-
1. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 23, 2002 9:21 PM (in response to bchi49)In the auth.conf did you change the name from other to eCommerce?
You will need to do this as you have specified the security domain "eCommerce" in the jboss-web.xml. The default auth.conf has the UsersRolesLoginModule specified under the security domain "other".
HTH,
TC -
2. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 24, 2002 10:49 PM (in response to bchi49)Yes, I have the eCommerce defined in the auth.conf file as:
=================================================
eCommerce {
org.jboss.security.auth.spi.UsersRolesLoginModule required
unauthenticatedIdentity="nobody";
};
=================================================
my auth.conf file is:
============================================
// Put login modules providing authentication and realm mappings
// for security domains.
simple {
// Very simple login module:
// any user name is accepted.
// password should either coincide with user name or be null,
// all users have role "guest",
// users with non-null password also have role "user"
org.jboss.security.auth.spi.SimpleServerLoginModule required;
};
// Used by clients within the application server VM such as
// mbeans and servlets that access EJBs.
client-login {
org.jboss.security.ClientLoginModule required;
};
// The default server login module
other {
// A simple server login module, which can be used when the number
// of users is relatively small. It uses two properties files:
// users.properties, which holds users (key) and their password (value).
// roles.properties, which holds users (key) and a comma-separated list of their roles (value).
// The unauthenticatedIdentity property defines the name of the principal
// that will be used when a null username and password are presented as is
// the case for an unuathenticated web client or MDB. If you want to
// allow such users to be authenticated add the property, e.g.,
// unauthenticatedIdentity="nobody"
org.jboss.security.auth.spi.UsersRolesLoginModule required
;
};
manager {
org.jboss.security.auth.spi.UsersRolesLoginModule required
unauthenticatedIdentity="nobody";
};
===========================================
But it is still not working. -
3. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 24, 2002 10:57 PM (in response to bchi49)where should the auth.conf located?
I use the one on:
C:\JBoss-2.4.4_Tomcat-4.0.1\jboss\conf\catalina -
4. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 25, 2002 3:44 AM (in response to bchi49)two things to try:
1) kick up the level of debugging on the console by changing the log4j.appender.Console.Threshold attribute in your log4j.properties file (found in the ..\conf\catalina directory). This will let you know if is a file not found or security exception being thrown.
2) Make sure your roles.properties and users.properties are in you ..\conf\catalina directory
HTH,
TC -
5. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 25, 2002 3:52 AM (in response to bchi49)1. should've been
kick up the level of debugging on the console by changing the log4j.appender.Console.Threshold attribute in your log4j.properties file (found in the ..\conf\catalina directory) from INFO to DEBUG. This will let you know if is a file not found or security exception being thrown. -
6. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 10:13 AM (in response to bchi49)I followed the two steps you described. The server printed out more info, but when I logon unsuccessfully, the server didn't throw any exceptions. No exception was thrown when I deleted the user.properties and roles.properties, and restarted the server to test.
Were you able to get this to work? This is really odd.
Thanks,
Benjamin -
7. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 10:18 AM (in response to bchi49)When I change the auth-method from DIGEST to BASIC, I get this exception when I login unsuccessfuly:
================================================
[ERROR,JBossSecurityMgrRealm] Error during authenticate
java.lang.IllegalArgumentException: interface javax.naming.Context is not visible from class loader
at java.lang.reflect.Proxy.getProxyClass(Proxy.java:334)
at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:555)
at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.getObjectInstance(JaasSecur
ityManagerService.java:303)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at javax.naming.spi.NamingManager.getContext(NamingManager.java:422)
at javax.naming.spi.ContinuationContext.getTargetContext(ContinuationContext.java:38)
at javax.naming.spi.NamingManager.getContinuationContext(NamingManager.java:766)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:456)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:333)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:421)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:333)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:248)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:493)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)
==============================================
Do I need to change anything else? -
8. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 25, 2002 11:53 AM (in response to bchi49)bchi49,
I just tested both DIGEST and BASIC and they both FAILED. I am using FORM based authentication in the app I am currently working on, and it works fine with UsersRolesLoginModule.
TC -
9. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 1:06 PM (in response to bchi49)Can you show me or lead me to what I need in the login form to submit for authentication, so that it would use the information on users.properties and roles.properties.
Where do I submit to? what fields are needed(uid&pwd)? do I need configure additional things like auth.conf etc.
Or on the submitted page, I need to update some context information.
Thanks,
Benjamin -
10. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 25, 2002 1:27 PM (in response to bchi49)bchi49,
There is great article on FORM based authentication at:
http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html
It should get you started in putting together the form for form based authentication.
Note: The only major changes you will have to make is to the <login-config> element in your web.xml (after you have a form created that is).
HTH,
TC -
11. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 3:45 PM (in response to bchi49)Thanks! That was very helpful. I got it implemented, but now it's throwing the same exception when I was using the "BASIC" auth-method. Here's the exception:
========================================
[ERROR,JBossSecurityMgrRealm] Error during authenticate
java.lang.IllegalArgumentException: interface javax.naming.Context is not visible from class loader
at java.lang.reflect.Proxy.getProxyClass(Proxy.java:334)
at java.lang.reflect.Proxy.newProxyInstance(Proxy.java:555)
at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.getObjectInstance(JaasSec
ityManagerService.java:303)
at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:304)
at javax.naming.spi.NamingManager.getContext(NamingManager.java:422)
at javax.naming.spi.ContinuationContext.getTargetContext(ContinuationContext.java:38)
at javax.naming.spi.NamingManager.getContinuationContext(NamingManager.java:766)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:456)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:333)
at javax.naming.InitialContext.lookup(InitialContext.java:350)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:421)
at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:333)
at org.jboss.web.catalina.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:248)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:263)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:459)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)
[INFO,EmbeddedCatalinaServiceSX] jsp: init
[INFO,EmbeddedCatalinaServiceSX] jsp: init
[INFO,EmbeddedCatalinaServiceSX] jsp: init
[INFO,EmbeddedCatalinaServiceSX] jsp: init
=================================================
But if I use the sample application in the tutorial, I can type in anything as username/pwd and it works, it seems like it's not authenticating. -
12. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
tclouser Jan 25, 2002 4:01 PM (in response to bchi49)Hopefully this isn't the case...but does your roles.properties really contain:
test,Admin
it should be
test=Admin
TC -
13. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 4:25 PM (in response to bchi49)Yes! I found the problem.
I had
roles.properties:
======================================
bchi,admin
======================================
but it should be "bchi=admin" not the comma.
I also added the WEB-INF/jboss-web.xml:
====================================
<?xml version="1.0"?>
<jboss-web>
<security-domain>java:/jaas/eCommerce</security-domain>
</jboss-web>
====================================
Thanks!
Now, I need to figure out why I'm getting the exceptions above on my web app.
Thanks for your help. It was very helpful!
Benjamin -
14. Re: HowTo?:JBoss 2.4.4 + Tomcat-Catalina 4.0.1 Application S
bchi49 Jan 25, 2002 4:27 PM (in response to bchi49)I was a bit late reading your previous. Yes that was the problem. :) thanks again!