Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy #14183

Closed
una-tapa opened this issue Sep 26, 2020 · 1 comment
Closed

Need an option to load a custom JaasLoginModule without going through com.ibm.ws.kernel.boot.security.LoginModuleProxy #14183

una-tapa opened this issue Sep 26, 2020 · 1 comment
Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:20007 release:200011

Comments

@una-tapa
Copy link
Member

una-tapa commented Sep 26, 2020
edited
Loading

Describe the bug
Liberty loads customLoginModule via com.ibm.ws.kernel.boot.security.LoginModuleProxy class. The Proxy class is registered as the JaasLoginModule by Liberty with its "kernelDelegate" option poitning the actual customLoginModule.

Liberty's mechanism would help classloading issue on a certain scenario & jdk combination, but it could get in the way for application to work directly on the custom LoginModule.

Following error is when application tried to load custom loginModule programmatically by calling ClassforName().

11/22/19 4:14:42:760 PST] 00000042 com.ws.security.jaas.common.internal.JAASLoginModuleConfigImpl E CWWKS1141E: Exception performing class for name for com.example.custom.ABCLoginModule. Unexpected exception java.lang.ClassNotFoundException: om.example.custom.ABCLoginModule
at java.lang.Class.forNameImpl(Native Method)
at java.lang.Class.forName(Class.java:348)
at com.ibm.ws.security.jaas.common.internal.JAASLoginModuleConfigImpl.processDelegateOptions(JAASLoginModuleConfigImpl.java:112)
at com.ibm.ws.security.jaas.config.internal.JAASLoginConfigImpl.updateAppConfiguration(JAASLoginConfigImpl.java:192)
at com.ibm.ws.security.jaas.config.internal.JAASLoginConfigImpl.updateDelegateOptions(JAASLoginConfigImpl.java:172)
at com.ibm.ws.security.jaas.config.internal.JAASLoginConfigImpl.getEntries(JAASLoginConfigImpl.java:160)
at com.ibm.ws.security.jaas.common.JAASConfigurationFactory.installJAASConfigurationFromJAASConfigFile(JAASConfigurationFactory.java:119)
at com.ibm.ws.security.jaas.common.JAASConfigurationFactory.activate(JAASConfigurationFactory.java:85)

Steps to Reproduce
Application to look for its custom LoginModule information programmatically. It would find com.ibm.ws.kernel.boot.security.LoginModuleProxy instead.

Expected behavior
Application can find its custom LoginModule information correctly.

Diagnostic information:
Often times, we see com.ibm.ws.kernel.boot.security.LoginModuleProxy instead of expected customLoginModule name in the error stack.
@una-tapa una-tapa added the bug This bug is not present in a released version of Open Liberty label Sep 26, 2020
@una-tapa una-tapa mentioned this issue Sep 26, 2020
Merged
@una-tapa una-tapa added release bug This bug is present in a released version of Open Liberty release:20007 labels Sep 30, 2020
@una-tapa
Copy link
Member Author

una-tapa commented Sep 30, 2020
edited
Loading

Closing the issue.
Setting following JVM property
com.ibm.websphere.security.skipWASProxyForJaasConfigFile=true
will change the behavior. Default is false.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug This bug is not present in a released version of Open Liberty release bug This bug is present in a released version of Open Liberty release:20007 release:200011
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@una-tapa @LibbyBot