3 Replies Latest reply on Apr 26, 2002 5:39 AM by jeroennoels

    Using JAAS security with WebStart

    mihochan

      Hi,

      I've managed to get JBoss security up and running for
      a standalone GUI client.
      However, I want to client to be launched via WebStart.
      When I do this I get the error,

      unable to instanciate login module.

      Any ideas why this happens or how to get around it?

      Tom

        • 1. Re: Using JAAS security with WebStart
          mihochan

          Steven,

          No problem, I'm happy to help.

          As to properties files, I just included them inside the jar at root level. This effectively places them in the classpath. I then tend to load them via getClass.getResourceAsStream("jboss.properties") and pass the Properties object as an argument to the InitialContext constructor.

          As to security, you need to have made a very detailed reading of the Jboss documentation to work out what to do.
          ( It's all at http://www.jboss.org/online-manual/HTML/ch12s78.html )
          -The system property "java.security.auth.login.config" must be set to the URI of an authentication config file.
          -The config file registers the 'org.jboss.security.ClientLoginModule'
          which integrates the local JVM with the JBoss server. Look at their example.
          -In the code, create a LoginContext as described in the Javadocs and login.

          I got all this working nicely with a stand-alone client. I posted the auth.conf file up on the website and everything worked fine. The problem came when I tried to use WebStart to launch the application. Even when WebStart grants 'all-permissions' this does not include the permission to set system properties like "java.security.auth.login.config". As far as I  can see, there is no way to register the JAAS components properly.

          For this reason, I stopped using JAAS. If you find a work-around I'd like to hear it.

          Tom

          • 2. Re: Using JAAS security with WebStart
            cobraflow

            The optional JAAS library for JDK1.3 has a 'feature' that causes it to look for login modules from the system classloader! JAAS included in JDK1.4 has been fixed. The workaround is to put your login module in the JRE/lib/ext dir! (Sad but true!)

            • 3. Re: Using JAAS security with WebStart
              jeroennoels

              I have the same problem with webstart. I tried all the above, but I keep on getting 'unable to instantiate login module'. With ordinary stand-alone client everything works fine.

              jeroen