TechQA.

Wildfly custom login module never gets executed?

3.3k views Asked by At

I have created a custom login module for my web application running in Wildfly 8.0. Here is the module:

package bmacs.auth;

import java.security.acl.Group;
import javax.security.auth.login.LoginException;
import org.jboss.security.SimpleGroup;
import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.spi.UsernamePasswordLoginModule;

public class BasicLoginModule extends UsernamePasswordLoginModule
{
    @Override
    protected String getUsersPassword() throws LoginException
    {
        System.out.println("custom getUsersPassword");
        System.out.format("MyLoginModule: authenticating user '%s'\n",
                getUsername());
        String password = super.getUsername();
        password = password.toUpperCase();
        return password;
    }

    @Override
    protected boolean validatePassword(String inputPassword,
            String expectedPassword)
    {
        System.out.println("custom validatePassword");
        String encryptedInputPassword = (inputPassword == null) ? null
                : inputPassword.toUpperCase();
        System.out.format(
                "Validating that (encrypted) input psw '%s' equals to (encrypted) '%s'\n"
                , encryptedInputPassword, expectedPassword);
        return true;
    }

    @Override
    protected Group[] getRoleSets() throws LoginException
    {
        System.out.println("custom getRoleSets");
        SimpleGroup group = new SimpleGroup("Roles");
        try {
            System.out.println("Search here group for user: "+super.getUsername());
            group.addMember(new SimplePrincipal("RoleReportEnrollmentViewer"));

        } catch (Exception e) {
            throw new LoginException("Failed to create group member for " + group);
        }
        return new Group[] { group };
    }
}

Here is my new security domain I added to standalone.xml

<security-domain name="simple-auth" cache-type="default">
                    <authentication>
                        <login-module code="bmacs.auth.BasicLoginModule" flag="required" module="login"/>
                    </authentication>
                </security-domain>

Here is my web app's jboss-web.xml, which references the security domain.

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain flushOnSessionInvalidation="true">simple-auth</security-domain>
</jboss-web>

When I try to login (through form authentication J_SECURITY_CHECK), it does nothing. The only thing that shows up in the log is these 2 lines, which isn't much help

16:55:09,622 TRACE [org.jboss.security] (default task-9) PBOX000200: Begin isValid, principal: org.wildfly.extension.undertow.security.AccountImpl$AccountPrincipal@c9c352bc, cache entry: null
16:55:09,625 TRACE [org.jboss.security] (default task-9) PBOX000354: Setting security roles ThreadLocal: null

What am I missing? The System.out.println statements in the custom login never print anything/not being executed.

java wildfly jaas
Original Q&A
3

There are 3 answers

0
carlos gil On

Check again the jboss-web.xml. I think that you have to setting the security roles in the xml. I give you a url that may help

https://stackoverflow.com/questions/29726261/form-based-authentication-in-wildfly-with-jsf

Tell me something if it works for you.

Regards.

1
Matej Liszka On

I also had an issue like that recently. Look at this WildFly bug created by me where you can find a workaround: WFLY-4761. Contact me if you need more help after reading the link.

Edit: As a reaction to comment of Newd I am adding little more description. There is a bug in WildFly 8.2.0 where unchecked exceptions in login modules are eaten. The workaround is patching picketbox-infinispan-4.0.21.Final.jar by modified class org.jboss.security.authentication.JBossCachedAuthenticationManager where runtime errors in the second part of implementation of defaultLogin method are caught and rethrown wrapped by LoginException. The original question was related to WildFly 8.0 where you have to do the same with older version picketbox-infinispan-4.0.20.Final.jar. Please note that the problem can be also caused by unsatisfied module dependencies (WildFly modules have to have their dependencies declared explicitly).

Once you patch the library, errors in your module start appearing in WildFly log file.

0
cyril On

you have to use a new authentication mechanism :

Wildfly Custom auth-method

you have to create a new class implements wildfly interface and in web.xml login config uses your new configuration ... you can also check in the imported sources class from wildfly : FormAuthenticationMecanism explanations form wildfly 9 but it is the same in wildfly 8

Related Questions in JAVA

Related Questions in WILDFLY

Related Questions in JAAS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions