geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Brian Dellert" <bdell...@rcn.com>
Subject Re: Custom LoginModule classloading issue in gernimo 2.0.2
Date Tue, 18 Dec 2007 21:34:03 GMT
If this is the case, is there somewhere I can put the 
my-login-module-1.0.jar such that the OpenEJB class loader can load it?  It 
seems like this might be a bug in 2.0.2.  If so, I'm wondering if there is 
some recommended workaround.  Thanks.

- Brian


----- Original Message ----- 
From: "Aaron Mulder" <ammulder@alumni.princeton.edu>
To: <user@geronimo.apache.org>
Sent: Tuesday, December 18, 2007 3:46 PM
Subject: Re: Custom LoginModule classloading issue in gernimo 2.0.2


> It's curious that, from the error, it appears to be looking for the
> security realm in the OpenEJB class loader (which I guess is receiving
> the remote call) instead of the application's class loader.  Perhaps
> the context class loader should be set by e.g.
> EjbDaemon.processAuthRequest?
>
> Thanks,
>       Aaron
>
> On Dec 18, 2007 2:55 PM, Brian Dellert <bdellert@rcn.com> wrote:
>> Hi.
>>
>> I have created a simple custom login module which uses the principal 
>> created
>> by the standard PropertiesFileLoginModule and adds a principal containing 
>> a
>> group (which is looked up in a DB).  I have configured a security realm 
>> in
>> the geronimo-application.xml contained in my application ear file 
>> including
>> both of these login modules as follows:
>>
>>     <gbean name="my-realm"
>> class="org.apache.geronimo.security.realm.GenericSecurityRealm"
>>            xsi:type="dep:gbeanType"
>> xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
>>            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>>         <attribute name="realmName">my-realm</attribute>
>>         <reference name="ServerInfo">
>>             <name>ServerInfo</name>
>>         </reference>
>>         <xml-reference name="LoginModuleConfiguration">
>>             <log:login-config
>> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
>>                 <log:login-module control-flag="REQUISITE"
>> wrap-principals="false">
>> 
>> <log:login-domain-name>my-properties-file</log:login-domain-name>
>> 
>> <log:login-module-class>org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</log:login-module-class>
>>                     <log:option
>> name="usersURI">var/security/users.properties</log:option>
>>                     <log:option
>> name="groupsURI">var/security/groups.properties</log:option>
>>                 </log:login-module>
>>                 <log:login-module control-flag="OPTIONAL"
>> wrap-principals="false">
>> 
>> <log:login-domain-name>my-sql-role</log:login-domain-name>
>> 
>> <log:login-module-class>my.company.security.realm.providers.SqlRoleLoginModule</log:login-module-class>
>>                     <log:option name="roleSelect">SELECT username,
>> group_name FROM user_groups WHERE username=?</log:option>
>>                     <log:option
>> name="dataSourceApplication">null</log:option>
>>                     <log:option name="dataSourceName">MyPool</log:option>
>>                 </log:login-module>
>>             </log:login-config>
>>         </xml-reference>
>>     </gbean>
>>
>> Further, I have packaged the
>> "my.company.security.realm.providers.SqlRoleLoginModule" class in a jar 
>> file
>> (my-login-module-1.0.jar).  I have tried the following approaches to get
>> this login module to load:
>>
>>    - Added my-login-module-1.0.jar to the root of my ear file.
>>
>>    - Added my-login-module-1.0.jar to the root of my ear file and added 
>> this
>> jar file to the MANIFEST classpath of an ejb-jar file which is also in 
>> the
>> ear file.
>>
>>    - Added my-login-module-1.0.jar to the geronimo repository by placing 
>> it
>> in the repository/my/company/my-login-module/1.0/my-login-module-1.0.jar
>>      and added the following dependency to the dependency list in the
>> environment section of my geronimo-application.xml file:
>>
>>            <dependency>
>>                 <groupId>my.company</groupId>
>>                 <artifactId>my-login-module</artifactId>
>>                 <version>1.0</version>
>>                 <type>jar</type>
>>             </dependency>
>>
>> I am attempting to connect/authenicate in a remote JVM by setting up the
>> JNDI context and performing an EJB lookup as follows:
>>
>>   Properties p = new Properties();
>>   p.put(Context.INITIAL_CONTEXT_FACTORY,
>>   "org.openejb.client.RemoteInitialContextFactory");
>>   p.put(Context.PROVIDER_URL, "ejbd://localhost:4201");
>>   p.put("openejb.authentication.realmName", "my-realm");
>>   p.put(Context.SECURITY_PRINCIPAL, "my_username");
>>   p.put(Context.SECURITY_CREDENTIALS, "my_password");
>>   InitialContext ctx = new InitialContext(p);
>>   Object obj = ctx.lookup("MyBusinessBeanRemote");
>>
>> In all cases, I get the following error:
>>
>> Caused by: javax.security.auth.login.LoginException: unable to find
>> LoginModule class: my.company.security.realm.providers.SqlRoleLoginModule 
>> in
>> classloader org.apache.geronimo.configs/openejb/2.0.2/car
>> [INFO]  at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:808)
>> [INFO]  at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
>> [INFO]  at
>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
>> [INFO]  at java.security.AccessController.doPrivileged(Native Method)
>> [INFO]  at
>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
>> [INFO]  at
>> javax.security.auth.login.LoginContext.login(LoginContext.java:579)
>> [INFO]  at
>> org.apache.geronimo.security.ContextManager.login(ContextManager.java:77)
>> [INFO]  at
>> org.apache.geronimo.openejb.GeronimoSecurityService.login(GeronimoSecurityService.java:52)
>> [INFO]  at
>> org.apache.openejb.server.ejbd.AuthRequestHandler.processRequest(AuthRequestHandler.java:56)
>> [INFO]  at
>> org.apache.openejb.server.ejbd.EjbDaemon.processAuthRequest(EjbDaemon.java:172)
>> [INFO]  at
>> org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:130)
>> [INFO]  at
>> org.apache.openejb.server.ejbd.EjbDaemon.service(EjbDaemon.java:84)
>> [INFO]  at
>> org.apache.openejb.server.ejbd.EjbServer.service(EjbServer.java:60)
>> [INFO]  at
>> org.apache.openejb.server.ServiceLogger.service(ServiceLogger.java:73)
>> [INFO]  at
>> org.apache.openejb.server.ServiceAccessController.service(ServiceAccessController.java:55)
>> [INFO]  at
>> org.apache.openejb.server.ServiceDaemon$1.run(ServiceDaemon.java:117)
>> [INFO]  at java.lang.Thread.run(Thread.java:619)
>>
>> I know that the dependency is getting at least recognized at ear 
>> deployment
>> time since, if I remove the login module jar file from the geronimo
>> repository, the deployment of the ear fails.
>>
>> The only way I have been able to get the class to load is by placing it 
>> in
>> the lib/ext directory of my JRE installation, which doesn't seem like the
>> correct approach.  I am using geronimo 2.0.2 on Windows XP and the 
>> 1.6.0_03
>> Sun JVM.  Any help with resolving this issue, and getting geronimo to
>> correctly load this login module class, would be greatly appreciated.  If
>> any additional information is needed, please let me know.  Thanks.
>>
>> - Brian
>> 

Mime
View raw message