Skip to main content


Eclipse Community Forums

      Home
Home » Eclipse Projects » Virgo » Jaas login module service
Jaas login module service [message #660200] Thu, 17 March 2011 06:37 Go to next message
Eclipse UserFriend
Hi,

I am migrating my non-osgi project to virgo and I am having trouble using jaas authentication in virgo.
I have 2 questions regarding virgo and jaas.

a. I have my own jaas LoginModule implementation and I want virgo to authenticate the administration user that connects to Web Servers using that implementation.
I have changed the org.eclipse.virgo.kernel.authentication.config file to use my class:

virgo-kernel {
acme.security.MyLoginModule REQUIRED;
};

and exposed my class to the service registry, but how do I tell virgo to reference that service and use it for authentication ?

b. I am using the ActiveMQ bundle as my jms implementation and I want it to use my jaas login module as well but I am getting an exception saying the class cannot be found in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1].
I have tried asking about this exception in the activemq forum and I was told that JAAS does not work in OSGi, and I need to use a specific integration layer in order to make that work. Does virgo have somthing like this ?

Here is the full exception stacktrace:
10:34:45.262 [ActiveMQ Transport: tcp:///127.0.0.1:51561] WARN o.a.a.broker.TransportConnection - Failed to add Connection
java.lang.SecurityException: User name or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.addCon nection(JaasAuthenticationBroker.java:83) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.BrokerFilter.addConnection(Broker Filter.java:85) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.MutableBrokerFilter.addConnection (MutableBrokerFilter.java:91) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection.processAddCon nection(TransportConnection.java:694) [bundlefile:5.4.1]
at org.apache.activemq.broker.jmx.ManagedTransportConnection.pr ocessAddConnection(ManagedTransportConnection.java:83) [bundlefile:5.4.1]
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionI nfo.java:137) [bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection.service(Trans portConnection.java:309) [bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection$1.onCommand(T ransportConnection.java:185) [bundlefile:5.4.1]
at org.apache.activemq.transport.TransportFilter.onCommand(Tran sportFilter.java:69) [bundlefile:5.4.1]
at org.apache.activemq.transport.WireFormatNegotiator.onCommand (WireFormatNegotiator.java:113) [bundlefile:5.4.1]
at org.apache.activemq.transport.InactivityMonitor.onCommand(In activityMonitor.java:228) [bundlefile:5.4.1]
at org.apache.activemq.transport.TransportSupport.doConsume(Tra nsportSupport.java:83) [bundlefile:5.4.1]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTran sport.java:219) [bundlefile:5.4.1]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransp ort.java:201) [bundlefile:5.4.1]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
Caused by: javax.security.auth.login.LoginException: unable to find LoginModule class: acme.security.MyLoginModule in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1]
at javax.security.auth.login.LoginContext.invoke(LoginContext.j ava:808) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(LoginConte xt.java:186) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.ja va:683) ~[na:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(LoginConte xt.java:680) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.ja va:579) ~[na:1.6.0_24]
at org.apache.activemq.security.JaasAuthenticationBroker.addCon nection(JaasAuthenticationBroker.java:76) ~[bundlefile:5.4.1]

Thanks,
Jacob
Re: Jaas login module service [message #660211 is a reply to message #660200] Thu, 17 March 2011 07:58 Go to previous messageGo to next message
Eclipse UserFriend
Virgo does not register its login module as a service. Take a look at the hits in the search.

Have you already compared the code of your login module with Virgo's?
Re: Jaas login module service [message #660214 is a reply to message #660211] Thu, 17 March 2011 08:12 Go to previous messageGo to next message
Eclipse UserFriend
I don't need the LoginModule for virgo to be a service but I do need it to reference another service for database queries.
Is it possible to change the LoginModule used by virgo ?
If it is possible how is it done and can the new LoginModule use services from the Registry ?

About my second question, are you aware of a way that I can use a custom login module for activemq in Virgo ?
Re: Jaas login module service [message #660221 is a reply to message #660214] Thu, 17 March 2011 08:52 Go to previous messageGo to next message
Eclipse UserFriend
Jacob wrote on Thu, 17 March 2011 12:12
I don't need the LoginModule for virgo to be a service but I do need it to reference another service for database queries.
Is it possible to change the LoginModule used by virgo ?

