724766 – (BRMS-604) Unable to login to JCR backend: JAAS policy cannot be found (logInAdmin user created)

Bug 724766 (BRMS-604) - Unable to login to JCR backend: JAAS policy cannot be found (logInAdmin user created)

Summary: Unable to login to JCR backend: JAAS policy cannot be found (logInAdmin user ...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	BRMS-604
Product:	JBoss Enterprise BRMS Platform 5
Classification:	JBoss
Component:	Modeshape
Sub Component:
Version:	BRMS 5.2.0-Dev1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	BRMS 5.2.0.GA
Assignee:	Kurt Stam
QA Contact:	Petr Široký
Docs Contact:
URL:	http://jira.jboss.org/jira/browse/BRM...
Whiteboard:
Duplicates (1):	724777 (view as bug list)
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-06-10 08:26 UTC by Lukáš Petrovický
Modified:	2011-09-20 12:31 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:	java version "1.6.0_22" OpenJDK Runtime Environment (IcedTea6 1.10.1) (fedora-57.1.10.1.fc15-x86_64) OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
Last Closed:	2011-08-16 14:50:39 UTC
Type:	Bug

Attachments	(Terms of Use)
login-config.xml (5.32 KB, text/xml) 2011-06-10 08:28 UTC, Lukáš Petrovický	no flags	Details
modeshape-config.xml (5.60 KB, text/xml) 2011-06-10 08:28 UTC, Lukáš Petrovický	no flags	Details
server.log (67.78 KB, text/x-log) 2011-06-10 08:28 UTC, Lukáš Petrovický	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	BRMS-604	0	None	Closed	Unable to login to JCR backend: JAAS policy cannot be found	2012-03-09 16:13:29 UTC

Description Lukáš Petrovický 2011-06-10 08:26:58 UTC

Affects Testing: Blocks Testing
securitylevel_name: Public

After successful installation of Modeshape into BRMS 5.2.0.DEV1 (+ EAP 5.1), I run into the following exception on server startup:

org.jboss.seam.InstantiationException: Could not instantiate Seam component: repositoryConfiguration
....
Caused by: org.drools.repository.RulesRepositoryException: UserName: [ logInAdmin] Unable to login to JCR backend.
....
Caused by: javax.jcr.LoginException: The JAAS policy named 'modeshape' (nor the policy named 'other') could not be found; check the value of the 'JAAS_LOGIN_CONFIG_NAME' repository option in the configuration for the 'brms' repository
	at org.modeshape.jcr.JcrRepository.login(JcrRepository.java:1344)
	at org.modeshape.jcr.JcrRepository.login(JcrRepository.java:1289)
	at org.drools.repository.JCRRepositoryConfigurator.login(JCRRepositoryConfigurator.java:95)
	at org.drools.repository.RulesRepositoryConfigurator.login(RulesRepositoryConfigurator.java:85)
	at org.drools.guvnor.server.repository.RepositoryStartupService.newSession(RepositoryStartupService.java:213)
	... 99 more
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
	at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)
	at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:152)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
	at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
	at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
	at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
	at org.modeshape.graph.JaasSecurityContext.<init>(JaasSecurityContext.java:115)
	at org.modeshape.graph.JaasSecurityContext.<init>(JaasSecurityContext.java:82)
	at org.modeshape.jcr.JcrRepository.login(JcrRepository.java:1341)
	... 103 more

As you can see from the attached server logs, Modeshape configuration and, importantly, the login-config.xml, the "modeshape" policy is there. 
In fact, the exact same process has been used to set up BRMS 5.2+Modeshape as was always being used to set up BRMS 5.1+Modeshape.

Comment 1 Lukáš Petrovický 2011-06-10 08:28:11 UTC

Attachment: Added: login-config.xml
Attachment: Added: modeshape-config.xml
Attachment: Added: server.log

Comment 2 Lukáš Petrovický 2011-06-10 09:16:30 UTC

Affects Testing: Added: [Blocks Testing]

Comment 3 Van Halbert 2011-06-13 15:09:37 UTC

Tested with the latest code updates to ModeShape and to the build scripts, and didn't see this issue.   Suggest retesting with latest.

Comment 4 Petr Široký 2011-07-07 08:34:46 UTC

Still happening with BRMS 5.2.0-dev3.

Comment 5 Petr Široký 2011-07-07 08:42:34 UTC

Link: Added: This issue is duplicated by BRMS-615

Comment 6 Van Halbert 2011-07-07 11:47:03 UTC

It appears the logInAdmin password was defined incorrectly in the components.xml file.   Use this:

<key>org.drools.repository.logInAdmin.password</key>  <value>logInAdmin</value>

Comment 7 Petr Široký 2011-07-07 12:03:17 UTC

Yes, this is probably just a configuration issue. If the 'logInAdmin' user is added to brms-users.properties and the line you mentioned to components.xml, deploying is done without errors and Guvnor can be used with ModeShape.

Comment 8 Van Halbert 2011-07-12 18:58:21 UTC

This issue is configuration issue to how components.xml and users are defined.

Comment 9 Petr Široký 2011-07-13 16:16:27 UTC

Agreed. However user 'logInAdmin' is not listed in brms-users.properties (and brms-roles.properties) and also not in compoments.xml by default. User has to be added manually. I think that it should be there by default.

Comment 10 Ryan Zhang 2011-07-18 12:29:51 UTC

Would it make sense to use 'admin' as the default connect account for modeshape instead of logInAdmin as it was in BRMS 5.1.0?
Plus the 'admin' is still the default account for BRMS web interface login in.

Comment 11 Van Halbert 2011-07-18 15:19:29 UTC

Not sure where the logInAdmin came from, its not from modeshape.

Comment 12 Petr Široký 2011-07-18 15:44:24 UTC

So, it seems that the user name was added/changed in Guvnor 5.2. Not sure what is the reason for that, but I'll try to find out.

Comment 13 Petr Široký 2011-07-21 09:35:47 UTC

From e-mail communication come out, that Toni Rikkola changed the name by mistake and he will revert this change in brms 5.2 branch, so this should be probably fixed in new build.

Comment 14 Van Halbert 2011-08-12 15:41:31 UTC

Changing to a BRMS person, cause this is a BRMS configuration/kitting issue, that is not controlled by ModeShape.

Comment 15 Petr Široký 2011-08-16 14:50:39 UTC

Verified fixed in 5.2.0 ER2. Closing this issue.

Note You need to log in before you can comment on or make changes to this bug.