configuration
  >>>>
  >>>>
  The default Configuration implementation can be changed by settingthe
  value of
  the "login.configuration.provider" security property (in the Java
  security
  properties
  file) to the fully qualified name of the desired Configurationimplementation
  class. The Java security properties file is located in the file named
  <JAVA_HOME>/lib/security/java.security,
  where <JAVA_HOME> refers to the directory where the JDK was installed.
  Have you tried to use a startup class to set the configuration providerusing
  javax.security.auth.login.setConfiguration(YourConfigClass);
  Weblogic probably uses this to set the configuration class to it'sown.
  You have to consider whether this is really something you want to do
  however. If you want to get WLS to use a custom authenticator use its
  SSPIs. You can configure the order etc. in the admin console.
  By overriding the configuration you override it for the server as a
  whole which can mean for example that you cannot login to the admin
  console. Having said this, from memory, I believe that the property is
  ignored in WLS. However you can still call
  Configuration.setConfiguration if you really want to.
  The fact that there is a "global static" in the Configuration class is
  a
  Bad Thing IMHO, that was never really designed for an app server
  environment.
  Robert
  If it is a bad thing to have a static how come Weblogic uses it instead ofthe
  standard way of modifying the property in java security file - it isbecause
  weblogic wants it's own way of implementing instead of using using the'plugable
  module' architecture of JAAS.
  When weblogic advertised that it will support JAAS the impression was thatWeblogic
  would provide a login module that will implement the security mechanism itwanted
  - instead it went it's own way.
  Also consider the following
  1. JAAS specifies a mechanism for multiple configurations based on a'application'.
  This is not possible in the current 'weblogic security mechanism'
  2. Weblogic says it supports JAAS but what it does not tell you is that inorder
  to use available login modules you have to write a whole bunch of code tosupport
  principal validators and authenticators. (I begin to wonder if write oncedeploy
  anywhere is not part of Sun's certification process anymore)

• Custom Login Module for Tomcat to procted apps using Oracle Access Manager

  Hi all,
  I have the following scenario.
  A web application deployed in Tomcat to be protected using OAM. One solution is to use Access Gate though we have other alternative as Proxy infront of Tomcat with a webgate. Now I am implementing the Access Gate solution.
  So, when the user clicks the tomcat application, then the prompt (BASIC) appears for login details. custom login module should kick in and take those login details and authenticate against OAM using Access SDK API.
  I have created access gate profile and installed Access SDK. Ran the ConfigureAccessGateTool as well.
  I did some research googling for login module. I came to know that we need to write a custom realm for it. So, this realm implementation involves specifying role-name etc., in web.xml where the role-name would have been defined in tomcat-users.xml.
  This means that the user trying to authenticate against OAM has to have some roles defined in Tomcat to login. I didnot understand the flow end to end as how this will work.
  Please let me know if anybody has done this of customization.
  Thanks,
  Mahendra.

  Hi Ambarish,
  Initially I thought of implementing the way you suggested in Option 2.
  But there will be various redirections when we use option 2 as the login page should redirect it to a page where OAM authentication and authorization stuff has to be handled. And accordingly we have to redirect it to specific pages upon successful atn and atz. Hence, I was opted using Custom Login Module.
  However, I have been trying Option 2 now. In web.xml, I have specified a login page with FORM scheme. The login redirects it to another page say OAM_Authentication_Handler.jsp. Here we code which serves atn and atz. Upon doing this, I have observed that the protected resource in OAM is not getting evaluated using the method
  String ms_protocol = "http";
  String ms_method = "GET";
  String ms_resource = "http://localhost:8080/FormLogin/private.jsp";
  ObResourceRequest rrq = new ObResourceRequest(ms_protocol, ms_resource, ms_method);
  The method rrq.isProtected() is returning false which implies it to unprotected. I have tested using Access Tester for the resource and it results in expected behaviour.
  Is there any limitation here by using this approach?
  Any ideas?
  Thanks,
  Mahendra.

