Using javax.security.auth.LoginContext to generate a renewable ticket
Hi,
I tired to use javax.security.auth.LoginContext (with kerberos) to generate a forwardable and renewable ticket. With this ticket I authenticate the user at an other server.
My problem is, that the code generates a forwardable ticket, but not a renewable one. If I use the kinit (console tool) I am able to generate a renewable one.
Here is the JAVA-code:
System.setProperty("sun.security.krb5.debug","true");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("java.security.auth.login.config", "login.conf");
lc = new LoginContext("SampleCXF",new LoginGuiCallbackHandler());
try {
lc.login();
}catch(Exception e) {
e.printStackTrace();
System.exit(1);
Subject subject = lc.getSubject();
KerberosTicket kt = (KerberosTicket) subject.getPrivateCredentials().iterator().next();
System.out.println(kt);
Subject.doAsPrivileged(subject, new PrivilegedAction<byte[]>() {
@Override
public byte[] run() {
try {
JaxWsProxyFactoryBean factory = new JaxWsProxyFactoryBean();
factory.setServiceClass(TestService.class);
factory.setAddress("https://server.at/TestProjektServer/services/TestService");
TestService client = (TestService) factory.create();
String message = client.service1("param service 1");
//String message = client.service1("param service 1");
}catch(Exception e) {
e.printStackTrace();
return null;
}, null);
the login.conf contains:
SampleCXF {
com.sun.security.auth.module.Krb5LoginModule required useTicketCache=true debug=true renewTGT=true doNotPront=true;
the krb5.conf contains:
[libdefaults]
default_realm = TESTREALM
kinit = {
forwardable = true
proxiable = true
renew_lifetime = 5d 0h 0m 0s
[realms]
TESTREALM = {
kdc = aba.hostingcenter.uclv.net
admin_server = aba.hostingcenter.uclv.net
[domain_realm]
*.test.net = TESTREALM
.test.net = TESTREALM
[logging]
default = FILE:/var/log/kdc.log
kdc = FILE:/var/log/kdc.log
[appdefaults]
pam = {
renewable = true
forwardable = true
renew_lifetime = 5d 0h 0m 0s
If I use my client principal and password a ticket will be generated. This ticket is not renewable!!
If I use the ticket cache (kinit -r, and kinit -R), a renewable ticket was loaded. On the server side the forwarded ticket is not renewable. It seams that the client generates a new ticket with the forwarded flag, but the renewable flag is not set.
does anyone have an idea?
Thanks a lot
Ludi
Edited by: user6714014 on Dec 13, 2011 7:34 AM
nobody knows?
Similar Messages
-
NotSerializableException: javax.security.auth.login.LoginContext
Hi,
I'm using the JAAS-API for a JDBC-based user login procedure.
Although it worked fine for months, suddenly it doesn't work anymore (i.e., after user enters name+password and clicks login-button, nothing happens besides the browser bottom line 'waiting for localhost'). I tried to debug this, but then Creator always crashed.
I just looked inside the server-log-files and found the following exception stack trace. It was stored in the files during every login procedure.
Because it worked fine before, this issue probably is not critical and could be solved by reinstalling Creator, but anyway I would greatly appreciate, if someone would have an idea what the problem is.
