Bug 900640 (JBPAPP6-932)

Summary: Unable to use Krb5LoginModule from IBM JDK, because of missing jboss-negotiation module dependency
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Josef Cacek <jcacek>
Component: SecurityAssignee: Tomaz Cerar <tomaz.cerar>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 6.0.0CC: anil.saldhana, jcacek, sgilda, tomaz.cerar
Target Milestone: ---   
Target Release: EAP 6.0.1   
Hardware: Unspecified   
OS: Unspecified   
URL: http://jira.jboss.org/jira/browse/JBPAPP6-932
Whiteboard: eap6_need_triage
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-19 03:53:58 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 900553    

Description Josef Cacek 2012-06-15 13:16:37 UTC 
project_key: JBPAPP6

Using Krb5LoginModule from IBM JDK ends with this error:

{panel:title=Log file| borderStyle=dashed}
15:06:19,110 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationManager] (http-/127.0.0.1:8080-1) Login failure: javax.security.auth.login.LoginException: unable to find LoginModule class: com.ibm.security.auth.module.Krb5LoginModule
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:834) [rt.jar:1.6.0]
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209) [rt.jar:1.6.0]
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709) [rt.jar:1.6.0]
	at java.security.AccessController.doPrivileged(AccessController.java:251) [vm.jar:]
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706) [rt.jar:1.6.0]
	at javax.security.auth.login.LoginContext.login(LoginContext.java:603) [rt.jar:1.6.0]
	at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.getServerSubject(SPNEGOLoginModule.java:282) [jboss-negotiation-spnego-2.2.0.SP1.jar:2.2.0.SP1]
{panel}

Class Krb5LoginModule from Sun/Oracle is covered by a jboss-negotiation module dependency "sun.jdk", but there is no such dependency for IBM Java.
Comment 1 Josef Cacek 2012-06-18 06:56:59 UTC 
The path exports needed for IBM Kerberos login module are:
{panel:borderStyle=dashed}
&lt;path name=&quot;*com/ibm/security/auth*&quot;/&gt;
&lt;path name=&quot;*com/ibm/security/auth/module*&quot;/&gt;
{panel}
Comment 2 Rajesh Rajasekaran 2012-06-18 19:46:21 UTC 
Labels: Added: eap6_need_triage
Comment 3 Rajesh Rajasekaran 2012-06-18 19:46:58 UTC 
Link: Added: This issue is a dependency of JBPAPP-9188
Comment 4 Anil Saldhana 2012-06-19 00:10:25 UTC 
Josef,  this needs to go into documentation some place. I doubt we can make a product change.
Comment 6 Tomaz Cerar 2012-07-04 20:00:43 UTC 
We are adding new module ibm.jdk that will contain all ibm paths the same way as sun.jdk is for sun's jdk.
Comment 7 Tomaz Cerar 2012-07-05 12:54:44 UTC 
https://github.com/jbossas/jboss-as/pull/2604
https://github.com/jbossas/jboss-as/pull/2603
Comment 8 Tomaz Cerar 2012-07-07 08:56:39 UTC 
Fixed in upstream by adding ibm.jdk module that has ibm jdk specific classpaths imported.
Comment 9 Josef Cacek 2012-10-02 11:31:20 UTC 
Verified in EAP 6.0.1.ER2
Comment 10 sgilda 2012-10-04 14:36:49 UTC 
Modifying release note status.
Comment 11 sgilda 2012-10-04 14:37:19 UTC 
Release Notes Docs Status: Added: Not Yet Documented
Comment 12 sgilda 2012-10-04 14:37:49 UTC 
Release Notes Text: Added: Updated release note status.
Comment 13 sgilda 2012-10-04 18:35:00 UTC 
Updated release note status.
Comment 14 sgilda 2012-10-04 18:35:00 UTC 
Release Notes Text: Removed: Updated release note status.
Comment 15 Josef Cacek 2012-10-05 13:12:10 UTC 
Reopening. 
Sande, I'm not sure what was the point behind the reopening and resolving the issue again. Can I close it again? (functionality was verified already)
Comment 16 sgilda 2012-10-05 13:22:57 UTC 
Josef, did I forget to close it again after setting the release note status? Feel free to close it. It can be opened  when the release note text is added.
Comment 17 Dana Mison 2012-10-17 22:31:57 UTC 
reopening for release notes updates
Comment 18 Dana Mison 2012-10-17 22:34:03 UTC 
Writer: Added: elogue
Comment 19 Dana Mison 2012-10-17 23:13:31 UTC 
Writer: Removed: elogue Added: tomwells
Comment 20 Tom WELLS 2012-10-19 03:53:50 UTC 
Release Notes Docs Status: Removed: Not Yet Documented Added: Documented as Resolved Issue
Release Notes Text: Added: A missing jboss-negotiation module dependency prevented the use of Krb5LoginModule with the IBM JDK. A new module, ibm.jdk, has been added that contains all required ibm paths. Krb5LoginModule now works successfully with the IBM JDK.
Comment 21 Anne-Louise Tangring 2012-11-13 20:07:50 UTC 
Release Notes Docs Status: Removed: Documented as Resolved Issue 
Writer: Removed: tomwells 
Release Notes Text: Removed: A missing jboss-negotiation module dependency prevented the use of Krb5LoginModule with the IBM JDK. A new module, ibm.jdk, has been added that contains all required ibm paths. Krb5LoginModule now works successfully with the IBM JDK. 
Docs QE Status: Removed: NEW