JAAS + JBOSS 5.1 - getting exception while trying perform authentication

Hello friends,

This is first time I am implementing JAAS mechanism in my EJB3.0 + Jboss 5.1.0 applicaiton.
I really appreciate if anybody can guide me to resolve following exception which am getting while performing authentication through standalone Java application.

[LoginCallBackHandler] --> Username : bhavesh [LoginCallBackHandler] --> Password : [C@84abc9 javax.security.auth.login.LoginException: java.lang.IllegalStateException: Transaction Manager is null at org.jboss.security.auth.spi.DatabaseServerLoginModule.getUsersPassword(DatabaseServerLoginModule.java:158) at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:245) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.jboss.security.client.JBossSecurityClient.performJAASLogin(JBossSecurityClient.java:65) at org.jboss.security.client.SecurityClient.login(SecurityClient.java:69) at com.sample.ejb.security.TestEJBWithSecurity.main(TestEJBWithSecurity.java:41) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.jboss.security.client.JBossSecurityClient.performJAASLogin(JBossSecurityClient.java:65) at org.jboss.security.client.SecurityClient.login(SecurityClient.java:69) at com.sample.ejb.security.TestEJBWithSecurity.main(TestEJBWithSecurity.java:41)

Please find following client and server side configured xml and Java code.

CLIENT SIDE CONFIGURATION

sample_jaas.config

/** Login Configuration for the JAAS Sample Application **/ SampleAuth { org.jboss.security.auth.spi.DatabaseServerLoginModule required debug=true dsJndiName="java:/RoviDS" principalsQuery="select um.password from user_master um where username=?" rolesQuery="select rm.ROLE_NAME, 'Roles' from role_master rm, user_role_map urm where rm.id=urm.role_id and urm.user_id=?" ; };


LoginCallBackHandler.java

/** * @author bhaveshsh * */ public class LoginCallBackHandler implements CallbackHandler { private String username; private String password; public LoginCallBackHandler(String username, String password) { super(); this.username = username; this.password = password; } public void handle(Callback[] arg0) throws IOException, UnsupportedCallbackException { for(int i=0;i<arg0.length;i++){ if(arg0[i] instanceof NameCallback){ NameCallback nc = (NameCallback)arg0[i]; nc.setName(username); System.out.println("[LoginCallBackHandler] --> Username : " + nc.getName()); }else if(arg0[i] instanceof PasswordCallback){ PasswordCallback pc = (PasswordCallback)arg0[i]; pc.setPassword(password.toCharArray()); System.out.println("[LoginCallBackHandler] --> Password : " + pc.getPassword().toString()); }else{ throw new UnsupportedCallbackException(arg0[i],"Unrecognized callback"); } } } }

TestEJBWithSecurity.java "The test code"

public class TestEJBWithSecurity { static{ String authFile="D:/Caps/CapsWS/../sample_jaas.config"; System.setProperty("java.security.auth.login.config", authFile); } public static void main(String[] args) throws Exception{ //LoginContext loginContext = null; SecurityClient securityClient = null; try { LoginCallBackHandler loginCallBackHandler = new LoginCallBackHandler("user_with_role", "user_with_role_password"); //loginContext = new LoginContext("SampleAuth", loginCallBackHandler); //loginContext = new LoginContext("SampleAuth", loginCallBackHandler); securityClient = SecurityClientFactory.getSecurityClient(); securityClient.setJAAS("SampleAuth", loginCallBackHandler); securityClient.login(); //loginContext.login(); InitialContext context = new InitialContext(); UserServiceSSB service = (UserServiceSSB) context.lookup("UserServiceSSBImpl/remote"); User user = new User(); user.setUsername("Test"); user.setPassword("Test"); user.setCreationDate(new Date()); service.save(user); } catch (Exception e) { e.printStackTrace(); } finally{ //loginContext.logout(); securityClient.logout(); } } }


SERVER SIDE CONFIGURATION

%JBOSS_HOME%\server\default\conf\login-config.xml

<policy> <application-policy name="SampleAuth"> <authentication> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/XXXDS</module-option> <module-option name="principalsQuery"> select um.password from user_master um where username=? </module-option> <module-option name="rolesQuery"> select rm.ROLE_NAME, 'Roles' from role_master rm, user_role_map urm where rm.id=urm.role_id and urm.user_id=?; </module-option> <!-- <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">base64</module-option> --> </login-module> </authentication> </application-policy> </policy>

Note: One strange thing I have noticed it that I am not seeing java:/jaas/SampleAuth anywhere in JBoss Console log

Please help me where the problem is.

Gone through several resources over the net but not finding solution to this issue.

Thanks & Regards
Bhavesh

I don't understand why it requires transaction while executing select queries on database.
It seems I have to give up on this, no progress since last 3 days

Are you sure you want to use the DataBaseServerLoginModule on the client side (and not on server side)? That login module requires not just the transaction manager but also the datasource to be accessible on the client side.

Thanks Jai for response,

Are you sure you want to use the DataBaseServerLoginModule on the client side (and not on server side)?

If I do not use this module then what should be the best practice for client side security implementation. My application is going to be a standalone swing application.

That login module requires not just the transaction manager but also the datasource to be accessible on the client side

I have given data source information in config file as below
SampleAuth { org.jboss.security.auth.spi.DatabaseServerLoginModule required debug=true dsJndiName="java:/RoviDS" principalsQuery="select um.password from user_master um where username=?" rolesQuery="select rm.ROLE_NAME, 'Roles' from role_master rm, user_role_map urm where rm.id=urm.role_id and urm.user_id=?" ; };

I have read somewhere that transaction manager is not allowed to be used outside the container then how would I achieve this?

Perhaps you could write your own login module which doesn't require transaction manager and simply uses JDBC to do the authentication. By the way, you do know that the client side usually passes on the login info (username, password) to the server side (using ClientLoginModule) and doesn't do the real authentication, right? The server is then setup to do the authentication (maybe using DataBaseServerLoginModule for example) and authorization. That way, you don't really need the DataBaseServerLoginModule on the client side. This and this might be of some help.

Before your last post I just got your point of using ClientLoginModule which is enough as far as actual authentication happens at server side where I have used DataBaseServerLoginModule.

I am just done with implementation with ClientLoginModule and changed configuration file with just following,

client-auth{ org.jboss.security.ClientLoginModule required ; };

Now everything (authorization and authentication) is working smoothly with my EJB 3.0 modules.

You really rock Jai, Thanks for your help and Happy Independence day in advance .

Wish you the same!