Regards,
Felix
[#|2006-07-10T17:41:50.494+0200|INFO|sun-appserver-pe8.2|org.apache.catalina.session.ManagerBase|_ThreadID=17;|Cannot serialize session attribute SessionBean1 for session 5918037189ed39ffffffffc4ba0330aded7d1
java.io.NotSerializableException: javax.security.auth.login.LoginContext
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1075)
at java.io.ObjectOutputStream.defaultWriteFields(ObjectOutputStream.java:1369)
at java.io.ObjectOutputStream.writeSerialData(ObjectOutputStream.java:1341)
at java.io.ObjectOutputStream.writeOrdinaryObject(ObjectOutputStream.java:1284)
at java.io.ObjectOutputStream.writeObject0(ObjectOutputStream.java:1073)
at java.io.ObjectOutputStream.writeObject(ObjectOutputStream.java:291)
at org.apache.catalina.session.StandardSession.writeObject(StandardSession.java:1775)
at org.apache.catalina.session.StandardSession.writeObjectData(StandardSession.java:985)
at org.apache.catalina.session.StandardManager.doUnload(StandardManager.java:543)
at org.apache.catalina.session.StandardManager.unload(StandardManager.java:482)
at org.apache.catalina.session.StandardManager.stop(StandardManager.java:711)
at org.apache.catalina.core.StandardContext.stop(StandardContext.java:4675)
at org.apache.catalina.core.ContainerBase.removeChild(ContainerBase.java:956)
at com.sun.enterprise.web.WebContainer.unloadWebModule(WebContainer.java:2122)
at com.sun.enterprise.server.WebModuleDeployEventListener.moduleUndeployed(WebModuleDeployEventListener.java:198)
at com.sun.enterprise.server.WebModuleDeployEventListener.moduleUndeployed(WebModuleDeployEventListener.java:278)
at com.sun.enterprise.admin.event.AdminEventMulticaster.invokeModuleDeployEventListener(AdminEventMulticaster.java:920)
at com.sun.enterprise.admin.event.AdminEventMulticaster.handleModuleDeployEvent(AdminEventMulticaster.java:905)
at com.sun.enterprise.admin.event.AdminEventMulticaster.processEvent(AdminEventMulticaster.java:427)
at com.sun.enterprise.admin.event.AdminEventMulticaster.multicastEvent(AdminEventMulticaster.java:139)
at com.sun.enterprise.admin.server.core.DeploymentNotificationHelper.multicastEvent(DeploymentNotificationHelper.java:288)
at com.sun.enterprise.deployment.phasing.DeploymentServiceUtils.multicastEvent(DeploymentServiceUtils.java:155)
at com.sun.enterprise.deployment.phasing.ServerDeploymentTarget.sendStopEvent(ServerDeploymentTarget.java:283)
at com.sun.enterprise.deployment.phasing.StopPhase.runPhase(StopPhase.java:126)
at com.sun.enterprise.deployment.phasing.DeploymentPhase.executePhase(DeploymentPhase.java:71)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.executePhases(PEDeploymentService.java:639)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.stop(PEDeploymentService.java:409)
at com.sun.enterprise.deployment.phasing.PEDeploymentService.stop(PEDeploymentService.java:444)
at com.sun.enterprise.admin.mbeans.ApplicationsConfigMBean.stop(ApplicationsConfigMBean.java:725)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.enterprise.admin.MBeanHelper.invokeOperationInBean(MBeanHelper.java:305)
at com.sun.enterprise.admin.config.BaseConfigMBean.invoke(BaseConfigMBean.java:360)
at com.sun.jmx.mbeanserver.DynamicMetaDataImpl.invoke(DynamicMetaDataImpl.java:213)
at com.sun.jmx.mbeanserver.MetaDataImpl.invoke(MetaDataImpl.java:220)
at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:815)
at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:784)
at sun.reflect.GeneratedMethodAccessor25.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at com.sun.enterprise.admin.util.proxy.ProxyClass.invoke(ProxyClass.java:54)
at $Proxy1.invoke(Unknown Source)
at com.sun.enterprise.admin.server.core.jmx.SunoneInterceptor.invoke(SunoneInterceptor.java:272)
at com.sun.enterprise.admin.jmx.remote.server.callers.InvokeCaller.call(InvokeCaller.java:38)
at com.sun.enterprise.admin.jmx.remote.server.MBeanServerRequestHandler.handle(MBeanServerRequestHandler.java:92)
at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.processRequest(RemoteJmxConnectorServlet.java:69)
at com.sun.enterprise.admin.jmx.remote.server.servlet.RemoteJmxConnectorServlet.doPost(RemoteJmxConnectorServlet.java:94)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:767)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:860)
at sun.reflect.GeneratedMethodAccessor82.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:249)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAsPrivileged(Subject.java:517)
at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:282)
at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:165)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:257)
at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:55)
at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:161)
at java.security.AccessController.doPrivileged(Native Method)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:157)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:263)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:225)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:173)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:132)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:551)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:933)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:189)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.doProcess(ProcessorTask.java:604)
at com.sun.enterprise.web.connector.grizzly.ProcessorTask.process(ProcessorTask.java:475)
at com.sun.enterprise.web.connector.grizzly.ReadTask.executeProcessorTask(ReadTask.java:371)
at com.sun.enterprise.web.connector.grizzly.ReadTask.doTask(ReadTask.java:264)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:281)
at com.sun.enterprise.web.connector.grizzly.WorkerThread.run(WorkerThread.java:83)
|#]just to make it clearer, the important Exception seems to be the following line:
java.io.NotSerializableException: javax.security.auth.login.LoginContext
The first thought of mine was to add an implements Serializable to the class, but that's not possible, because the class is read-only.
