Expand my Community achievements bar.

Dive into Adobe Summit 2024! Explore curated list of AEM sessions & labs, register, connect with experts, ask questions, engage, and share insights. Don't miss the excitement.

javax.security.auth.login.LoginException: unable to find LoginModule class in AEM 6.3

Avatar

Level 2

Hi team ,

Recently we have upgraded AEM 6.0 to AEM 6.3 , where we have  JAAS module configured to generate token for authentication.

Step 1: After starting the server in AEM 6.3 , we get below error when we replicate something.

09.11.2018 07:41:43.424 *WARN* [sling-threadpool-cb90f54b-e9a7-47b5-a011-36ec26f9ae1f-(apache-sling-job-thread-pool)-3-com_day_cq_replication_job_rep-ny-dev-2(com/day/cq/replication/job/rep-ny-dev-2)] org.apache.felix.jaas No JAAS module configured for realm "XXX09.11.2018 07:41:43.425 *ERROR* [sling-threadpool-cb90f54b-e9a7-47b5-a011-36ec26f9ae1f-(apache-sling-job-thread-pool)-3-com_day_cq_replication_job_rep-ny-dev-2(com/day/cq/replication/job/rep-ny-dev-2)] ***.***.*** Failed to generate new token

javax.security.auth.login.LoginException: unable to find LoginModule class: aa.bb.cc

Step 2: Whenever after restart we manually do test connection , than replication start working as if has loaded the login module

  1. 09.11.2018 07:42:06.957 *INFO* [ [1541767326884] GET /etc/replication/agents.author/rep-ny-dev-1.test.html HTTP/1.1] LoginModule Initializing...
  2. 09.11.2018 07:42:06.957 *INFO* [ [1541767326884] GET /etc/replication/agents.author/rep-ny-dev-1.test.html HTTP/1.1] LoginModule System property from aa.properties
  3. 09.11.2018 07:42:06.960 *INFO* [ [1541767326884] GET /etc/replication/agents.author/rep-ny-dev-1.test.html HTTP/1.1] LoginModule Reading login properties from [aa.properties]
  4. 09.11.2018 07:42:06.963 *INFO* [ [1541767326884] GET /etc/replication/agents.author/rep-ny-dev-1.test.html HTTP/1.1] LoginModule Initialisation complete...

Any pointer will be helpful , thanks in Advance.

Just like to share more information so that can be useful to trouble shoot.

In Aem 6.0 , we didn't have any problem  with jaas configuration.

We used to place all the bundle in install folder for installation of bundles.

But after upgrade to AEM 6.3 , we have change this approach to package manager for installation.

Below is the log(related to jaas configuration) which appear in AEM 6.3 which wasn't available in AEM 6.0 after starting the server

  • 12.11.2018 09:05:44.440 *INFO* [FelixStartLevel] org.apache.felix.jaas Registered provider FelixJaasProvider for managing JAAS config with type JavaLoginConfig
  • 12.11.2018 09:05:44.442 *INFO* [FelixStartLevel] org.apache.felix.jaas Service [org.apache.felix.jaas.ConfigurationSpi,134, [org.osgi.service.cm.ManagedService]] ServiceEvent REGISTERED
  • 12.11.2018 09:05:44.442 *INFO* [FelixStartLevel] org.apache.felix.jaas Service [135, [org.apache.felix.jaas.LoginContextFactory]] ServiceEvent REGISTERED
  • 12.11.2018 09:05:44.443 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.jaas.ConfigurationSpi])] org.apache.felix.jaas Removed provider FelixJaasProvider type JavaLoginConfig from Security providers list
  • 12.11.2018 09:05:44.443 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.jaas.ConfigurationSpi])] org.apache.felix.jaas Registered provider FelixJaasProvider for managing JAAS config with type JavaLoginConfig
  • 12.11.2018 09:05:44.444 *INFO* [CM Configuration Updater (ManagedService Update: pid=[org.apache.felix.jaas.ConfigurationSpi])] org.apache.felix.jaas Replacing the global JAAS configuration with OSGi based proxy configuration. It would look first in the OSGi based configuration and if not found would use the default global configuration
6 Replies

Avatar

Level 10

Have you tried to set up on a fresh AEM instance (in a dev environment) - this will tell us if this is an upgrade issue

Avatar

Level 2

Thanks for immediate response.

Yes, this behavior is happening in all lower environment.

One more thing like to highlight , in AEM 6.0 we use tomcat server while in AEM 6.3 we used embedded jetty server.

Avatar

Level 5

Hello swapnilg77317184

Does this upgrade involve an Application server for your setup such as JBOSS, weblogic,etc? If yes, you may need to recreate your /etc/key.

1) Log into crx/explorer as admin

2) Click on Content Explorer

3) Go to the node /etc/key and delete it. Click Save All.

4) Stop AEM

5) Go to crx-quickstart directory

I don't believe this to be an issue with JAAS but with the Crypto Support. Can you check if you see any CryptoSupport errors in the logs as well?

Best Regards,

Aneet

Avatar

Level 2

Thanks Aneeta,

Nope we are not using any external Application Server.

I don't think its related to any crypo related because I am not able to see any crypto related error.

Infact it works after doing test connection as token is generated after that.

I suspect something related to sequence of installation or any config may be I am  missing which is causing this issue.

Avatar

Level 2

Hi , just like to re frame this issue

We have a login module(a.b.c.LoginModule) class specified in JAAS config. This login module gets invoked from class which implements Transport handler.(Generating token while replicating)

Case 1

When  we do test connection or force retry for any content stuck in replication queue, the replication is triggered generating token from Login Module.

Logs

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] c.d.c.r.Agent.agent1.queue (ReplicationQueueImpl.java:313) - Processing job for agent agent1

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java  - Initializing...

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - System property loaded

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Reading abc.properties

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Initialisation complete...

POST /etc/replication/agents.author/agent1/jcr:content.queue.json HTTP/1.1] abc.java - Generated token

Case 2

But if in case i replicate content , the replication is triggered but fail's to generate token with below exception

Log

[sling-threadpool-04717b99-e707-4d0d-9b0d-35f2dd7ae850-(apache-sling-job-thread-pool)-5831-com_day_cq_replication_job_devuat-1(com/day/cq/replication/job/agent1)] c.d.c.r.Agent.agent1.queue (ReplicationQueueImpl.java:313) - Processing job for agent agent1

2019-01-02T09:14:17.876-0500 ERROR [sling-threadpool-04717b99-e707-4d0d-9b0d-35f2dd7ae850-(apache-sling-job-thread-pool)-5831-com_day_cq_replication_job_devuat-1(com/day/cq/replication/job/agent1)] abc.java - Failed to generate new token

javax.security.auth.login.LoginException: unable to find LoginModule class: a.b.c.LoginModule

Seem's 2nd case is not able to find LoginModule but which is not the case with test connection.

Not sure is it authentication.jar(LoginModule) is not properly loaded in OSGI container  Or is it any thing triggered from sling thread pool is not referencing Login Module ?

Apologies in case i misguide with my earlier post.Any pointer's are appreciated.

Thanks in Advance.

Avatar

Level 2

Sorry coming late on this.  Sharing some more pointer over here

 

We invoke  replication transport handler which connects with login auth module

1  While doing test connection , current thread class loader SlingDynamic class loader which is able to interact login module 

2 While replicating  content , current thread classloader is ApplicationClassLoader which is not able to trace login module through transport handler.  After replacing appclassoader with slingdyanmic classloader , works as expected.

 

But still not sure why such behavior , would be great if someone can share some pointer on this ? Thanks in Advance