0 Replies Latest reply: Mar 30, 2011 5:43 AM by soverbosch RSS

    Checksum failed while authenticating via Kerberos

    soverbosch
      Hi All,

      I having a problem getting authentication using kerberos to work, I get the message checksum failed. The environment is Windows 2008 Server as DC and IE 8 as client and the application is running inside JBoss (in this case I am using the negotiation-toolkit) and the following trace is in the server.log. Can someone point me in the right direction for solving this problem, i've configured two local environments using w2k3 and w2k8 which are both working just fine but in the customers network it fails with the following trace:
      l
      2011-03-30 11:33:21,845 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:{}
      2011-03-30 11:33:21,846 TRACE [org.jboss.security.plugins.authorization.JBossAuthorizationContext] (http-0.0.0.0-8888-1) Control flag for entry:org.jboss.security.authorization.config.AuthorizationModuleEntry{org.jboss.security.authorization.modules.DelegatingAuthorizationModule:{}REQUIRED}is:[REQUIRED]
      2011-03-30 11:33:21,846 TRACE [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Authenticating user
      2011-03-30 11:33:21,846 DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator] (http-0.0.0.0-8888-1) Header - Negotiate 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Base64] (http-0.0.0.0-8888-1) 2011-03-30 11:33:21,847 TRACE [org.jboss.security.negotiation.common.MessageTrace.Request.Hex] (http-0.0.0.0-8888-1)2011-03-30 11:33:21,848 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) associate 176127440
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Begin isValid, principal:FFE8282EB0A470619839BBD7EDF16A5E, cache info: null
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) defaultLogin, principal=FFE8282EB0A470619839BBD7EDF16A5E
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(SPNEGO), size=13
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: org.jboss.security.negotiation.spnego.SPNEGOLoginModule
      ControlFlag: LoginModuleControlFlag: requisite
      Options:
      name=serverSecurityDomain, value=host
      name=password-stacking, value=useFirstPass
      [1]
      LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=usersProperties, value=props/spnego-users.properties
      name=rolesProperties, value=props/spnego-roles.properties
      name=password-stacking, value=useFirstPass

      2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) initialize
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
      2011-03-30 11:33:21,850 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) serverSecurityDomain=host
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) login
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) Begin getAppConfigurationEntry(host), size=13
      2011-03-30 11:33:21,850 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] (http-0.0.0.0-8888-1) End getAppConfigurationEntry(host), authInfo=AppConfigurationEntry[]:
      [0]
      LoginModule Class: com.sun.security.auth.module.Krb5LoginModule
      ControlFlag: LoginModuleControlFlag: required
      Options:
      name=principal, value=host/jbossserver@SHIPYARD.LOCAL
      name=useKeyTab, value=true
      name=storeKey, value=true
      name=keyTab, value=/DATA/jbossserver.host.keytab
      name=debug, value=true
      name=doNotPrompt, value=true

      2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /DATA/jbossserver.host.keytab refreshKrb5Config is false principal is host/jbossserver@SHIPYARD.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false
      2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) KeyTab instance already exists
      2011-03-30 11:33:21,850 INFO [STDOUT] (http-0.0.0.0-8888-1) Added key: 23version: 4
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Ordering keys wrt default_tkt_enctypes list
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) principal's key obtained from the keytab
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Acquire TGT using AS Exchange
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) Using builtin default etypes for default_tkt_enctypes
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) default etypes for default_tkt_enctypes:
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 3
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 1
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 23
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 16
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) 17
      2011-03-30 11:33:21,851 INFO [STDOUT] (http-0.0.0.0-8888-1) .
      2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq calling createMessage
      2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsReq in createMessage
      2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000, number of retries =3, #bytes=158
      2011-03-30 11:33:21,852 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KDCCommunication: kdc=rm-hq-dc1.shipyard.local UDP:88, timeout=30000,Attempt =1, #bytes=158
      2011-03-30 11:33:21,853 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
      2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbKdcReq send: #bytes read=633
      2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2011-03-30 11:33:21,854 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> KrbAsRep cons in KrbAsReq.getReply host/jbossserver
      2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) principal is host/jbossserver@SHIPYARD.LOCAL
      2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) EncryptionKey: keyType=23 keyBytes (hex dump)=0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
      2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Added server's keyKerberos Principal host/jbossserver@SHIPYARD.LOCALKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3
      2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule] added Krb5Principal host/jbossserver@SHIPYARD.LOCAL to Subject
      2011-03-30 11:33:21,855 INFO [STDOUT] (http-0.0.0.0-8888-1) Commit Succeeded
      2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Subject = Subject:
           Principal: host/jbossserver@SHIPYARD.LOCAL
           Private Credential: Ticket (hex) =
      0000: 61 82 01 1F 30 82 01 1B A0 03 02 01 05 A1 13 1B a...0...........
      ...
      0120: 9E 96 D4 ...