So does anyone know, how this could be solved? -
JAAS Exception : javax.security.auth.login.FailedLoginException: Password
Hi All,
I am using JBOSS 4.0.5 GA Application Server. Eclipse3.0 IDE. Using JAAS 1.0 for authentication in login module.
While it is running under command prompt it was running successfully as below.......................
F:\Sample_Jaas1>java myapp.SomeStandAloneClient
Logging in user: testUser
Inside initialize method of SampleLoginModule
Inside login method of SampleLoginModule
Before call to callback handler
After call to call back handler
[SampleLoginModule] user entered username: testUser
[SampleLoginModule] user entered password: testPassword
[SampleLoginModule] authentication succeeded
[SampleLoginModule] added SamplePrincipal to Subject
Successfully logged in user: testUser
User logged in successfull
//Login.java
final String authFile = "Some.config";
System.out.println("Before setting system properties");
System.setProperty("java.security.auth.login.config", authFile);
System.out.println("After setting system properties");
MyCallbackHandler handler = new MyCallbackHandler(username,password);
try {
LoginContext lc = new LoginContext("someXYZLogin",handler);
System.out.println("Instantiate Login Context");
lc.login();
//*****when i am calling lc.login() method it is throwing the exceptions***
System.out.println("After calling login method");
System.out.println("Successfully logged in user: " + username);
} catch (LoginException le) {
System.out.println("Login failed");
le.printStackTrace();
//Some.config ---Config file
someXYZLogin{
dao.SampleLoginModule required debug=true;
//SampleLoginModule.java
public boolean login() throws LoginException {
System.out.println("Inside login method of SampleLoginModule");
if (callbackHandler == null)
throw new LoginException("Error: no CallbackHandler available " +
"to garner authentication information from the user");
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("SampleModule username: ");
callbacks[1] = new PasswordCallback("SampleModule password: ", false);
try {
System.out.println("Before call to callback handler");
callbackHandler.handle(callbacks);
username = ((NameCallback)callbacks[0]).getName();
char[] tmpPassword = ((PasswordCallback)callbacks[1]).getPassword();
System.out.println("After call to call back handler");
if (tmpPassword == null) {
// treat a NULL password as an empty password
tmpPassword = new char[0];
password = new char[tmpPassword.length];
System.arraycopy(tmpPassword, 0,
password, 0, tmpPassword.length);
((PasswordCallback)callbacks[1]).clearPassword();
} catch (java.io.IOException ioe) {
throw new LoginException(ioe.toString());
} catch (UnsupportedCallbackException uce) {
throw new LoginException("Error: " + uce.getCallback().toString() +
" not available to garner authentication information " +
"from the user");
When it was running with JBOSS Server it is throwing the following exception:
09:45:21,484 ERROR [STDERR] javax.security.auth.login.FailedLoginException: Pass
word Incorrect/Password Required
09:45:21,484 ERROR [STDERR] at org.jboss.security.auth.spi.UsernamePasswordL
oginModule.login(UsernamePasswordLoginModule.java:213)
09:45:21,500 ERROR [STDERR] at org.jboss.security.auth.spi.UsersRolesLoginMo
dule.login(UsersRolesLoginModule.java:152)
09:45:21,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke0(
Native Method)
09:45:21,500 ERROR [STDERR] at sun.reflect.NativeMethodAccessorImpl.invoke(U
nknown Source)
09:45:21,500 ERROR [STDERR] at sun.reflect.DelegatingMethodAccessorImpl.invo
ke(Unknown Source)
09:45:21,500 ERROR [STDERR] at java.lang.reflect.Method.invoke(Unknown Sourc
e)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke
(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.access
$000(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext$4.run(
Unknown Source)
09:45:21,500 ERROR [STDERR] at java.security.AccessController.doPrivileged(N
ative Method)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.invoke
Module(Unknown Source)
09:45:21,500 ERROR [STDERR] at javax.security.auth.login.LoginContext.login(
Unknown Source)
Please tell me any body what might be the problem.....
Thanks in AdvanceFranky Ronald D'Souza wrote:
I am trying to connect to SQL Server 2000 from a JSP (Weblogic 7.0) using a
connection pool. (Without datasource etc). I am getting the above mentioned
exception.
If i connect through sun.jdbc.odbc it works fine. I dont know what i am
doing wrong. Can anyone help out with this problem.Whose SQLServer drier are you using? Can you connect to the DBMS using the
driver in a simple standalone program?
