You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@shiro.apache.org by jcalcote <jo...@gmail.com> on 2014/12/18 19:38:58 UTC

AuthenticationException (no security manager: RMI class loader disabled)

Hi Les,

I have a java app wherein I'm configuring a JMX Connection Server for remote
access to my mbean server. I'm using shiro as my authentication service. Up
to now, it's been working fine using simply ini-file configuration for
realms, users, and roles.

I recently decided to add unix pam authentication through the libpam4j
library. My authenticator seems to work fine locally, but when I try to use
jconsole to login remotely, I get the following error:

java.rmi.UnmarshalException: Error unmarshaling return; nested exception is: 
	java.lang.ClassNotFoundException:
org.apache.shiro.authc.AuthenticationException (no security manager: RMI
class loader disabled)
	at
sun.rmi.transport.StreamRemoteCall.executeCall(StreamRemoteCall.java:246)
	at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:161)
	at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source)
	at
javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2404)
	at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308)
	at sun.tools.jconsole.ProxyClient.tryConnect(ProxyClient.java:368)
	at sun.tools.jconsole.ProxyClient.connect(ProxyClient.java:313)
	at sun.tools.jconsole.VMPanel$2.run(VMPanel.java:292)
Caused by: java.lang.ClassNotFoundException:
org.apache.shiro.authc.AuthenticationException (no security manager: RMI
class loader disabled)
	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:393)
	at sun.rmi.server.LoaderHandler.loadClass(LoaderHandler.java:185)
        ...

All the existing references to this error message seem to refer to some
other type of problem. Can you fathom what might be happening here? Please
pretend I'm an RMI noob (cause that would be the absolute truth). I can't
imagine why RMI class loaders must get involved in a server-side-only
authentication request, but there you have it.

Any help would be appreciated.

Thanks,
John



--
View this message in context: http://shiro-user.582556.n2.nabble.com/AuthenticationException-no-security-manager-RMI-class-loader-disabled-tp7580372.html
Sent from the Shiro User mailing list archive at Nabble.com.

Re: AuthenticationException (no security manager: RMI class loader disabled)

Posted by jcalcote <jo...@gmail.com>.

So, I think I discovered the issue. Turns out I was running my service as my
own user rather than as root. When I tried to authenticate, I was using the
root id and credentials. The RMI Exception being thrown appears to indicate
that

1) there was a security exception (unable to authenticate) which threw a
ShiroAuthentication exception
2) RMI was unable to find that class on the client and actually rethrow it
on the client side.

The auth exception was happening because I was not running as a root user,
so I had no access to the password database for any users other than myself.
When I tried to use my own username and password, it worked fine. 

The RMI exception was happening because (as mentioned above) the
ShiroAuthException class was not found on the client, and the client was
configured to not allow classes to be downloaded from the server - the
default configuration.

Interesting shiro problem. Anyone know what the best practice is for
something like this?

Thanks,
John



--
View this message in context: http://shiro-user.582556.n2.nabble.com/AuthenticationException-no-security-manager-RMI-class-loader-disabled-tp7580372p7580373.html
Sent from the Shiro User mailing list archive at Nabble.com.