Return-Path: Delivered-To: apmail-jackrabbit-dev-archive@www.apache.org Received: (qmail 27981 invoked from network); 13 May 2008 11:19:17 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 13 May 2008 11:19:17 -0000 Received: (qmail 93775 invoked by uid 500); 13 May 2008 11:19:18 -0000 Delivered-To: apmail-jackrabbit-dev-archive@jackrabbit.apache.org Received: (qmail 93740 invoked by uid 500); 13 May 2008 11:19:18 -0000 Mailing-List: contact dev-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@jackrabbit.apache.org Delivered-To: mailing list dev@jackrabbit.apache.org Received: (qmail 93729 invoked by uid 99); 13 May 2008 11:19:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 May 2008 04:19:18 -0700 X-ASF-Spam-Status: No, hits=-2000.0 required=10.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 May 2008 11:18:40 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id C3605234C10F for ; Tue, 13 May 2008 04:18:55 -0700 (PDT) Message-ID: <1357467650.1210677535798.JavaMail.jira@brutus> Date: Tue, 13 May 2008 04:18:55 -0700 (PDT) From: "Michal Borowiecki (JIRA)" To: dev@jackrabbit.apache.org Subject: [jira] Commented: (JCR-1584) JAAS login fails with javax.jcr.LoginException: CallbackHandler does not support: javax.security.auth.callback.NameCallback In-Reply-To: <1898199848.1210335055812.JavaMail.jira@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/JCR-1584?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12596358#action_12596358 ] Michal Borowiecki commented on JCR-1584: ---------------------------------------- I have narrowed this down to the code in the login method od RepositoryImpl: if (credentials == null) { // null credentials, obtain the identity of the already-authenticated // subject from access control context AccessControlContext acc = AccessController.getContext(); Subject subject = Subject.getSubject(acc); if (subject != null) { return createSession(subject, workspaceName); } } // login either using JAAS or our own LoginModule AuthContext authCtx; LoginModuleConfig lmc = repConfig.getLoginModuleConfig(); if (lmc == null) { authCtx = new AuthContext.JAAS(repConfig.getAppName(), credentials); } else { authCtx = new AuthContext.Local( lmc.getLoginModule(), lmc.getParameters(), credentials); } authCtx.login(); AuthContext.JAAS.login() is only called if Subject.getSubject(acc) returns null. I verifed it and in fact is returns null in my code as well. The code using the repository is in an ejb module. The security-domain is configured in jboss.xml and works correctly. Perhaps some more configuration is required? I'll try to investigate. > JAAS login fails with javax.jcr.LoginException: CallbackHandler does not support: javax.security.auth.callback.NameCallback > --------------------------------------------------------------------------------------------------------------------------- > > Key: JCR-1584 > URL: https://issues.apache.org/jira/browse/JCR-1584 > Project: Jackrabbit > Issue Type: Bug > Affects Versions: 1.4 > Environment: jackrabbit-jca-1.4.rar > JBoss-4.0.5.GA > jdk1.6 > Reporter: Michal Borowiecki > > Security configured according to http://wiki.apache.org/jackrabbit/JackrabbitOnJbossSecurity > login() is invoked on Repository with no Credentials in order to use JAAS (according to JCR specification section 6.9.1 JAAS), like this: > Session session = repository.login(); > An exception is thrown: > javax.resource.ResourceException: Failed to create session: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1 > at org.apache.jackrabbit.jca.JCAManagedConnectionFactory.openSession(JCAManagedConnectionFactory.java:145) > at org.apache.jackrabbit.jca.JCAManagedConnectionFactory.createManagedConnection(JCAManagedConnectionFactory.java:176) > at org.apache.jackrabbit.jca.JCAManagedConnectionFactory.createManagedConnection(JCAManagedConnectionFactory.java:168) > at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.createConnectionEventListener(InternalManagedConnectionPool.java:565) > at org.jboss.resource.connectionmanager.InternalManagedConnectionPool.getConnection(InternalManagedConnectionPool.java:250) > at org.jboss.resource.connectionmanager.JBossManagedConnectionPool$BasePool.getConnection(JBossManagedConnectionPool.java:529) > at org.jboss.resource.connectionmanager.BaseConnectionManager2.getManagedConnection(BaseConnectionManager2.java:341) > at org.jboss.resource.connectionmanager.TxConnectionManager.getManagedConnection(TxConnectionManager.java:301) > at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateConnection(BaseConnectionManager2.java:396) > at org.jboss.resource.connectionmanager.BaseConnectionManager2$ConnectionManagerProxy.allocateConnection(BaseConnectionManager2.java:842) > at org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:98) > at org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:89) > at org.apache.jackrabbit.jca.JCARepositoryHandle.login(JCARepositoryHandle.java:65) > ... > Caused by: javax.jcr.LoginException: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1 > at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1240) > at org.apache.jackrabbit.jca.JCAManagedConnectionFactory.openSession(JCAManagedConnectionFactory.java:140) > ... 139 more > Caused by: javax.security.auth.login.LoginException: CallbackHandler does not support: javax.security.auth.callback.NameCallback@1b012c1 > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:299) > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:181) > at sun.reflect.GeneratedMethodAccessor324.invoke(Unknown Source) > at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > at java.lang.reflect.Method.invoke(Method.java:597) > at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769) > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) > at javax.security.auth.login.LoginContext.login(LoginContext.java:579) > at org.apache.jackrabbit.core.security.AuthContext$JAAS.login(AuthContext.java:88) > at org.apache.jackrabbit.core.RepositoryImpl.login(RepositoryImpl.java:1232) > ... 140 more > Caused by: javax.security.auth.callback.UnsupportedCallbackException: Unrecognized Callback > at org.apache.jackrabbit.core.security.CredentialsCallbackHandler.handle(CredentialsCallbackHandler.java:68) > at javax.security.auth.login.LoginContext$SecureCallbackHandler$1.run(LoginContext.java:955) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.login.LoginContext$SecureCallbackHandler.handle(LoginContext.java:951) > at org.jboss.security.auth.spi.UsernamePasswordLoginModule.getUsernameAndPassword(UsernamePasswordLoginModule.java:280) > ... 152 more -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.