      Client Principal = host/jbossserver@SHIPYARD.LOCAL
      Server Principal = krbtgt/SHIPYARD.LOCAL@SHIPYARD.LOCAL
      Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 81 5B 77 9E C3 74 46 AC 87 26 B0 00 5C B6 56 6E .[w..tF..&..\.Vn


      Forwardable Ticket false
      Forwarded Ticket false
      Proxiable Ticket false
      Proxy Ticket false
      Postdated Ticket false
      Renewable Ticket false
      Initial Ticket false
      Auth Time = Wed Mar 30 11:33:17 CEST 2011
      Start Time = Wed Mar 30 11:33:17 CEST 2011
      End Time = Wed Mar 30 21:33:17 CEST 2011
      Renew Till = null
      Client Addresses Null
           Private Credential: Kerberos Principal host/jbossserver@SHIPYARD.LOCALKey Version 4key EncryptionKey: keyType=23 keyBytes (hex dump)=
      0000: 4F C6 44 97 D0 B8 9C 96 A9 79 5B 87 EB 44 71 33 O.D......y[..Dq3



      2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Logged in 'host' LoginContext
      2011-03-30 11:33:21,858 DEBUG [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Creating new GSSContext.
      2011-03-30 11:33:21,866 INFO [STDOUT] (http-0.0.0.0-8888-1) Found key for host/jbossserver@SHIPYARD.LOCAL(23)
      2011-03-30 11:33:21,867 INFO [STDOUT] (http-0.0.0.0-8888-1) Entered Krb5Context.acceptSecContext with state=STATE_NEW
      2011-03-30 11:33:21,868 INFO [STDOUT] (http-0.0.0.0-8888-1) >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
      2011-03-30 11:33:21,869 ERROR [STDERR] (http-0.0.0.0-8888-1) Checksum failed !
      2011-03-30 11:33:21,870 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Result - GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
      2011-03-30 11:33:21,870 ERROR [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) Unable to authenticate
      GSSException: Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
           at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:741)
           at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:323)
           at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:267)
           at org.jboss.security.negotiation.spnego.SPNEGOLoginModule$AcceptSecContext.run(SPNEGOLoginModule.java:294)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.Subject.doAs(Subject.java:337)
           at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:118)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
           at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
           at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
           at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
           at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
           at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
           at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
           at java.lang.Thread.run(Thread.java:619)
      Caused by: KrbException: Checksum failed
           at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:85)
           at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:77)
           at sun.security.krb5.EncryptedData.decrypt(EncryptedData.java:168)
           at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:267)
           at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:134)
           at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:79)
           at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:724)
           ... 35 more
      Caused by: java.security.GeneralSecurityException: Checksum failed
           at sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(ArcFourCrypto.java:388)
           at sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(ArcFourHmac.java:74)
           at sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(ArcFourHmacEType.java:83)
           ... 41 more
      2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: Entering logout
      2011-03-30 11:33:21,871 INFO [STDOUT] (http-0.0.0.0-8888-1)           [Krb5LoginModule]: logged out Subject
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.negotiation.spnego.SPNEGOLoginModule] (http-0.0.0.0-8888-1) abort
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) initialize
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Security domain: SPNEGO
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-users.properties, defaults=null
      2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[]
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) findResource: null
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Properties file=vfsfile:/DATA/jboss-5.1.0.GA/server/default/conf/props/spnego-roles.properties, defaults=null
      2011-03-30 11:33:21,872 DEBUG [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) Loaded properties, users=[everetttst@shipyard.local, everetttst@SHIPYARD.LOCAL]
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8888-1) abort
      2011-03-30 11:33:21,872 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) Login failure
      javax.security.auth.login.LoginException: Unable to authenticate - Failure unspecified at GSS-API level (Mechanism level: Checksum failed)
           at org.jboss.security.negotiation.spnego.SPNEGOLoginModule.login(SPNEGOLoginModule.java:141)
           at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
           at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
           at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
           at java.lang.reflect.Method.invoke(Method.java:597)
           at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
           at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
           at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
           at java.security.AccessController.doPrivileged(Native Method)
           at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
           at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
           at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
           at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
           at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
           at org.jboss.security.negotiation.NegotiationAuthenticator.authenticate(NegotiationAuthenticator.java:127)
           at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
           at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
           at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
           at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
           at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
           at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
           at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
           at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
           at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
           at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
           at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
           at java.lang.Thread.run(Thread.java:619)
      2011-03-30 11:33:21,873 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.SPNEGO] (http-0.0.0.0-8888-1) End isValid, false
      2011-03-30 11:33:21,873 TRACE [org.jboss.security.negotiation.common.NegotiationContext] (http-0.0.0.0-8888-1) clear 176127440
      2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null
      2011-03-30 11:33:21,873 TRACE [org.jboss.security.SecurityRolesAssociation] (http-0.0.0.0-8888-1) Setting threadlocal:null