It should be. Just start with Virgo's login module and make sure you can rename it and use it in place of Virgo's. Then change it incrementally and re-test often.
Quote:
If it is possible how is it done and can the new LoginModule use services from the Registry ?

The login module configuration is passed to the Java startup using "-Djava.security.auth.login.config", so the JRE is going to load the login module class and so it won't have access to a bundle context or the service registry.

Note that the JAR containing the login module needs to appear on the JREs classpath. We do this for the Virgo login module by putting the JAR in the lib directory.
Quote:
About my second question, are you aware of a way that I can use a custom login module for activemq in Virgo ?

I'm sorry, but I'm not aware of how to do that.
Re: Jaas login module service [message #660709 is a reply to message #660221] Mon, 21 March 2011 06:17 Go to previous messageGo to next message
Eclipse UserFriend
My problem is that the ActiveMQ bundle cannot find the class acme.security.MyLoginModule( unable to find LoginModule class: acme.security.MyLoginModule in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1] )

because it doesn't have the proper import, is it possible to use the org.osgi.framework.bootdelegation property to solve that problem? how is it defined in virgo ?
Re: Jaas login module service [message #660767 is a reply to message #660709] Mon, 21 March 2011 10:14 Go to previous messageGo to next message
Eclipse UserFriend
Look in $VIRGO_HOME/lib/java6-server.profile

You also have to make sure that anything you specify in org.osgi.framework.bootdelegation property is available on the classpath of virgo.

Virgo scans lib directory for all the jars there and adds them to the -cp during start up. If you need to add other locations or directories you can do it with creating a setenv.sh/bat file in bin folder and set-up $CLASSPATH variable there.

i.e.

CLASSPATH=$CLASSPATH:/some/directory:/some/dir/jar.file.jar

Regards,
Dmitry
Re: Jaas login module service [message #660786 is a reply to message #660767] Mon, 21 March 2011 11:36 Go to previous messageGo to next message
Eclipse UserFriend
Thanks, I will check it out.
Re: Jaas login module service [message #665594 is a reply to message #660786] Fri, 15 April 2011 04:22 Go to previous messageGo to next message
Eclipse UserFriend
Did you solve your problem?
Re: Jaas login module service [message #1698244 is a reply to message #665594] Fri, 12 June 2015 08:47 Go to previous message
Eclipse UserFriend
To work around a similar problem I:

1. Resorted to adding this entry to my OSGi bundle's /META-INF/MANIFEST.MF file

DynamicImport-Package: *


This completely corrupts the OSGi container's bundle wiring but is necessary if you want to support loading any JAAS LoginModule deployed in the OSGi container.

2. In the code where the LoginContext is constructed, I set the Thread.currentThread().setClassLoaderContext to be my bundle's classloader

ClassLoader myBundleClassloader = 
		Thread.currentThread().getContextClassLoader();

Class<SomeClassInMyBundle> classFromBundle = 
		SomeClassInMyBundle.class;

ClassLoader classloaderWithSomeClassFromBundle = classFromBundle.getClassLoader();

Thread.currentThread().setContextClassLoader(
		classloaderWithSomeClassFromBundle);

final String applicationName = "myapp";
LoginContext lc;
try {

	lc = new LoginContext(applicationName, subject, 
			jaasCallbackHandler, configuration);

} catch (LoginException e) {

	LOGGER.error("LoginContext#<init> failed because LoginException,
		username="+ suppliedUsername, e);
	return false;

} finally {
	Thread.currentThread().setContextClassLoader(myBundleClassloader);
}

try {
	lc.login();
	LOGGER.info("login success for username=" + suppliedUsername);
	return true;
} catch (LoginException e) {

	LOGGER.error("LoginContext#login failed because LoginException,
		username="+ suppliedUsername, e);

	return false;
}
Previous Topic:Virgo doesn't start if installed in a path containing a space
Next Topic:Virgo 3.6.3 and Java 8 support
Goto Forum:
  


Current Time: Tue May 20 06:42:09 EDT 2025

Powered by FUDForum. Page generated in 0.05566 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top

Sign up to our Newsletter

A fresh new issue delivered monthly