Eclipse Community Forums: Virgo » Jaas login module service

Help

Home

Home » Eclipse Projects » Virgo » Jaas login module service

Show: Today's Messages :: Show Polls :: Message Navigator

Jaas login module service [message #660200]

Thu, 17 March 2011 10:37

Jacob Hameiri

Messages: 43
Registered: December 2010

Member

Hi,

I am migrating my non-osgi project to virgo and I am having trouble using jaas authentication in virgo.
I have 2 questions regarding virgo and jaas.

a. I have my own jaas LoginModule implementation and I want virgo to authenticate the administration user that connects to Web Servers using that implementation.
I have changed the org.eclipse.virgo.kernel.authentication.config file to use my class:

virgo-kernel {
acme.security.MyLoginModule REQUIRED;
};

and exposed my class to the service registry, but how do I tell virgo to reference that service and use it for authentication ?

b. I am using the ActiveMQ bundle as my jms implementation and I want it to use my jaas login module as well but I am getting an exception saying the class cannot be found in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1].
I have tried asking about this exception in the activemq forum and I was told that JAAS does not work in OSGi, and I need to use a specific integration layer in order to make that work. Does virgo have somthing like this ?

Here is the full exception stacktrace:
10:34:45.262 [ActiveMQ Transport: tcp:///127.0.0.1:51561] WARN o.a.a.broker.TransportConnection - Failed to add Connection
java.lang.SecurityException: User name or password is invalid.
at org.apache.activemq.security.JaasAuthenticationBroker.addCon nection(JaasAuthenticationBroker.java:83) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.BrokerFilter.addConnection(Broker Filter.java:85) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.MutableBrokerFilter.addConnection (MutableBrokerFilter.java:91) ~[bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection.processAddCon nection(TransportConnection.java:694) [bundlefile:5.4.1]
at org.apache.activemq.broker.jmx.ManagedTransportConnection.pr ocessAddConnection(ManagedTransportConnection.java:83) [bundlefile:5.4.1]
at org.apache.activemq.command.ConnectionInfo.visit(ConnectionI nfo.java:137) [bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection.service(Trans portConnection.java:309) [bundlefile:5.4.1]
at org.apache.activemq.broker.TransportConnection$1.onCommand(T ransportConnection.java:185) [bundlefile:5.4.1]
at org.apache.activemq.transport.TransportFilter.onCommand(Tran sportFilter.java:69) [bundlefile:5.4.1]
at org.apache.activemq.transport.WireFormatNegotiator.onCommand (WireFormatNegotiator.java:113) [bundlefile:5.4.1]
at org.apache.activemq.transport.InactivityMonitor.onCommand(In activityMonitor.java:228) [bundlefile:5.4.1]
at org.apache.activemq.transport.TransportSupport.doConsume(Tra nsportSupport.java:83) [bundlefile:5.4.1]
at org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTran sport.java:219) [bundlefile:5.4.1]
at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransp ort.java:201) [bundlefile:5.4.1]
at java.lang.Thread.run(Thread.java:662) [na:1.6.0_24]
Caused by: javax.security.auth.login.LoginException: unable to find LoginModule class: acme.security.MyLoginModule in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1]
at javax.security.auth.login.LoginContext.invoke(LoginContext.j ava:808) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.access$000(LoginConte xt.java:186) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext$4.run(LoginContext.ja va:683) ~[na:1.6.0_24]
at java.security.AccessController.doPrivileged(Native Method) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.invokePriv(LoginConte xt.java:680) ~[na:1.6.0_24]
at javax.security.auth.login.LoginContext.login(LoginContext.ja va:579) ~[na:1.6.0_24]
at org.apache.activemq.security.JaasAuthenticationBroker.addCon nection(JaasAuthenticationBroker.java:76) ~[bundlefile:5.4.1]

Thanks,
Jacob

Report message to a moderator

Re: Jaas login module service [message #660211 is a reply to message #660200]

Thu, 17 March 2011 11:58

Glyn Normington

Messages: 1222
Registered: July 2009

Senior Member

Virgo does not register its login module as a service. Take a look at the hits in the search.

Have you already compared the code of your login module with Virgo's?

Report message to a moderator

Re: Jaas login module service [message #660214 is a reply to message #660211]

Thu, 17 March 2011 12:12

Jacob Hameiri

Messages: 43
Registered: December 2010

Member

I don't need the LoginModule for virgo to be a service but I do need it to reference another service for database queries.
Is it possible to change the LoginModule used by virgo ?
If it is possible how is it done and can the new LoginModule use services from the Registry ?

About my second question, are you aware of a way that I can use a custom login module for activemq in Virgo ?

