8 Replies Latest reply on Nov 18, 2010 10:01 AM by mbrizi

    User: null is NOT authenticated

    gbansal80 Oct 13, 2009 11:38 PM

      We are currently using JBoss v4.2.3.ga and have upgraded JBoss messaging to v 1.4.4 and JBoss remoting to v2.2.3.

      JMS messages are sent & received without any exceptions for initial 3-4 days. After that we are observing exception messages javax.jms.JMSSecurityException: User null is NOT authenticated , whenever we are trying to create the connection.

      We have seen that there is no deadlock on JBoss AS and other DB operations are working normally.

      We are using the following security domain for JMS

      <application-policy name="messaging">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      <module-option name = "dsJndiName">java:/DefaultDS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWD FROM JBM_USER WHERE USER_ID=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLE_ID, 'Roles' FROM JBM_ROLE WHERE USER_ID=?</module-option>
      </login-module>

      </application-policy>

      • 18218 Views
      • Tags:
        • 1. Re: User: null is NOT authenticated
          gaohoward
          gaohoward Oct 19, 2009 10:49 PM (in response to gbansal80)

          Hi,

          Do you have the stack trace and if you do can you please post here? Thanks.

          Howard

            • Actions
          • 2. Re: User: null is NOT authenticated
            bershath27
            bershath27 Oct 19, 2009 11:08 PM (in response to gbansal80)

            You'd normally encounter this problem, when your JBM/Persistence configuration is broken. I'd like to see what does the "messaging" application policy has to say on this. Hence, please add the following in your log4j configuration and obtain the logs:





            Cheers

              • Actions
            • 3. Re: User: null is NOT authenticated
              gbansal80 Oct 20, 2009 1:58 AM (in response to gbansal80)

              The exception stack trace is provided below:
              ===============================
              [org.jboss.jms.server.security.SecurityMetadataStore.authenticate(SecurityMetadataStore.java:200),
              org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233), org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171), org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(ConnectionFactoryAdvised.java:108), org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java), org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91), org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143), org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:862), org.jboss.remoting.transport.socket.ServerThread.processInvocation(ServerThread.java:609), org.jboss.remoting.transport.socket.ServerThread.dorun(ServerThread.java:421), org.jboss.remoting.transport.socket.ServerThread.run(ServerThread.java:174), org.jboss.remoting.MicroRemoteClientInvoker.invoke(MicroRemoteClientInvoker.java:182), org.jboss.remoting.Client.invoke(Client.java:1858), org.jboss.remoting.Client.invoke(Client.java:718), org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(ClientConnectionFactoryDelegate.java:178), org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java), org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:80), org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect0.invoke(StateCreationAspect0.java), org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java), org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java), org.jboss.jms.client.container.ClusteringAspect.handleCreateConnectionDelegate(ClusteringAspect.java:134), sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method), sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source), sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source), java.lang.reflect.Method.invoke(Unknown Source), org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121), org.jboss.jms.client.delegate.ClientClusteredConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientClusteredConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java), org.jboss.jms.client.delegate.ClientClusteredConnectionFactoryDelegate.createConnectionDelegate(ClientClusteredConnectionFactoryDelegate.java), org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205), org.jboss.jms.client.JBossConnectionFactory.createConnection(JBossConnectionFactory.java:87), org.jboss.jms.client.JBossConnectionFactory.createConnection(JBossConnectionFactory.java:82), com.avaya.sampleconsumer.JMSProducer.connect(JMSProducer.java:104), com.avaya.sampleconsumer.JMSProducer.main(JMSProducer.java:39)]

                • Actions
              • 4. Re: User: null is NOT authenticated
                gbansal80 Oct 20, 2009 1:59 AM (in response to gbansal80)

                Hi Tyronne Wickramarathne,

                You missed to attach the configuration to be added to log4j.xml file

                  • Actions
                • 5. Re: User: null is NOT authenticated
                  bershath27
                  bershath27 Oct 20, 2009 2:05 AM (in response to gbansal80)

                   

                  "gbansal80" wrote:
                  Hi Tyronne Wickramarathne,

                  You missed to attach the configuration to be added to log4j.xml file


                  my bad, i forgot to format the html elements. there you go : 
                  ....
<category name="org.jboss.security.plugins.JaasSecurityManager.messaging">
 <priority value="TRACE" class="org.jboss.logging.XLevel"></priority>
</category>
....