• Error in some of the login modules

  `Hi Experts,
  I have deployed SPNEGO and when user trying to login to portal, it gives the error as taken from diagtoo(below)
  Also would like to inform you that when I have configured the wizard, some how in VA for lots of the Components in Security
  provider, I found lots of those components does have the value for the Evaluateticket, evaluateAssertion, basicpassword,
  createticketlogon did not had any values to it.
  The components which I have updated are,
  1. sap.com.lcr*sld---> I have added for EvaulateTicketloginModule and EvaluateAssertion ticket module like
  ume.configuration.active     true
  trustediss1               OU=J2EE,CN=ABC
  trusteddn1               OU=J2EE,CN=ABC
  trustedsys1               ABC,555
  and for CreateTicketLoginModule
  ume.configuration.active     true
  Like wise done for the following components also.
  2. sap.com/sap.comtckmc.coll.room.wsdeplRoomABAPWS_config1
  3. sap.com/sap.commonitoringsysteminfo*sap_monitoring( here only 3 login modules present. so updated accordingly
  to the above mentioned values for whatever loginmodule was present)
  4. jmx~spnego was not having the template as SPNEGO so selected SPNEGO template and updated whatever ( 5 login module accordingly)
  5. sap.com/tcsecwssec~app*wssproc_cert
  6. sap.com/tcsecwssec~app*wssproc_plain
  7. sap.com/tcsecwssec~app*wssproc_ssl
  8. sap.com/tcslmslmapp*slmServices_Config
  9. sap.com/tcslmslmapp*slmSolManServices_Config
  10. ....~eap*GPRuntimeFacadeWS_
  11. ..RuntimeearCAFDataService
  Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandleraT6d992c17)
  13:47:15:804 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, trustedsys1=ABC,555, trusteddn1=OU=J2EE,CN=ABC}].
  13:47:15:804 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 ~s.constructor(Map, Properties, boolean) Entering method with ({System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Sun Mar 15 13:01:44 AST 2009}, <null>)
  13:47:15:804 Info J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas got [ume.configuration.active]: [true]
  13:47:15:804 Warning J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas no authscheme found that has auth template spnego
  13:47:15:805 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;aT631dd237
  13:47:15:805 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 ~ity.core.server.jaas.getMergedOptions() Entering method
  13:47:15:805 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas Exiting method with [Ljava.lang.Object;aT3ad44bb7
  13:47:15:805 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack after merge with UME properties are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, system=ABC, client=555, j_authscheme=default, inclcert=0, trusteddn1=OU=J2EE,CN=ABC, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, trustedsys1=ABC,555, password=}].
  13:47:15:805 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas The options of EvaluateTicketLoginModule in [spnego] authentication stack after adding the default values are: [{ume.configuration.active=true, trustediss1=OU=J2EE,CN=ABC, system=ABC, client=555, j_authscheme=default, inclcert=0, trusteddn1=OU=J2EE,CN=ABC, ume.logon.httponlycookie=TRUE, alias=SAPLogonTicketKeypair, sap.security.auth.configuration.name=spnego, ume.logon.security.enforce_secure_cookie=FALSE, validity=8, keystore=TicketKeystore, trustedsys1=ABC,555, password=}].
  13:47:15:805 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas Exiting method
  13:47:15:806 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] ~er.jaas.spnego.util.ConfigurationHelper My GSS name is: J2ee-abcaTBah.ARAB.LOCAL
  13:47:15:806 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] ~er.jaas.spnego.util.ConfigurationHelper GSS name type is: 1
  13:47:15:807 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] ~er.jaas.spnego.util.ConfigurationHelper GSS mechanism is: 1.2.840.113554.1.2.2
  13:47:15:808 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out Debug is  true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is J2ee-abcaTBah.ARAB.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
  Refreshing Kerberos configuration
  13:47:15:808 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out Refreshing Keytab
  13:47:15:809 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out >>> KeyTabInputStream, readName(): Bah.ARAB.LOCAL
  13:47:15:809 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out >>> KeyTabInputStream, readName(): J2ee-abc
  13:47:15:809 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out >>> KeyTab: load() entry length: 60; type: 3
  13:47:15:809 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out principal's key obtained from the keytab
  13:47:15:809 Info J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] System.out Acquire TGT using AS Exchange
  13:47:15:811 Path J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Exception : Error in some of the login modules.
  java.lang.Exception
  at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1141)
  at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:253)
  at com.sap.engine.services.security.exceptions.BaseLoginException.<init>(BaseLoginException.java:114)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  Caused by: java.lang.NullPointerException
  at java.lang.StringBuffer.append(StringBuffer.java:467)
  at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:627)
  at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:511)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  13:47:15:812 Error J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Error in some of the login modules.
  [EXCEPTION]
  com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:149)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.GeneratedMethodAccessor368.invoke(Unknown Source)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  Caused by: java.lang.NullPointerException
  at java.lang.StringBuffer.append(StringBuffer.java:467)
  at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:627)
  at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:511)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  ... 24 more
  13:47:15:813 Error J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Exception com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:149)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
  at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:75)
  at sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:149)
  at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
  at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  Caused by: java.lang.NullPointerException
  at java.lang.StringBuffer.append(StringBuffer.java:467)
  at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:627)
  at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:511)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.login(LoginModuleLoggingWrapperImpl.java:150)
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)
  ... 24 more
  see below for more error