Joe
>
>
thnx in advance.
Franky -
OIM 9.1.0.1 on JBOSS 4.2.3GA javax.security.auth.login.LoginException: jav
ERROR,11 Feb 2009 15:39:42,453,[XELLERATE.JBOSSLOGINHANDLER],Error in creating l
ogin context
javax.security.auth.login.LoginException: java.lang.NoSuchFieldError: TRACE
at org.jboss.logging.Log4jLoggerPlugin.isTraceEnabled(Log4jLoggerPlugin.
java:85)
at org.jboss.logging.Logger.isTraceEnabled(Logger.java:122)
at org.jboss.security.ClientLoginModule.initialize(ClientLoginModule.jav
a:96)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
86)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
80)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.jbossLoginHandler.login(Unknown Source
at Thor.API.Security.ClientLoginUtility.login(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.internalLogin(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.login(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.<init>(Unknown Source)
at com.thortech.xl.client.base.tcAppWindow.main(Unknown Source)Backup the original file log4j-1.2.8.jar in oimclient/xlclient/ext
copy the log4j.jar from JBOSS folder - JBOSS/server/default
Paste the file in client folder with original log4j-1.2.8.jar
Rename log4j.jar file to log4j-1.2.8.jar
start ur JBOSS.. this shd work.
AKSHAY
Edited by: user640639 on Feb 11, 2009 12:20 PM -
Authentication Failed: User xelsysadm javax.security.auth.login.FailedLogin
Hi All,
I have an critical ssue to be solved on Production environemt :(,
we have oim installed on cluster in production(OIM11g installed on server ), the configuration is as mentioned below
cluster 1--oim1,soa1--server1--holds admin server
cluster 2--oim2,soa2--server2--managed server and no admin server
This instance was working fine, we had to restart the server machine for some reason and i am not able to start OIM server :( after that.
following is the exception i get when i start the OIM server , Please help :(
2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.weblogic.listeners.ADFApplicationLifecycleListener] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFApplicationLifecycleListener.preStop. Cleaning up Application caches.
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Clean up Application Caches
[2011-05-13T13:42:29.585+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[2011-05-13T13:42:29.600+05:30] [wls_oim1] [NOTIFICATION] [] [oracle.adf.share.config.ADFConfigFactory] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] ADFConfigFactory.cleanUpApplicationCaches. Calling ADF Config instance implementation: class oracle.adf.share.config.MDSConfigImpl.releaseResources()
[*2011-05-13T13:42:30.193+05:30] [wls_oim1] [ERROR] [] [OIM Authenticator] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Error while retrieving user xelsysadm*
*[2011-05-13T13:42:30.224+05:30] [wls_oim1] [ERROR] [IAM-0020011] [oracle.iam.platform.auth.client] [tid: [ACTIVE].ExecuteThread: '6' for queue: 'weblogic.kernel.Default (self-tuning)'] [userId: <anonymous>] [ecid: 0000IzcQVWHFo2w6wFNa6G1DhbE300075k,0] [APP: oim#11.1.1.3.0] Login Exception encountered when trying to login as admin {0}[[*
*javax.security.auth.login.LoginException: javax.security.auth.login.LoginException: java.lang.SecurityException: [Security:090304]Authentication Failed: User xelsysadm javax.security.auth.login.FailedLoginException: [Security:090302]Authentication Failed: User xelsysadm denied*
at weblogic.security.auth.login.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:684)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at Thor.API.Security.LoginHandler.weblogicLoginHandler.login(weblogicLoginHandler.java:62)
at oracle.iam.platform.OIMClient.login(OIMClient.java:134)
at oracle.iam.platform.OIMClient.login(OIMClient.java:114)
at oracle.iam.platform.OIMInternalClient.loginAsAdmin(OIMInternalClient.java:69)
at oracle.iam.scheduler.impl.util.SchedulerUtil.getSchedulerService(SchedulerUtil.java:735)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.resetRunningJobStatus(SchedulerStartupServlet.java:247)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.stopScheduler(SchedulerStartupServlet.java:123)
at oracle.iam.scheduler.webapp.SchedulerStartupServlet.destroy(SchedulerStartupServlet.java:261)
at weblogic.servlet.internal.StubSecurityHelper$ServletDestroyAction.run(StubSecurityHelper.java:303)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.StubSecurityHelper.destroyServlet(StubSecurityHelper.java:81)