Report message to a moderator

Re: Jaas login module service [message #660221 is a reply to message #660214]

Thu, 17 March 2011 12:52

Glyn Normington

Messages: 1222
Registered: July 2009

Senior Member

Jacob wrote on Thu, 17 March 2011 12:12

I don't need the LoginModule for virgo to be a service but I do need it to reference another service for database queries.
Is it possible to change the LoginModule used by virgo ?

It should be. Just start with Virgo's login module and make sure you can rename it and use it in place of Virgo's. Then change it incrementally and re-test often.

Quote:

If it is possible how is it done and can the new LoginModule use services from the Registry ?

The login module configuration is passed to the Java startup using "-Djava.security.auth.login.config", so the JRE is going to load the login module class and so it won't have access to a bundle context or the service registry.

Note that the JAR containing the login module needs to appear on the JREs classpath. We do this for the Virgo login module by putting the JAR in the lib directory.

Quote:

About my second question, are you aware of a way that I can use a custom login module for activemq in Virgo ?

I'm sorry, but I'm not aware of how to do that.

Report message to a moderator

Re: Jaas login module service [message #660709 is a reply to message #660221]

Mon, 21 March 2011 10:17

Jacob Hameiri

Messages: 43
Registered: December 2010

Member

My problem is that the ActiveMQ bundle cannot find the class acme.security.MyLoginModule( unable to find LoginModule class: acme.security.MyLoginModule in KernelBundleClassLoader: [bundle=org.apache.activemq.activemq-core_5.4.1] )

because it doesn't have the proper import, is it possible to use the org.osgi.framework.bootdelegation property to solve that problem? how is it defined in virgo ?

Report message to a moderator

Re: Jaas login module service [message #660767 is a reply to message #660709]

Mon, 21 March 2011 14:14

Dmitry Sklyut

Messages: 279
Registered: January 2010

Senior Member

Look in $VIRGO_HOME/lib/java6-server.profile

You also have to make sure that anything you specify in org.osgi.framework.bootdelegation property is available on the classpath of virgo.

Virgo scans lib directory for all the jars there and adds them to the -cp during start up. If you need to add other locations or directories you can do it with creating a setenv.sh/bat file in bin folder and set-up $CLASSPATH variable there.

i.e.

CLASSPATH=$CLASSPATH:/some/directory:/some/dir/jar.file.jar

Regards,
Dmitry

Report message to a moderator

Re: Jaas login module service [message #660786 is a reply to message #660767]

Mon, 21 March 2011 15:36

Jacob Hameiri

Messages: 43
Registered: December 2010

Member

Thanks, I will check it out.

Report message to a moderator

Re: Jaas login module service [message #665594 is a reply to message #660786]

Fri, 15 April 2011 08:22

dima

Messages: 2
Registered: April 2011

Junior Member

Did you solve your problem?

Report message to a moderator

Re: Jaas login module service [message #1698244 is a reply to message #665594]

Fri, 12 June 2015 12:47

Brian Brooks

Messages: 11
Registered: July 2009

Junior Member

To work around a similar problem I:

1. Resorted to adding this entry to my OSGi bundle's /META-INF/MANIFEST.MF file

DynamicImport-Package: *

This completely corrupts the OSGi container's bundle wiring but is necessary if you want to support loading any JAAS LoginModule deployed in the OSGi container.

2. In the code where the LoginContext is constructed, I set the Thread.currentThread().setClassLoaderContext to be my bundle's classloader

ClassLoader myBundleClassloader = 
		Thread.currentThread().getContextClassLoader();

Class<SomeClassInMyBundle> classFromBundle = 
		SomeClassInMyBundle.class;

ClassLoader classloaderWithSomeClassFromBundle = classFromBundle.getClassLoader();

Thread.currentThread().setContextClassLoader(
		classloaderWithSomeClassFromBundle);

final String applicationName = "myapp";
LoginContext lc;
try {

	lc = new LoginContext(applicationName, subject, 
			jaasCallbackHandler, configuration);

} catch (LoginException e) {

	LOGGER.error("LoginContext#<init> failed because LoginException,
		username="+ suppliedUsername, e);
	return false;

} finally {
	Thread.currentThread().setContextClassLoader(myBundleClassloader);
}

try {
	lc.login();
	LOGGER.info("login success for username=" + suppliedUsername);
	return true;
} catch (LoginException e) {

	LOGGER.error("LoginContext#login failed because LoginException,
		username="+ suppliedUsername, e);

	return false;
}

Report message to a moderator

Previous Topic:	Virgo doesn't start if installed in a path containing a space
Next Topic:	Virgo 3.6.3 and Java 8 support

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Apr 18 07:10:16 GMT 2024

.:: Contact :: Home ::.

Breadcrumbs

Sign up to our Newsletter