cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

javax.security.auth.login.LoginException: No LoginModules configured

Go to solution
Former Member

on ‎11-21-2006 5:18 AM

0 Kudos

Hi all,

I am trying out the implementation of custom login module with a j2ee web application.

I followed this<a href="http://help.sap.com/saphelp_nw04/helpdata/en/b9/9482887ddb3e47bd1a738c3e900195/frameset.htm">link</a>to create the login module.

When i run the application i get the error-

javax.security.auth.login.LoginException: No LoginModules configured for MyLoginModule.

This exception is pointing to my servlet where i've written the code-

LoginContext lc = new LoginContext("MyLoginModule");
		try {

			  // start authentication

			  lc.login();

			// user authenticated successfully

		} catch (LoginException le) {

			 
throw new Exception("Error authenticating user");
		

		   }

where <i>MyLoginModule</i> is the name of the custom login module i have implemented and registered in the security provider!

Message was edited by:

swarnadeepika subramanian

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member182294
Active Contributor
‎11-21-2006 7:23 AM
0 Kudos

Hi Deepika,

Did you register the Login Module in J2EE Engine user store?

Regards

Abhilash

Show replies
Show replies
Former Member
‎11-21-2006 7:28 AM
0 Kudos

Yes i did!

I followed all the steps given in the link above.

In visual admin,am able to view the login module, when i added it for my component!

but it is not recognising it when i run the app!

My question is, shd i enter any other name in the login context other than "MyLoginModule"?

regards

Deepika

former_member182294
Active Contributor
‎11-21-2006 8:40 AM
0 Kudos

Hi,

Please make sure that you have added your login module as reference to your class loader of the Security Provider in Visual Administrator (restart the server after changing class loader settings) and then you need to add your application to use the Login module.

Regards

Abhilash

Former Member
‎11-21-2006 8:54 AM
0 Kudos

Hi,

yes, i added in the value

LoginModuleClassLoaders library:MyLoginModuleLibrary

in config tool and restarted the server.

but no luck!

regards

Deepika.

former_member182294
Active Contributor
‎11-21-2006 9:45 AM
0 Kudos

Hi,

The only possible reason could be the wrong reference, please make sure that..

Your generated Library project name and sda file name is <b>MyLoginModuleLibrary</b> and its deployed properly. If deployement is success the file should be available in

<b>%inst_dir%:\usr\sap\J2E\JC01\j2ee\cluster\server0\bin\ext\</b> and inside that your .jar file should be available.

And then recheck all login module references as per the document.

Regards

Abhilash

Former Member
‎11-21-2006 11:34 AM
0 Kudos

Hi,

My sda file is their in the folder,along with the jar file in it!

This time i'm getting a different error:

java.lang.Exception: Error authenticating user

The very same application is working perfectly with basic and form based authentication.But when i implement custom login module, something is goin wrong! Can someone elaborate the steps that has to be done in the web application's side besides the entry in the web-j2ee-engine.xml?Should anything else be done in the application?

Regards

Deepika.

former_member182294
Active Contributor
‎11-21-2006 12:22 PM
0 Kudos

I hope you are able use custom Login module. The new error is part of your custom logic I guess. Please paste the complete trace.

Regards

Abhilash

Former Member
‎11-21-2006 12:50 PM
0 Kudos

Hi,

Thanks for ur prompt replies!

I have set-up BASIC authentication method in the application(simple calculator)'s web.xml.

I'm getting the pop-up prompting for user name & passowrd( the login module shd allow all users whose id starts with 'admin')but irrespective of whatever id i give i'm getting the exception as given below--

<i>The error is: java.lang.InstantiationException: ID018236: Cannot instantiate bean. java.lang.ClassNotFoundException: class com.sap.examples.calculator.beans.CalcProxy : java.lang.Exception: Error authenticating user

Exception id: [001372736B7400500000002500000E3C000422C0323DDA79]#

#1.5#001372736B7400650000000800000E3C000422C050559292#1164109283608#com.sap.engine.services.httpserver##com.sap.engine.services.httpserver#anony#2####36c73e90795511dbb67a001372736b74#SAPEngine_Application_Thread[impl:3]_13##0#0#Error#1#/System/Server#Plain###User anony, IP address

HTTP request processing failed. HTTP error [401] will be returned. The error is [Authentication failed In details available].#

#1.5#001372736B74005C0000001A00000E3C000422C050E9DC72#1164109293327#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#sap.com/CalculatorEar#com.sap.engine.services.servlets_jsp.client.RequestInfoServer#127718#130####3c... HTTP request to servlet [jsp] finished with error. The error is: java.lang.InstantiationException: ID018236: Cannot instantiate bean. java.lang.ClassNotFoundException: class com.sap.examples.calculator.beans.CalcProxy : java.lang.Exception: Error authenticating user

I think we are closer to the solution abhilash! 😊

Regards

Deepika.

former_member182294
Active Contributor
‎11-21-2006 1:24 PM
0 Kudos

Hi,

When you are using BASIC authentication you need to specify the realm name also. Did you set that in your web.xml?