  13:47:15:814 Path J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Exception : Internal server error. An error log with ID [00144FB7C99A00B30000000C000040770004653A2C7E1DD8] is created. For more information contact your system administrator.
  java.lang.Exception
  at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1141)
  at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:253)
  at com.sap.engine.services.security.exceptions.BaseSecurityException.<initat com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  13:47:15:815 Error J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Internal server error. An error log with ID [00144FB7C99A00B30000000C000040770004653A2C7E1DD8] is created. For more information contact your system administrator.
  [EXCEPTION]
  com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID [00144FB7C99A00B30000000C000040770004653A2C7E1DD8] is created. For more information contact your system administrator.
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:157)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.GeneratedMethodAccessor368.invoke(Unknown Source)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  13:47:15:816 Error J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] ~es.security.authentication.logincontext LOGIN.FAILED
  User: N/A
  Authentication Stack: com.sun.security.jgss.accept
  Login Module                                                            Flag        Initialize  Login      Commit     Abort      Details
  com.sun.security.auth.module.Krb5LoginModule                            REQUISITE   ok          exception             false      null
  com.sap.security.core.server.jaas.SPNegoMappingLoginModule              REQUISITE   ok                                true       
  13:47:15:816 Path J2EE_GUEST ~ngine_Application_Thread[impl:3]_Group] com.sap.engine.services.security Exception : Access Denied.
  java.lang.Exception
  at com.sap.exception.BaseExceptionInfo.traceAutomatically(BaseExceptionInfo.java:1141)
  at com.sap.exception.BaseExceptionInfo.<init>(BaseExceptionInfo.java:253)
  at com.sap.engine.services.security.exceptions.BaseLoginException.<init>(BaseLoginException.java:114)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:286)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  Caused by: com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID [00144FB7C99A00B30000000C000040770004653A2C7E1DD8] is created. For more information contact your system administrator.
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:157)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.GeneratedMethodAccessor368.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:334)
  at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:44)
  at sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:102)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.acquireCredentials(ConfigurationHelper.java:230)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper.access$000(ConfigurationHelper.java:28)
  at com.sap.security.core.server.jaas.spnego.util.ConfigurationHelper$RunnableHelper.run(ConfigurationHelper.java:330)
  13:47:15:817 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 ~rity.core.server.jaas.SPNegoLoginModule Exception in SPNegologinModule.initialize.
  [EXCEPTION]
  GSSException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:189)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:80)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at sun.security.jgss.LoginUtility.run(LoginUtility.java:57)
  at java.security.AccessController.doPrivileged(Native Method)
  at sun.security.jgss.krb5.Krb5AcceptCredential.getKeyFromSubject(Krb5AcceptCredential.java:186)
  ... 9 more
  Caused by: com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID [00144FB7C99A00B30000000C000040770004653A2C7E1DD8] is created. For more information contact your system administrator.
  at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:157)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:172)
  ... 22 more
  13:47:15:819 Error J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.engine.services.security Cannot initialize login module com.sap.security.core.server.jaas.SPNegoLoginModule .
  [EXCEPTION]
  java.lang.RuntimeException: No valid credentials provided (Mechanism level: Attempt to obtain new ACCEPT credentials failed!)
  at com.sap.security.core.server.jaas.SPNegoLoginModule.initialize(SPNegoLoginModule.java:446)
  at com.sap.engine.services.security.login.LoginModuleLoggingWrapperImpl.initialize(LoginModuleLoggingWrapperImpl.java:129)
  at com.sap.engine.services.security.login.LoginContextFactory.initializeLoginContext(LoginContextFactory.java:167)
  at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:141)
  at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
  at sun.reflect.GeneratedMethodAccessor368.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
  at java.lang.reflect.Method.invoke(Method.java:324)
  at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
  at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
  at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
  at java.security.AccessController.doPrivileged(Native Method)
  at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
  at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
  at com.sap.security.core.logon.imp.SAPJ2EEAuthenticator.getLoggedInUser(SAPJ2EEAuthenticator.java:131)
  at com.sapportals.portal.prt.service.authenticationservice.AuthenticationService.getLoggedInUser(AuthenticationService.java:303)
  at com.sapportals.portal.prt.connection.UMHandler.handleUM(UMHandler.java:96)
  at com.sapportals.portal.prt.connection.ServletConnection.handleRequest(ServletConnection.java:186)
  at com.sapportals.portal.prt.dispatcher.Dispatcher$doService.run(Dispatcher.java:522)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sapportals.portal.prt.dispatcher.Dispatcher.service(Dispatcher.java:405)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.servlet.InvokerServlet.service(InvokerServlet.java:156)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.doWork(RequestDispatcherImpl.java:321)
  at com.sap.engine.services.servlets_jsp.server.runtime.RequestDispatcherImpl.forward(RequestDispatcherImpl.java:377)
  at com.sap.portal.navigation.Gateway.service(Gateway.java:126)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.runServlet(HttpHandlerImpl.java:390)
  at com.sap.engine.services.servlets_jsp.server.HttpHandlerImpl.handleRequest(HttpHandlerImpl.java:264)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:347)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.startServlet(RequestAnalizer.java:325)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.invokeWebContainer(RequestAnalizer.java:887)
  at com.sap.engine.services.httpserver.server.RequestAnalizer.handle(RequestAnalizer.java:241)
  at com.sap.engine.services.httpserver.server.Client.handle(Client.java:92)
  at com.sap.engine.services.httpserver.server.Processor.request(Processor.java:148)
  at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
  at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
  at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
  at java.security.AccessController.doPrivileged(Native Method)
  at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
  at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  13:47:15:821 Path J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 ~.security.core.server.jaas.initialize() Entering method with (Subject:
  , javax.security.auth.login.LoginContext$SecureCallbackHandleraT6d992c17, {System-ID=ABC, sap.security.auth.configuration.name=spnego, sap.security.auth.context.object=Security Context : session (0) for J2EE_GUEST created at Sun Mar 15 13:01:44 AST 2009}, {ume.configuration.active=true})
  13:47:15:821 Debug J2EE_GUEST SAPEngine_Application_Thread[impl:3]_39 com.sap.security.core.server.jaas

• Login module BasicPasswordLoginModule

  Hi all!
  I need to configure a Web application on the SAP J2EE engine to use BasiPasswordLoginModule, so it could ask for user and pasword, but it doesn´t work.
  I have configured it in the visual adminstrator Security Provider Service, and I have write this code in my servlet
       LoginContext lc;
            try{
             lc = new LoginContext("sap.com/belma4asdfEAR*belma4asdf");
             lc.login();
            }catch(LoginException le){
                 PrintWriter pw = response.getWriter();
                 pw.print(le.getMessage());
                 pw.print("
  pw.print(le.getCause());
  pw.flush();
  return;
  It produces the output
  Access Denied.
  com.sap.engine.services.security.exceptions.BaseSecurityException: Internal server error. An error log with ID is created. For more information contact your system administrator.
  Access Denied.
  com.sap.engine.services.security.exceptions.BaseLoginException: Access Denied.
       at com.sap.engine.services.security.login.FastLoginContext.login(FastLoginContext.java:233)
       at com.sap.engine.system.SystemLoginModule.login(SystemLoginModule.java:90)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
       at eds.hcenergia.pruebas.belma.Belma.process(Belma.java:53)
       at eds.hcenergia.pruebas.belma.Belma.doGet(Belma.java:20)
       at javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
  It looks like if it was trying to access another login module, instead of the BasicPasswordLoginModule.
  Do I need any other configuration?
  Thank in advance,

  Thanks bvr, but that´s not the problem.
  As I´m using a standard login module, there is no problem with the class loader.
  I have found that I was wrong, because I found in a log that the BasicPasswordLoginModule is been called,  an ended with an error.
  There is an entry in the log with the exception:
  Caught java.lang.NullPointerException
       at com.sap.engine.services.security.resource.ResourceHandleImpl.listResources(ResourceHandleImpl.java:49)
       at com.sap.engine.services.security.resource.ResourceContextImpl.getResourceAliases(ResourceContextImpl.java:147)
       at com.sap.engine.services.security.remoteimpl.resource.RemoteSecurityResourcesImpl.getResourceAliases(RemoteSecurityResourcesImpl.java:131)
       at com.sap.engine.services.security.remoteimpl.resource.RemoteSecurityResourcesImplp4_Skel.dispatch(RemoteSecurityResourcesImplp4_Skel.java:128)
       at com.sap.engine.services.rmi_p4.DispatchImpl._runInternal(DispatchImpl.java:304)
       at com.sap.engine.services.rmi_p4.DispatchImpl._run(DispatchImpl.java:193)
       at com.sap.engine.services.rmi_p4.server.P4SessionProcessor.request(P4SessionProcessor.java:122)
       at com.sap.engine.core.service630.context.cluster.session.ApplicationSessionMessageListener.process(ApplicationSessionMessageListener.java:33)
       at com.sap.engine.core.cluster.impl6.session.MessageRunner.run(MessageRunner.java:41)
       at com.sap.engine.core.thread.impl3.ActionObject.run(ActionObject.java:37)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sap.engine.core.thread.impl3.SingleThread.execute(SingleThread.java:100)
       at com.sap.engine.core.thread.impl3.SingleThread.run(SingleThread.java:170)
  Then, another entry saying:
  "Login module com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule from authentication stack basic errors while authenticating the caller. Most probably the authentication stack is not set up correctly."
  And finally an entry with the exception I have copy above in the post.
  Thanks in advance for any answer.