[GLASSFISH-20353] Login failed: unable to find LoginModule class: com.sun.enterprise.security.auth.login.LDAPLoginModule Created: 19/Apr/13  Updated: 22/Apr/13  Resolved: 22/Apr/13

Status: Resolved
Project: glassfish
Component/s: security
Affects Version/s: 4.0
Fix Version/s: 4.0_b86_RC2

Type: Bug Priority: Major
Reporter: Craig Perez Assignee: spei
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

security-devtests-trunk


Tags: 4_0-approved

 Description   

The LDAP realm security devtests fail with OOTB configuration:

[2013-04-18T13:19:57.083-0700] [glassfish 4.0] [WARNING] [web.login.failed] [javax.enterprise.system.container.web.com.sun.web.security] [tid: _ThreadID=20 _ThreadName=http-listener-1(2)] [timeMillis: 1366316397083] [levelValue: 900] [[
WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: unable to find LoginModule class: com.sun.enterprise.security.auth.login.LDAPLoginModule]]



 Comments   
Comment by Craig Perez [ 19/Apr/13 ]

I have workaround for the Husdon job that updates <domain>/config/login.conf to use:

ldapRealm

{ org.glassfish.security.services.impl.LDAPLoginModule required; }

;

Comment by Tim Quinn [ 19/Apr/13 ]

Do not restore the original class. I moved it as part of fixing a separate issue (GLASSFISH-20125). I thought I scoured the entire system for references to it but obviously missed this one.

The login.conf needs to be updated to refer to the class in its new place.

[shaun]If we revise login.conf of GF4.0 with new package name, any issue for domain upgrade on existing domain? Or should something be done on domain upgrade?

Comment by Tim Quinn [ 19/Apr/13 ]

Good point, Sean. The domain upgrade should deal with this. I am not sure but I suspect the upgrade does not currently deal with login.conf.

Comment by spei [ 22/Apr/13 ]

What is the impact on the customer of the bug?

If some uses the LDAPRealm, he may get a ClassNotFoundExcepton since the package name was revised for LDAPLoginModule.

What is the cost/risk of fixing the bug?

Low risk. Restored the package name to its original com.sun.enterprise.security.auth.login.LDAPLoginModule, revised the LDAPAdminAccessConfigurator to use the old package name; this avoids the upgrade issue;

Is there an impact on documentation or message strings?

No.

Which tests should QA (re)run to verify the fix did not destabilize GlassFish?

Security tests

Which is the targeted build of 4.0 for this fix?

4.0_b86_RC2

If this an integration of a new version of a component from another project, what are the changes that are being brought in? This might be list of Jira issues from that project or a list of revision messages.

na

Comment by Tom Mueller [ 22/Apr/13 ]

Approved for 4.0.

Comment by spei [ 22/Apr/13 ]

Restore the LDAPLoginmodule to original package com.sun.enterprise.security.auth.login, also removed security devtest workaround.

Committed revision 61583.
Committed revision 61584.

Generated at Mon May 25 22:22:25 UTC 2015 using JIRA 6.2.3#6260-sha1:63ef1d6dac3f4f4d7db4c1effd405ba38ccdc558.