glassfish
  1. glassfish
  2. GLASSFISH-20353

Login failed: unable to find LoginModule class: com.sun.enterprise.security.auth.login.LDAPLoginModule

    Details

    • Type: Bug Bug
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0
    • Fix Version/s: 4.0_b86_RC2
    • Component/s: security
    • Labels:
      None
    • Environment:

      security-devtests-trunk

      Description

      The LDAP realm security devtests fail with OOTB configuration:

      [2013-04-18T13:19:57.083-0700] [glassfish 4.0] [WARNING] [web.login.failed] [javax.enterprise.system.container.web.com.sun.web.security] [tid: _ThreadID=20 _ThreadName=http-listener-1(2)] [timeMillis: 1366316397083] [levelValue: 900] [[
      WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: unable to find LoginModule class: com.sun.enterprise.security.auth.login.LDAPLoginModule]]

        Activity

        Hide
        Craig Perez added a comment - - edited

        I have workaround for the Husdon job that updates <domain>/config/login.conf to use:

        ldapRealm

        { org.glassfish.security.services.impl.LDAPLoginModule required; }

        ;

        Show
        Craig Perez added a comment - - edited I have workaround for the Husdon job that updates <domain>/config/login.conf to use: ldapRealm { org.glassfish.security.services.impl.LDAPLoginModule required; } ;
        Hide
        Tim Quinn added a comment - - edited

        Do not restore the original class. I moved it as part of fixing a separate issue (GLASSFISH-20125). I thought I scoured the entire system for references to it but obviously missed this one.

        The login.conf needs to be updated to refer to the class in its new place.

        [shaun]If we revise login.conf of GF4.0 with new package name, any issue for domain upgrade on existing domain? Or should something be done on domain upgrade?

        Show
        Tim Quinn added a comment - - edited Do not restore the original class. I moved it as part of fixing a separate issue ( GLASSFISH-20125 ). I thought I scoured the entire system for references to it but obviously missed this one. The login.conf needs to be updated to refer to the class in its new place. [shaun] If we revise login.conf of GF4.0 with new package name, any issue for domain upgrade on existing domain? Or should something be done on domain upgrade?
        Hide
        Tim Quinn added a comment -

        Good point, Sean. The domain upgrade should deal with this. I am not sure but I suspect the upgrade does not currently deal with login.conf.

        Show
        Tim Quinn added a comment - Good point, Sean. The domain upgrade should deal with this. I am not sure but I suspect the upgrade does not currently deal with login.conf.
        Hide
        spei added a comment -

        What is the impact on the customer of the bug?

        If some uses the LDAPRealm, he may get a ClassNotFoundExcepton since the package name was revised for LDAPLoginModule.

        What is the cost/risk of fixing the bug?

        Low risk. Restored the package name to its original com.sun.enterprise.security.auth.login.LDAPLoginModule, revised the LDAPAdminAccessConfigurator to use the old package name; this avoids the upgrade issue;

        Is there an impact on documentation or message strings?

        No.

        Which tests should QA (re)run to verify the fix did not destabilize GlassFish?

        Security tests

        Which is the targeted build of 4.0 for this fix?

        4.0_b86_RC2

        If this an integration of a new version of a component from another project, what are the changes that are being brought in? This might be list of Jira issues from that project or a list of revision messages.

        na

        Show
        spei added a comment - What is the impact on the customer of the bug? If some uses the LDAPRealm, he may get a ClassNotFoundExcepton since the package name was revised for LDAPLoginModule. What is the cost/risk of fixing the bug? Low risk. Restored the package name to its original com.sun.enterprise.security.auth.login.LDAPLoginModule, revised the LDAPAdminAccessConfigurator to use the old package name; this avoids the upgrade issue; Is there an impact on documentation or message strings? No. Which tests should QA (re)run to verify the fix did not destabilize GlassFish? Security tests Which is the targeted build of 4.0 for this fix? 4.0_b86_RC2 If this an integration of a new version of a component from another project, what are the changes that are being brought in? This might be list of Jira issues from that project or a list of revision messages. na
        Hide
        Tom Mueller added a comment -

        Approved for 4.0.

        Show
        Tom Mueller added a comment - Approved for 4.0.
        Hide
        spei added a comment -

        Restore the LDAPLoginmodule to original package com.sun.enterprise.security.auth.login, also removed security devtest workaround.

        Committed revision 61583.
        Committed revision 61584.

        Show
        spei added a comment - Restore the LDAPLoginmodule to original package com.sun.enterprise.security.auth.login, also removed security devtest workaround. Committed revision 61583. Committed revision 61584.

          People

          • Assignee:
            spei
            Reporter:
            Craig Perez
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: