geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Dellert" <bdell...@rcn.com>
Subject Custom LoginModule classloading issue in gernimo 2.0.2
Date Tue, 18 Dec 2007 19:55:07 GMT
Hi.

I have created a simple custom login module which uses the principal created 
by the standard PropertiesFileLoginModule and adds a principal containing a 
group (which is looked up in a DB).  I have configured a security realm in 
the geronimo-application.xml contained in my application ear file including 
both of these login modules as follows:

    <gbean name="my-realm" 
class="org.apache.geronimo.security.realm.GenericSecurityRealm"
           xsi:type="dep:gbeanType" 
xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">my-realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config 
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUISITE" 
wrap-principals="false">
                    <log:login-domain-name>my-properties-file</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
                    <log:option 
name="usersURI">var/security/users.properties</log:option>
                    <log:option 
name="groupsURI">var/security/groups.properties</log:option>
                </log:login-module>
                <log:login-module control-flag="OPTIONAL" 
wrap-principals="false">
                    <log:login-domain-name>my-sql-role</log:login-domain-name>
                    <log:login-module-class>my.company.security.realm.providers.SqlRoleLoginModule</log:login-module-class>
                    <log:option name="roleSelect">SELECT username, 
group_name FROM user_groups WHERE username=?</log:option>
                    <log:option 
name="dataSourceApplication">null</log:option>
                    <log:option name="dataSourceName">MyPool</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>

Further, I have packaged the 
"my.company.security.realm.providers.SqlRoleLoginModule" class in a jar file 
(my-login-module-1.0.jar).  I have tried the following approaches to get 
this login module to load:

   - Added my-login-module-1.0.jar to the root of my ear file.

   - Added my-login-module-1.0.jar to the root of my ear file and added this 
jar file to the MANIFEST classpath of an ejb-jar file which is also in the 
ear file.

   - Added my-login-module-1.0.jar to the geronimo repository by placing it 
in the repository/my/company/my-login-module/1.0/my-login-module-1.0.jar
     and added the following dependency to the dependency list in the 
environment section of my geronimo-application.xml file:

           <dependency>
                <groupId>my.company</groupId>
                <artifactId>my-login-module</artifactId>
                <version>1.0</version>
                <type>jar</type>
            </dependency>

I am attempting to connect/authenicate in a remote JVM by setting up the 
JNDI context and performing an EJB lookup as follows:

  Properties p = new Properties();
  p.put(Context.INITIAL_CONTEXT_FACTORY,
  "org.openejb.client.RemoteInitialContextFactory");
  p.put(Context.PROVIDER_URL, "ejbd://localhost:4201");
  p.put("openejb.authentication.realmName", "my-realm");
  p.put(Context.SECURITY_PRINCIPAL, "my_username");
  p.put(Context.SECURITY_CREDENTIALS, "my_password");
  InitialContext ctx = new InitialContext(p);
  Object obj = ctx.lookup("MyBusinessBeanRemote");

In all cases, I get the following error:

Caused by: javax.security.auth.login.LoginException: unable to find 
LoginModule class: my.company.security.realm.providers.SqlRoleLoginModule in 
classloader org.apache.geronimo.configs/openejb/2.0.2/car
[INFO]  at 
javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
[INFO]  at 
javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
[INFO]  at 
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
[INFO]  at java.security.AccessController.doPrivileged(Native Method)
[INFO]  at 
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
[INFO]  at 
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
[INFO]  at 
org.apache.geronimo.security.ContextManager.login(ContextManager.java:77)
[INFO]  at 
org.apache.geronimo.openejb.GeronimoSecurityService.login(GeronimoSecurityService.java:52)
[INFO]  at 
org.apache.openejb.server.ejbd.AuthRequestHandler.processRequest(AuthRequestHandler.java:56)
[INFO]  at 
org.apache.openejb.server.ejbd.EjbDaemon.processAuthRequest(EjbDaemon.java:172)
[INFO]  at 
org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:130)
[INFO]  at 
org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:84)
[INFO]  at 
org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:60)
[INFO]  at 
org.apache.openejb.server.ServiceLogger.service(ServiceLogger.java:73)
[INFO]  at 
org.apache.openejb.server.ServiceAccessController.service(ServiceAccessController.java:55)
[INFO]  at 
org.apache.openejb.server.ServiceDaemon$1.run(ServiceDaemon.java:117)
[INFO]  at java.lang.Thread.run(Thread.java:619)

I know that the dependency is getting at least recognized at ear deployment 
time since, if I remove the login module jar file from the geronimo 
repository, the deployment of the ear fails.

The only way I have been able to get the class to load is by placing it in 
the lib/ext directory of my JRE installation, which doesn't seem like the 
correct approach.  I am using geronimo 2.0.2 on Windows XP and the 1.6.0_03 
Sun JVM.  Any help with resolving this issue, and getting geronimo to 
correctly load this login module class, would be greatly appreciated.  If 
any additional information is needed, please let me know.  Thanks.

- Brian

Mime
View raw message