1 Reply Latest reply on Jan 15, 2013 5:19 AM by bmateus

    Jboss Negotiation 2.1.1 and EJB3 Authentication

    bmateus

      Hi all,

       

      I have the following setup:

      • JBoss Negotiation 2.1.1
      • AD on Windows Server 2003
      • JBoss 4.2.3 on Windows Server 2008 R2
      • Client IE8 on Windows 7

       

      My main goal is to have SSO on my app (after a user is authenticated on the domain no username/password is required to access my app)

       

      I'm able to execute the Negotation Toolkit app successfully (all the three tests). I also successfully configured JBoss Negotiation on my app and I can access it transparently.

       

      My problem is related with EJB3 authentication. My EJBs have the following

       

       

      {code}

      @SecurityDomain("CORECOMPETENCE")

      (...)

      @RolesAllowed({"admin", "private"})

      {code}

       

      I have the following error

       

       

       

      {code}

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - Security domain: CORECOMPETENCE

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - removeRealmFromPrincipal=true

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - serverSecurityDomain=host

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] DEBUG org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - usernamePasswordDomain=null

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - login

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.negotiation.spnego.SPNEGOLoginModule  - abort

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] TRACE org.jboss.security.plugins.JaasSecurityManager.CORECOMPETENCE  - Login failure

      javax.security.auth.login.LoginException: No NegotiationContext and no usernamePasswordDomain defined.

                at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.innerLogin(SPNEGOLoginModule.java:188)

                at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:138)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                at java.lang.reflect.Method.invoke(Method.java:597)

                at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

                at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

                at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)

                at java.security.AccessController.doPrivileged(Native Method)

                at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)

                at javax.security.auth.login.LoginContext.login(LoginContext.java:579)

                at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)

                at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)

                at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)

                at org.jboss.aspects.security.AuthenticationInterceptor.authenticate(AuthenticationInterceptor.java:123)

                at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:66)

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)

                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)

                at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)

                at $Proxy373.findAllForListing(Unknown Source)

                at com.criticalsoftware.corecompetence.stripes.action.appraisal.AppraisalActionBean.appraisal(AppraisalActionBean.java:104)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

       

      (...)

       

       

      2013-01-14 18:30:52,339 [http-0.0.0.0-8080-1] ERROR com.criticalsoftware.webcore.stripes.exceptions.DefaultExceptionHandler  - Authentication failure

      javax.ejb.EJBAccessException: Authentication failure

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.handleGeneralSecurityException(Ejb3AuthenticationInterceptor.java:68)

                at org.jboss.aspects.security.AuthenticationInterceptor.invoke(AuthenticationInterceptor.java:70)

                at org.jboss.ejb3.security.Ejb3AuthenticationInterceptor.invoke(Ejb3AuthenticationInterceptor.java:110)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:46)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.asynchronous.AsynchronousInterceptor.invoke(AsynchronousInterceptor.java:106)

                at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:101)

                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:240)

                at org.jboss.ejb3.stateless.StatelessContainer.localInvoke(StatelessContainer.java:210)

                at org.jboss.ejb3.stateless.StatelessLocalProxy.invoke(StatelessLocalProxy.java:84)

                at $Proxy373.findAllForListing(Unknown Source)

                at com.criticalsoftware.corecompetence.stripes.action.appraisal.AppraisalActionBean.appraisal(AppraisalActionBean.java:104)

                at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

                at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

                at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

                at java.lang.reflect.Method.invoke(Method.java:597)

                at net.sourceforge.stripes.controller.DispatcherHelper$6.intercept(DispatcherHelper.java:445)

                at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:157)

                at net.sourceforge.stripes.controller.BeforeAfterMethodInterceptor.intercept(BeforeAfterMethodInterceptor.java:107)

                at net.sourceforge.stripes.controller.ExecutionContext.proceed(ExecutionContext.java:154)

                at net.sourceforge.stripes.controller.ExecutionContext.wrap(ExecutionContext.java:73)

                at net.sourceforge.stripes.controller.DispatcherHelper.invokeEventHandler(DispatcherHelper.java:443)

                at net.sourceforge.stripes.controller.DispatcherServlet.invokeEventHandler(DispatcherServlet.java:241)

                at net.sourceforge.stripes.controller.DispatcherServlet.doPost(DispatcherServlet.java:154)

                at net.sourceforge.stripes.controller.DispatcherServlet.doGet(DispatcherServlet.java:61)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)

                at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)

                at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)

       

      {code}

       

       

      I downloaded the code and using breakpoints I detected that when I execute the EJBs, the NegotiationAuthenticator is executed and the authenticator method authenticate returns true. After this the SPNEGOLoginModule is executed and the login method returns false, because no negotiation context is available (SPNEGOLoginModule.java innerLogin method).

       

       

      *Why is the login module executed if the authenticator method returns true?*

       

      I tried to follow the instructions on https://community.jboss.org/wiki/EJB3AuthenticationWithSPNEGO with no success.

       

       

      *Does anyone was able to setup EJB3 authentication on JBoss 4.2.x?*

       

      If required I can post my configuration.

       

      Thanks.

        • 1. Re: Jboss Negotiation 2.1.1 and EJB3 Authentication
          bmateus

          Hello everyone, any ideas?

           

          When using EJB3 Authentication anyone knows if there are additional steps that must be performed to configure JBoss Negotiation 2.1.1 on JBoss 4.2.x?


          When the user is already authenticated, when acessing an EJB, the NegotationAuthenticator authenticate method returns true. Why the SPNEGOLoginModule is executed?

           

          Thanks.