at weblogic.servlet.internal.StubLifecycleHelper.destroyOneInstance(StubLifecycleHelper.java:144)
at weblogic.servlet.internal.StubLifecycleHelper.destroy(StubLifecycleHelper.java:134)
at weblogic.servlet.internal.ServletStubImpl.destroy(ServletStubImpl.java:438)
at weblogic.servlet.internal.WebAppServletContext.destroyServlets(WebAppServletContext.java:3232)
at weblogic.servlet.internal.WebAppServletContext.destroy(WebAppServletContext.java:3192)
at weblogic.servlet.internal.ServletContextManager.destroyContext(ServletContextManager.java:241)
at weblogic.servlet.internal.HttpServer.unloadWebApp(HttpServer.java:461)
at weblogic.servlet.internal.WebAppModule.destroyContexts(WebAppModule.java:1540)
at weblogic.servlet.internal.WebAppModule.deactivate(WebAppModule.java:513)
at weblogic.application.internal.flow.ModuleStateDriver$2.previous(ModuleStateDriver.java:389)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.ModuleStateDriver.deactivate(ModuleStateDriver.java:141)
at weblogic.application.internal.flow.ScopedModuleDriver.deactivate(ScopedModuleDriver.java:207)
at weblogic.application.internal.flow.ModuleListenerInvoker.deactivate(ModuleListenerInvoker.java:261)
at weblogic.application.internal.flow.DeploymentCallbackFlow$2.previous(DeploymentCallbackFlow.java:538)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:182)
at weblogic.application.internal.flow.DeploymentCallbackFlow.deactivate(DeploymentCallbackFlow.java:175)
at weblogic.application.internal.BaseDeployment$2.previous(BaseDeployment.java:1281)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:167)
at weblogic.application.utils.StateMachineDriver.previousState(StateMachineDriver.java:160)
at weblogic.application.internal.BaseDeployment.deactivate(BaseDeployment.java:453)
at weblogic.application.internal.EarDeployment.deactivate(EarDeployment.java:58)
at weblogic.application.internal.DeploymentStateChecker.deactivate(DeploymentStateChecker.java:199)
at weblogic.deploy.internal.targetserver.AppContainerInvoker.deactivate(AppContainerInvoker.java:98)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivate(BasicDeployment.java:263)
at weblogic.deploy.internal.targetserver.BasicDeployment.deactivateFromServerLifecycle(BasicDeployment.java:458)
at weblogic.management.deploy.internal.DeploymentAdapter$1.doDeactivate(DeploymentAdapter.java:74)
at weblogic.management.deploy.internal.DeploymentAdapter.deactivate(DeploymentAdapter.java:215)
at weblogic.management.deploy.internal.AppTransition$6.transitionApp(AppTransition.java:67)
at weblogic.management.deploy.internal.ConfiguredDeployments.transitionApps(ConfiguredDeployments.java:240)
at weblogic.management.deploy.internal.ConfiguredDeployments.deactivate(ConfiguredDeployments.java:199)
at weblogic.management.deploy.internal.ConfiguredDeployments.undeploy(ConfiguredDeployments.java:191)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownApps(DeploymentServerService.java:195)
at weblogic.management.deploy.internal.DeploymentServerService.shutdownHelper(DeploymentServerService.java:127)
at weblogic.application.ApplicationShutdownService.stop(ApplicationShutdownService.java:106)
at weblogic.t3.srvr.ServerServicesManager.stopInternal(ServerServicesManager.java:495)
at weblogic.t3.srvr.ServerServicesManager.stop(ServerServicesManager.java:316)
at weblogic.t3.srvr.T3Srvr.shutdown(T3Srvr.java:1036)
at weblogic.t3.srvr.T3Srvr.gracefulShutdown(T3Srvr.java:939)
at weblogic.t3.srvr.GracefulShutdownRequest.run(GracefulShutdownRequest.java:41)
at weblogic.work.ContextWrap.run(ContextWrap.java:41)
at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:528)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:201)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:173)
Thanks in advanceAgreed with all above pointers.
I think you have to raise SR with oracle, because it is prod environment.
If you still want to do some R&D.
1. Also check this URL might help, but not sure.
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAJCEEF
http://download.oracle.com/docs/cd/E21764_01/doc.1111/e14308/handlinglcm.htm#CIAEFAGF
2. Restart all servers (along with Admin server and DB). -
Javax.security.auth.AuthPermission createLoginContext.Userpass
Hi,
I am working on authentication using JAAS.
I have created small application and calling it in one of the jsp file. When I try to access the jsp I am getting the following error:
createLoginContext.Userpass : access denied
(javax.security.auth.AuthPermission createLoginContext.Userpass)
When i run the java application it is authenticating the user but when I try to run it by calling it from JSP it is giving the above error.
I have java.policy file and I have modified that too and it is able to give permissions to all the jar file accept the one which I have created.
Can any body suggest how to give permission to (javax.security.auth.AuthPermission createLoginContext.Userpass).
Edited by: Vaibhav818 on Jun 30, 2008 2:54 AMThe error occurs because you don't grant createLoginContext permission to the Sample jar file in your policy file or you do but you don't specify your policy file. Below is example for authorization sample.
grant codebase "file:./SampleAzn.jar" {
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAsPrivileged";
Cheers
Zi -
Javax.security.auth.login.LoginException: Cannot authenticate X509(Urgent!)
I'm trying to sign my messages between client & webservice using X509 certificates. I've created a keystore and imported:
privatekey1, certificate1(public key) and trustedCertAuthority that published certificates.
I've configured webservice & client to use that keystore and privatekey1 to sign request/response, but web service keeps throwing following exception:
javax.security.auth.login.LoginException: Cannot authenticate X509 certificate, User EMAILADDRESS=[email protected], CN=testUser, ... does not exist in our system
How can I configure web service to find that certificate?
Thnx for help.Yes, I did. I found the problem..
I had also checked to Authenticate with X509 certificate... and obviously I should somehow set the Securtiy provider, although, I don't know how (but it's not so important right now).
But I do have another question - how can I use private key & public key in certificate X509 to encrypt messages. In the sample you mentioned, it's written that there shoud be separate key for signature & encryption, but I have separate keystores for client (with client private key & server public certificate) and for server (with server private key & client certificate). But I can't get it to work... It seems to me that in that case signature key alias at service should be the same as key needed to decrypt the message?
Am i missing something again?
Thanks. -
Javax.security.auth.Subject and weblogic.security.acl.User
Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions?Hello,
We are trying to move some old authentication code (Weblogic 5.1) to JAAS
which comes with Weblogic 6.1. Here is my problem:
I can succesfully authenticate the Subject through my RDBMS Realm. But then, the rest of my code uses weblogic.security.acl.User
and not javax.security.auth.Subject for authorization and other tasks. So, how can I extract weblogic.security.acl.User from javax.security.auth.Subject?
I tried subject.getPrincipals(), since User indirectly implements Principal, but it comes back empty.
Any suggestions? -
Oracle 9I JAAS problem: javax.security.auth.login.LoginException
I have problem with Oracle 9IAS JAAS. I got "javax.security.auth.login.LoginException: unable to find LoginModule class" no matter where I put the classfile, either on JVM options(-cp), WAR file, or add it on the Web Admin, or manually edit 9iAS's configuration file.
None works, any one can help, I am using JDK1.3
I had the same problem on Tomcat, but I solved the problem by put the Class in the the JVM's classpath. But for 9iAS, it just ain't work.
Thank you for the helpBet you have solved this, but
the right place for jaas related stuff is
as installed extension i.e:
jre/lib/ext
where jaas.jar and jars containing login modules should be located.
/Kullervo -
Javax.security.auth.login.LoginException: No LoginModules configured
Hi all,
I am trying out the implementation of custom login module with a j2ee web application.
I followed this<a href="http://help.sap.com/saphelp_nw04/helpdata/en/b9/9482887ddb3e47bd1a738c3e900195/frameset.htm">link</a>to create the login module.
When i run the application i get the error-
javax.security.auth.login.LoginException: No LoginModules configured for MyLoginModule.
This exception is pointing to my servlet where i've written the code-
LoginContext lc = new LoginContext("MyLoginModule");
try {
// start authentication
lc.login();
// user authenticated successfully
} catch (LoginException le) {
throw new Exception("Error authenticating user");
where <i>MyLoginModule</i> is the name of the custom login module i have implemented and registered in the security provider!
Message was edited by:
swarnadeepika subramanianHi,
this is the code in my login module class-
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map sharedState, Map options)
this.callbackHandler = callbackHandler;
this.subject = subject;
this.sharedState = sharedState;
this.options = options;
this.successful = false;
this.nameSet = false;
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[1];
callbacks[0] = new HttpGetterCallback();
((HttpGetterCallback) callbacks[0]).setType(HttpCallback.REQUEST_PARAMETER);
((HttpGetterCallback) callbacks[0]).setName("username");
try {
callbackHandler.handle(callbacks);
} catch (UnsupportedCallbackException e) {
return false;
} catch (IOException e) {
throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);
//Returns an array of all request parameters with name "user_name".