                  Cheers

                    • Actions
                  • 6. Re: User: null is NOT authenticated
                    gbansal80 Oct 27, 2009 6:55 AM (in response to gbansal80)

                    It seems that our code is performing logout action which is clearing Principal from cache because of NullPointerException is thrown (User Null Is Not Authenticated). The relevant portions of the stack trace are provided below:




                    2009-10-27 12:04:43,216 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] Begin isValid, principal:null, cache info: null
                    2009-10-27 12:04:43,216 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] defaultLogin, principal=null
                    2009-10-27 12:04:43,217 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] Login failure
                    javax.security.auth.login.LoginException: java.lang.NullPointerException
                    at com.avaya.security.authorization.common.AuthorizationUtil.publishMessage(AuthorizationUtil.java:369)
                    at com.avaya.security.authorization.client.AuthorizationClient.sendUserLogoutNotification(AuthorizationClient.java:1111)
                    at com.avaya.mgmt.console.framework.bean.CommonConsoleIdentity.logoutaction(CommonConsoleIdentity.java:368)



                    However I still have following questions:

                    1/ In case the principal=null, why can't guest credentials be used for sending the message. In the "messaging" application policy, it has been already configured that any unauthenticated user will assume "guest" credential ( <module-option name = "unauthenticatedIdentity">guest</module-option>
                    ) . So why in this case "guest" credentials are not used.
                    2/ Any reasons why this exception starts coming only after the system has been up for more than 2 days.

                    The complete stack trace is pasted below:

                    2009-10-27 12:04:43,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] doesUserHaveRole(Set), subject: Subject:
                    Principal: guest
                    Principal: Roles(members:john,guest,j2ee)

                    2009-10-27 12:04:43,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] roles=Roles(members:john,guest,j2ee)
                    2009-10-27 12:04:43,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] hasRole(guest)=true
                    2009-10-27 12:04:43,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] hasRole=true
                    2009-10-27 12:04:43,216 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] Begin isValid, principal:null, cache info: null
                    2009-10-27 12:04:43,216 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] defaultLogin, principal=null
                    2009-10-27 12:04:43,217 TRACE [org.jboss.security.plugins.JaasSecurityManager.messaging] Login failure
                    javax.security.auth.login.LoginException: java.lang.NullPointerException

                    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:872)
                    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
                    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
                    at java.security.AccessController.doPrivileged(Native Method)
                    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
                    at javax.security.auth.login.LoginContext.login(LoginContext.java:580)
                    at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
                    at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
                    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
                    at org.jboss.jms.server.security.SecurityMetadataStore.authenticate(SecurityMetadataStore.java:188)
                    at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegateInternal(ServerConnectionFactoryEndpoint.java:233)
                    at org.jboss.jms.server.endpoint.ServerConnectionFactoryEndpoint.createConnectionDelegate(ServerConnectionFactoryEndpoint.java:171)
                    at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.org$jboss$jms$server$endpoint$advised$ConnectionFactoryAdvised$createConnectionDelegate$aop(ConnectionFactoryAdvised.java:108)
                    at org.jboss.jms.server.endpoint.advised.ConnectionFactoryAdvised.createConnectionDelegate(ConnectionFactoryAdvised.java)
                    at org.jboss.jms.wireformat.ConnectionFactoryCreateConnectionDelegateRequest.serverInvoke(ConnectionFactoryCreateConnectionDelegateRequest.java:91)
                    at org.jboss.jms.server.remoting.JMSServerInvocationHandler.invoke(JMSServerInvocationHandler.java:143)
                    at org.jboss.remoting.ServerInvoker.invoke(ServerInvoker.java:862)
                    at org.jboss.remoting.transport.local.LocalClientInvoker.invoke(LocalClientInvoker.java:101)
                    at org.jboss.remoting.Client.invoke(Client.java:1858)
                    at org.jboss.remoting.Client.invoke(Client.java:718)
                    at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.org$jboss$jms$client$delegate$ClientConnectionFactoryDelegate$createConnectionDelegate$aop(ClientConnectionFactoryDelegate.java:178)
                    at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
                    at org.jboss.jms.client.container.StateCreationAspect.handleCreateConnectionDelegate(StateCreationAspect.java:80)
                    at org.jboss.aop.advice.org.jboss.jms.client.container.StateCreationAspect0.invoke(StateCreationAspect0.java)
                    at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
                    at org.jboss.jms.client.delegate.ClientConnectionFactoryDelegate.createConnectionDelegate(ClientConnectionFactoryDelegate.java)
                    at org.jboss.jms.client.container.ClusteringAspect.handleCreateConnectionDelegate(ClusteringAspect.java:134)
                    at sun.reflect.GeneratedMethodAccessor880.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at org.jboss.aop.advice.PerInstanceAdvice.invoke(PerInstanceAdvice.java:121)
                    at org.jboss.jms.client.delegate.ClientClusteredConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.invokeNext(ClientClusteredConnectionFactoryDelegate$createConnectionDelegate_N3019492359065420858.java)
                    at org.jboss.jms.client.delegate.ClientClusteredConnectionFactoryDelegate.createConnectionDelegate(ClientClusteredConnectionFactoryDelegate.java)
                    at org.jboss.jms.client.JBossConnectionFactory.createConnectionInternal(JBossConnectionFactory.java:205)
                    at org.jboss.jms.client.JBossConnectionFactory.createConnection(JBossConnectionFactory.java:87)
                    at org.jboss.jms.client.JBossConnectionFactory.createConnection(JBossConnectionFactory.java:82)
                    at com.avaya.security.authorization.common.AuthorizationUtil.publishMessage(AuthorizationUtil.java:369)
                    at com.avaya.security.authorization.client.AuthorizationClient.sendUserLogoutNotification(AuthorizationClient.java:1111)
                    at com.avaya.mgmt.console.framework.bean.CommonConsoleIdentity.logoutaction(CommonConsoleIdentity.java:368)
                    at sun.reflect.GeneratedMethodAccessor3950.invoke(Unknown Source)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:597)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:328)
                    at org.jboss.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:341)
                    at org.jboss.el.parser.AstPropertySuffix.invoke(AstPropertySuffix.java:58)
                    at org.jboss.el.parser.AstValue.invoke(AstValue.java:96)
                    at org.jboss.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:276)
                    at com.sun.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:68)
                    at com.sun.facelets.el.LegacyMethodBinding.invoke(LegacyMethodBinding.java:69)
                    at com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:102)
                    at org.apache.myfaces.trinidad.component.UIXCommand.broadcast(UIXCommand.java:190)
                    at javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:458)
                    at javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:763)
                    at com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:82)
                    at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:100)
                    at com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:118)
                    at javax.faces.webapp.FacesServlet.service(FacesServlet.java:265)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._invokeDoFilter(TrinidadFilterImpl.java:238)
                    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl._doFilterImpl(TrinidadFilterImpl.java:195)
                    at org.apache.myfaces.trinidadinternal.webapp.TrinidadFilterImpl.doFilter(TrinidadFilterImpl.java:138)
                    at org.apache.myfaces.trinidad.webapp.TrinidadFilter.doFilter(TrinidadFilter.java:92)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.apache.myfaces.webapp.filter.ExtensionsFilter.doFilter(ExtensionsFilter.java:147)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at com.avaya.panther.faces.util.ResourceInjectionFilter.doFilter(ResourceInjectionFilter.java:36)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:83)
                    at org.jboss.seam.web.LoggingFilter.doFilter(LoggingFilter.java:58)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.MultipartFilter.doFilter(MultipartFilter.java:85)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.ExceptionFilter.doFilter(ExceptionFilter.java:64)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.web.RedirectFilter.doFilter(RedirectFilter.java:44)
                    at org.jboss.seam.servlet.SeamFilter$FilterChainImpl.doFilter(SeamFilter.java:69)
                    at org.jboss.seam.servlet.SeamFilter.doFilter(SeamFilter.java:150)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
                    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
                    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
                    at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:182)
                    at com.avaya.security.iam.tomcat.HTTPAuthInterceptor.invoke(HTTPAuthInterceptor.java:1077)
                    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
                    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
                    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
                    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
                    at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:420)
                    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
                    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
                    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
                    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
                    at java.lang.Thread.run(Thread.java:619)

                      • Actions
                    • 7. Re: User: null is NOT authenticated
                      mbrizi
                      mbrizi Jul 16, 2010 8:54 AM (in response to gbansal80)

                      I have exactly the same problem and the same questions.

                      In my opinion the exception starts coming after Jaas Security Cache Timeout (see <attribute name="DefaultCacheTimeout"> in jboss-service.xml) that, in my case, is setted to 5 mins.

                      I've tried to disable security cache (DefaultCacheTimeout=0) but with this configuration the problem appears immediately.

                      Does anyone how to solve this error?

                        • Actions
                      • 8. Re: User: null is NOT authenticated
                        mbrizi
                        mbrizi Nov 18, 2010 10:01 AM (in response to gbansal80)

                        The problem I have described was caused by a deployed application that attempt to modify configured login modules in javax.security.auth.login.Configuration. After this operation the jmx-console login module is not available anymore and the authentication is available only before the DefaultCacheTimeout period (5 mins).

                        I hope this could help someone.

                          • Actions