You also need to configure your application to use logon module. check the following link..

<a href="http://help.sap.com/saphelp_nw04/helpdata/en/5b/3fda40eacd3d43e10000000a155106/content.htm">Link</a>

Regards

Abhilash

Former Member
‎11-22-2006 5:21 AM
0 Kudos

Hi,

yes,I havent mentioned a realm name, but even after entering and deploying the application, there's no change! i'm getting the same error!

"Cannot instantiate bean:Error Authenticationg user"

In the servlet, i have placed this code 

try {	  
LoginContext lc = new LoginContext("MyLoginModule");
lc.login();
} catch (LoginException le) {
throw new Exception("Error authenticating user");
 }

just before it calls the init() method, is this the cause for this exception?

if i remove this code snippet my application is running fine!

And moreover i have a basic doubt, in the example login module code, the accompanying text says that <b>this login module gets one part of the user ID that is sent with an HTTP request, and compares its first part with a given string that is specified as an option of the login module.</b>

how will i make sure that the user name i enter in the browser generated screen(BASIC authentication) is the one that is passed as request parameter in the loginmodule code?

Regards

Deepika.

former_member182294
Active Contributor
‎11-22-2006 6:24 AM
0 Kudos

Deepika,

For you first question change your code as follows and see the complete stack trace, so that you can understand exactly where the problem is:

try {

LoginContext lc = new LoginContext("MyLoginModule");

lc.login();

} catch (LoginException le) {

le.printStackTrace();

}

And also I said in my previous post does your application is registered to use this login module? Check the link in previous post which gives the details to register your application with Login Module. If you dont do this step your application will use different login method which might be causing this problem.

For your second question, there is a user prefix value assigned in <b>Configuring the Login Module Usage</b> in step 8. But its optional.

Regards

Abhilash

Former Member
‎11-22-2006 8:45 AM
0 Kudos

Hi,

Thanks! But its allowing all the users to use the app. i.e. its not implementing the login module(it shdnt allow users whose ids dont start with 'admin')!!!

The following exception is written in the log file---

<i>

<b>Caused by: java.lang.NullPointerException

at com.sap.jaas.MyLoginModuleClass.login(MyLoginModuleClass.java:126)</b> at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)

javax.security.auth.login.LoginException: No LoginModules configured for MyLoginModule#

at javax.security.auth.login.LoginContext.init(LoginContext.java:189)#

at javax.security.auth.login.LoginContext.<init>(LoginContext.java:292)#

at com.sap.examples.calculator.beans.CalcProxy.loginmodule(CalcProxy.java:79)#

at com.sap.examples.calculator.beans.CalcProxy.<init>(CalcProxy.java:66)#</i>

the null pointer above is pointing to the line

<b> sharedState.put(AbstractLoginModule.NAME, userName);</b>

i think the userName value is null!

what is gone wrong?

regards

Deepika

former_member182294
Active Contributor
‎11-22-2006 9:01 AM
0 Kudos

Hi,

You need to write custom logic to validate the user with proper user name prefix. You need to get the configured prefix value and then you need write validation logic like

if(username.startWith(prefix))

//do something

else

return not a valid user.

And for the null pointer exception also I didnt understand how you are reading username value from request. If you are using HttpCallbackHandler then you have to write proper logic to handle if you didnt receive user name. And also make sure that your user name request parameter is configured in HttpCallbackHandler.

Regards

Abhilash

Former Member
‎11-22-2006 12:42 PM
0 Kudos

Hi,

this is the code in my login module class-

public void initialize(Subject subject, CallbackHandler callbackHandler,

Map sharedState, Map options)

{

this.callbackHandler = callbackHandler;

this.subject = subject;

this.sharedState = sharedState;

this.options = options;

this.successful = false;

this.nameSet = false;

}

public boolean login() throws LoginException {

Callback[] callbacks = new Callback[1];

callbacks[0] = new HttpGetterCallback();

((HttpGetterCallback) callbacks[0]).setType(HttpCallback.REQUEST_PARAMETER);

((HttpGetterCallback) callbacks[0]).setName("username");

try {

callbackHandler.handle(callbacks);

} catch (UnsupportedCallbackException e) {

return false;

} catch (IOException e) {

throwUserLoginException(e, LoginExceptionDetails.IO_EXCEPTION);

}

//Returns an array of all request parameters with name "user_name".