String[] requestParameters = (String[]) ((HttpGetterCallback) callbacks[0]).getValue();
if ((requestParameters != null) && requestParameters.length > 0) {
userName = requestParameters[0];
if (userName == null) {
throwNewLoginException("No user name provided.");
try {
refreshUserInfo(userName);
} catch (SecurityException e) {
throwUserLoginException(e);
String prefix = (String) options.get("user_name_prefix");
if ((prefix != null) && !userName.startsWith(prefix))
throwNewLoginException("The user is not trusted.");
if (sharedState.get(AbstractLoginModule.NAME) == null) {
sharedState.put(AbstractLoginModule.NAME, userName);
nameSet = true;
successful = true;
return true;
public boolean commit() throws LoginException {
if (successful)
Principal principal = new Principal(userName);
subject.getPrincipals().add(principal);
if (nameSet)
sharedState.put(AbstractLoginModule.PRINCIPAL, principal);
else
userName = null;
return true;
public boolean abort() throws LoginException
if (successful)
userName = null;
successful = false;
return true;
public boolean logout() throws LoginException
if (successful)
subject.getPrincipals(Principal.class).clear();
successful = false;
return true;
From my understanding, this module gets the value that i enter in the(basic authentication) window and compares it with the prefix tat is set in the visual admin
am i right?
Can you elaborate about the HttpCallBackHandler? without understanding the code i dont think debugging is possible!
Regards
Deepika. -
Javax.security.auth.login.LoginException: No LoginModules configured for
Hi,
Iam implementing the JAAS API for the application security. I am getting the "javax.security.auth.login.LoginException: No LoginModules configured for "example"" exception.
The exception is thrown from the line -
LoginContext lc = new LoginContext("example", cbh);
I tried to debug by getting the config entry -
AppConfigurationEntry[] entries = config.getAppConfigurationEntry("example");
and "entries" is returning null.
the contents of jaas.config are -
example {
login.model.security.RdbmsLoginModule required debug="true" url="jdbc:oracle:thin://ha9-webdbs4:1528/OD40?user=xxx&password=xxx" driver="oracle.jdbc.driver.OracleDriver";
the entry for the jaas.config in the java.security file- (Tried both)
login.config.url.1=file:${java.home}/lib/security/jaas.config
java.security.auth.login.config=file:${java.home}/lib/security/jaas.config
The solutions I tried till now -
1. Hardcoding the value of "java.security.auth.login.config".
2. Starting the app server with the arguments
"-Djava.security.auth.login.config={PATH OF JAAS CONF}"
Nothing is working.
If anyone knows the solution, please share your ideas.
Thanks In Advance.
SR.Hi,
the following worked for me
-Djava.security.auth.login.config=src//oracle//sample//jaastester//jaasTestConfig.txt
where the policy file is located in the SRC folder of the JDeveloper project
Frank -
Javax.security.auth.login.LoginException:
Hi,
I am trying to set Windows Desktop SSO.
I am configuring kerberos and i got the following in the kdc.log:
PREAUTH_FAILED: HTTP/[email protected] for kadmin/[email protected], Preauthentication failed
and from the amAuthWindowsSSO the following:
javax.security.auth.login.LoginException: Pre-authentication information was invalid (24) - Preauthentication failed
Can anyone help me to get this fixed?
Thanks,
Scottynobody knows?
-
Javax.security.auth.login.LoginException : unable to locate JNDI user provi
i'm facing a problem regarding the jndiloginmodule.
even before connecting to the ldap server it says unable to locate jndi user provider. i have given the user.provider.url and also group.provider.url in the config file, but the (map)options is not recogonizing it.
sample {
com.sun.security.auth.module.JndiLoginModule required
user.provider.url = "ldap://localhost:389/cn=Manager,o=stooges"
group.provider.url = "ldap://localhost/cn=Manager,o=stooges" debug=true;
this is the config file
userProvider = (String)options.get(USER_PROVIDER);
groupProvider = (String)options.get(GROUP_PROVIDER);
these are the lines that should retrieve the userProvider, and the groupProvider but they are not. they are receiving null.
can any please help me.
thanx in advance
shani found what the problem was,
in JndiLoginModule.java
there is no need to declare a variable USER_PROVIDER and provide it as an argument to (map) options for getting the user.provider.url.
just replace USER_PROVIDER with "user.provider.url" and same with group provider also.
thats it.
thanx -
Hi All,
I have a custom security class (deployed in an application) that uses JAAS
to login, i have to set the Configuration in my security handler like this
Configuration.setConfiguration(new MyConfiguration());
This fails with
java.lang.SecurityException: No Permission to set the Configuration
How do i give this class the permission to set configuration???
Thanks,
Akonobody knows?
-
How does the Class javax.security.auth.Subject work?
Hi,
i don't understand how does the class Subject work.
First i will describe how do i understand u can use the class Subject
This is the way you can create a Subject(i think):
1. create a LoginContext, where u can tell over its parameter which
Module to use
2. a LoginModule will be used
3. now the LoginModule create a Subject
if this steps right--> ok, else--> please write how it really works
Now the questions:
1. Where do the LoginModule get the username and stuff like this from
to fill the Subjects? Principals?
2. Where will be the Subject save, at server or at client side?
when save on server: how to reference a Subject is belong to the
right Client?
when save on client: how to ensure the client do not modify it?
3. In the documentation of JavaTM 2 Platform Std. Ed. v1.4.1, there is
no advice, that the class have any FIELDS, but then where the
principals are saved?
4. The Class Subject do not have any methodes to modify the principals,
so how to modify it if necessary?
i think this is enough for the beginnig :)
thanx,
edoHi
Let me try to answer. I am a bit confused too.
Hi,
i don't understand how does the class Subject work.
First i will describe how do i understand u can use
the class Subject
This is the way you can create a Subject(i think):
1. create a LoginContext, where u can tell over its
parameter which
Module to use
2. a LoginModule will be used
3. now the LoginModule create a Subject
Correct.if this steps right--> ok, else--> please write how it
really works
Now the questions:
1. Where do the LoginModule get the username and stuff
like this from
to fill the Subjects? Principals?
The Loginmodule does not need the user name. The username is
only relevant to your application not to JAAS. Consider a standaalone
application. Whoever starts the application, becomes the user.
After you start the application, and login (whatever way), your subject
is created. This subject pertains to the person who is executing the application, not the application specific userid/username. So the user id or name is not required. There is only one user, who is running the application. The JAAS architecture is more relevant for UNIX like
permission/grant structure, which determines who can execute what.
>
2. Where will be the Subject save, at server or at
client side?
Again the Subject has nothing to do with your application specific userid. It will be there in the LoginContext. So in a sense a LoginContext is actually a user, not a Subject.
when save on server: how to reference a Subject is
is belong to the
right Client?
when save on client: how to ensure the client do
do not modify it?
In a client server mode, usually the login is done twice. You have to find a way to communicate the subject to the server.3. In the documentation of JavaTM 2 Platform Std. Ed.
v1.4.1, there is
no advice, that the class have any FIELDS, but then
en where the
principals are saved?
4. The Class Subject do not have any methodes to
modify the principals,
so how to modify it if necessary?
I think you can add Principals. That is definitely there.i think this is enough for the beginnig :)
thanx,
edo
Hope this helps. As of now I do not think JAAS provides a very good architecture for authorization.
cheers
Projyal
Maybe you are looking for
-
Hello All, Here is the situation: PO for 10 lb @ $10/lb Tax 10% Cash Discount - $ 10 if paid within 10 days. GR for 10 lb Invoice for 10 lb @ $10 = 100 (invoice posted as gross invoice) Tax - $ 10 Total $ 110 At Payment Vendor bank gets $ 99 ($100-
-
Mbpr won't boot up, stuck on white screen with apple logo when I turn it on
This morning I noticed the apple logo on the outer shell of my mac was lit up, I thought this was very odd because the lid was closed and like all laptops when thier lids are shut the display ect. are supposed to switch off/go to standby? Anyway I qu
-
I am trying to optimise my Database code. At step one I make a fetch on the data by getting all the info about all States in my Country table. Now having got a reference to this resultSet, I want to narrow down the ResultSet to contain rows only for
-
What is aperture's working color space
When I print from Aperture 2.1 or 2.1.1 to my Canon ipf5000 and use Aperture's print dialogue to set the colorsync profile to me printer/paper profile, prints are very dark and have a yellow cast. I don't experience this problem with Apple Preview or
-
Passing the parameter in online
hi bw gurus, i want to pass the parameter in online.for example i have assigned one query to two different users.so the end users would able to access the parameter (variables) and they should able to store it.so in future they should able to view