Topic
1 reply Latest Post - ‏2014-01-30T21:53:13Z by Pich
Pich
Pich
9 Posts
ACCEPTED ANSWER

Pinned topic ClassCastException when trying to get JAAS authentication data

‏2013-11-25T18:16:49Z |

Hello all

I am doing a web server migration to WLP, so need to port existing JAAS support. configured the following login module for a programmatic login, note that the jar files are in the same location as the web server plugin:

<bundleRepository>
<fileset dir="plugins"/>
</bundleRepository>

<library id="JaasLoginModuleLib" name="JaasLoginModuleLib"
        description="Required libraries for JAAS login modules">
        <fileset dir="plugins"
            includes="JaasLoginModules.jar,com.x.c.jar" />
    </library>
    <jaasLoginModule className="com.x.JaasLoginModuleImpl" id="Jaas2" libraryRef="JaasLoginModuleLib">
        <options debug="false" />
    </jaasLoginModule>

<jaasLoginContextEntry id="Jaas2" name="Jaas2"
        loginModuleRef="Jaas2" />

That login module authenticates the user successfully and fills up a subject with principals and private/public credentials, the problem is when I try to get that info out and use it within my web app. The following call returns null:

Set<UserPrincipal> userPrincipalSet = subject.getPrincipals( principalClass );      

After I debugged it i noticed that the object is actually there, so I forced getting it out but when doing the cast got a funny exception:

java.lang.ClassCastException: com.x.c.UserPrincipal incompatible with com.x.c.UserPrincipal

After inspecting both classes, it seems that the authentication is done in another vm, I am not surprised since the server.xml file needed the jars to be specified in addition to the bundle plugins:

class com.x.c.UserPrincipal (id=1182)

org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader@9aa4a8d7[com.x.c:1.0.1000.local-20131001105214(id=261)]

vmRef: 587173632

 

class com.x.c.UserPrincipal (id=1409)

com.ibm.ws.classloading.internal.AppClassLoader@cc15d920

vmRef: 590113536

 

Am I using it correctly? Is there a way to specify JAAS to run and load the class from the osgi framework in the server.xml? If not, how can I get and use the authentication objects in my web app?

Thank you