String[] requestParameters = (String[]) ((HttpGetterCallback) callbacks[0]).getValue();

if ((requestParameters != null) && requestParameters.length > 0) {

userName = requestParameters[0];

}

if (userName == null) {

throwNewLoginException("No user name provided.");

}

try {

refreshUserInfo(userName);

} catch (SecurityException e) {

throwUserLoginException(e);

}

String prefix = (String) options.get("user_name_prefix");

if ((prefix != null) && !userName.startsWith(prefix))

{

throwNewLoginException("The user is not trusted.");

}

if (sharedState.get(AbstractLoginModule.NAME) == null) {

sharedState.put(AbstractLoginModule.NAME, userName);

nameSet = true;

}

successful = true;

return true;

}

public boolean commit() throws LoginException {

if (successful)

{

Principal principal = new Principal(userName);

subject.getPrincipals().add(principal);

if (nameSet)

{

sharedState.put(AbstractLoginModule.PRINCIPAL, principal);

}

}

else

{

userName = null;

}

return true;

}

public boolean abort() throws LoginException

{

if (successful)

{

userName = null;

successful = false;

}

return true;

}

public boolean logout() throws LoginException

{

if (successful)

{

subject.getPrincipals(Principal.class).clear();

successful = false;

}

return true;

}

}

From my understanding, this module gets the value that i enter in the(basic authentication) window and compares it with the prefix tat is set in the visual admin

am i right?

Can you elaborate about the HttpCallBackHandler? without understanding the code i dont think debugging is possible!

Regards

Deepika.

former_member182294
Active Contributor
‎11-22-2006 1:24 PM
0 Kudos

Yes, this module gets the user credentials from the basic authentication page. Coming to the HttpCallBackHandler class, the main purose is it reads the HTTP Request parameters which you pass in the Callback handler. Try to print and see the array requestParameters so that you clearly understand what parametes the CallbackHandler read from the HttpRequest.

Regards

Abhilash

Former Member
‎11-22-2006 2:07 PM
0 Kudos

Yes,i did try printing the username and many other simple sysout statements but none got printed in the log!

but the ones i gave in the application is getting printed correctly upto this particular line-

<b>LoginContext lc = new LoginContext("MyLoginModule");</b>

its not recognising my login module and gives the exception saying "No LoginModules configured for MyLoginModule"!!!

what name should i give there????

Regards

Deepika

Message was edited by:

swarnadeepika subramanian

former_member182294
Active Contributor
‎11-23-2006 6:44 AM
0 Kudos

The LoginContext parameter is the name configured in Login Module Usage. Recheck if you are using same name and you have specified the correct class name with complete package name.

Regards

Abhilash

Former Member
‎11-23-2006 10:11 AM
0 Kudos

Hi,

I wrongly gave the login module's name while creating login context instead of entering the login stack's name!

This time the login context is getting created while it is throwing an exception at this line

<b>lc.login();</b>

the error says-

com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.

But these login modules where examples provided in the help.sap.com,

I dont know what is wrong with the code!!!

Should i pass the callbackHandler while i'm creating the login context,

LoginContext lc = new LoginContext("MyLoginStack",callbackHandler);

becos it was mentioned like that in a thread!

Regards

Deepika.

former_member182294
Active Contributor
‎11-23-2006 10:40 AM
0 Kudos

Please paste the stack trace. If you have created your own Callbackhandler pass it to LoginContext.

See the stack trace and find out if any problem in your custom code.

Regards

Abhilash

Former Member
‎11-23-2006 12:56 PM
0 Kudos

no,i'm using the default callbackhandler only!

This is the stacktrace

<i>Caused by: java.lang.NullPointerException

at com.sap.engine.services.security.server.jaas.BasicPasswordLoginModule.login(BasicPasswordLoginModule.java:77)

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:69)

... 41 more

#

#1.5#001372736B74005E0000002C00000A2C000422E96552D6DC#1164285726329#com.sap.engine.services.security#sap.com/CalculatorEar#com.sap.engine.services.security#125965#99####06d0f9a07af011dbabf6001372736b74#SAPEngine_Application_Thread[impl:3]_18##0#0#Error##Java###Exception #1#com.sap.engine.services.security.exceptions.BaseLoginException: Error in some of the login modules.

at com.sap.engine.services.security.login.ModulesProcessAction.run(ModulesProcessAction.java:149)</i>

This very same application is working fine with basic and form based authentication when i used custom module, its throwing an error which points to

BasicPasswordLoginModule.java!!

This is driving me nuts!!!!

Regards

Deepika.

former_member182294
Active Contributor
‎11-23-2006 2:36 PM
0 Kudos

Hi,

You need to change the order of login modules for your application. Assign your application with custom login module instead of BasicPasswordLoginModule. Or if you want to use the Basic authentication type you need to change the order of Login modules but it will effect all other applications. So its better to configure for only for your application. These steps are given in the tutorial.

Regards

Abhilash

Answers (0)

Ask a Question