11 Replies Latest reply on May 18, 2004 7:59 PM by xtian

    Problem deploying Web application JBoss-3.2.0 Tomcat-4.1.24

    sbarnaby

      I am attempting to start JBoss with the -Djava.security.manager -Djava.security.policy=<policy file> options to enable the security manager. I am also defining a policy where everything is allowed (for the time being) like this:

      grant {
      permission java.security.AllPermission\
      }

      I am deploying a web application in a .war file. I keep getting an error trace on one of my libraries in WEB-INF/lib that says (just the last line of the trace is included):

      jndi:/localhost/webapp/WEB-INF/lib/ojdbc14.jar!/ (java.net.MalformedURLException: unknown protocol: jndi

      This only happens when I attempt to deploy with security turned on. What could be causing this problem (this certainly does not look like a valid URL, but what is producing it)?

        • 1. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1

          I have exacly the same trouble ...

          • 2. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1

            jboss-3.0.7_jakarta-tomcat-4.1.24

            I enabled security manager
            by setting

            -Djava.security.manager

            -Djava.security.policy==
            ../server/CONFIG%/conf/server.policy

            Actually i have a strange exception from catalina AbstractWebContainer implementation, the creation of url from string "jar:jndi/localhost/lala/WEB-INF/lib/bebe/jar!/" throws MailformedUrlException
            BUT ! only when security manager is enabled

            • 3. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1

              org.apache.catalina.startup;

              ...
              import java.net.URL;
              ...

              public final class ContextConfig
              implements LifecycleListener {

              ...
              ---> url = new URL("jar:" + url.toString() + "!/");


              ooops ::



              16:59:35,218 ERROR [Engine] ContextConfig[/JaasJBossExampleWeb] Exception lors d
              u traitement du JAR indique par le chemin de ressource /WEB-INF/lib/controller.j
              ar
              javax.servlet.ServletException: Exception lors du traitement du JAR indique par
              le chemin de ressource /WEB-INF/lib/controller.jar
              at org.apache.catalina.startup.ContextConfig.tldScanJar(ContextConfig.ja
              va:930)
              at org.apache.catalina.startup.ContextConfig.tldScan(ContextConfig.java:
              868)
              at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:64
              7)

              • 4. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1

                16:59:35,265 ERROR [Engine] ----- Root Cause -----
                java.net.MalformedURLException: java.lang.NullPointerException: invalid url: jnd
                i:/localhost/JaasJBossExampleWeb/WEB-INF/lib/controller.jar!/ (java.net.Malforme
                dURLException: unknown protocol: jndi)
                at java.net.URL.(URL.java:491)
                at java.net.URL.(URL.java:371)
                at java.net.URL.(URL.java:325)
                at org.apache.catalina.startup.ContextConfig.tldScanJar(ContextConfig.ja
                va:902)
                at org.apache.catalina.startup.ContextConfig.tldScan(ContextConfig.java:
                868)

                • 5. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1

                  So, no way .... :(
                  It works pretty well with Tomcat standalone...

                  Could You suggest a version Jboss + container that works with Java 2 security manager enabled ?

                  • 6. Re: Problem obtaining login context for module specified in
                    sbarnaby

                    Apparently JBoss/Tomcat has trouble unpacking the .war file. Just unpacking it and putting it in the deploy directory gets me past the initial problem.

                    However now I am trying to register my login configuration with the security manager. I try putting it in the client/all/auth.conf file, I have also tried adding a -Djava.security.auth.login.config=<config file> in my run.sh file and I cannot get my configuration to load.

                    I am trying to use the LdapLoginModule to authenticate against Active Directory. I am using the following configuration:

                    MyLogin {
                    org.jboss.security.auth.spi.LdapLoginModule required debug=true
                    java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
                    java.naming.provider.url="ldap://activedir.foo.com:1389/"
                    java.naming.security.authentication=simple
                    uidAttributeID=userId
                    roleAttributeID=roleName
                    roleAttributeIsDN=true
                    roleNameAttributeId=roleAttr
                    principalDNSuffix=,ou=admins
                    rolesCtxDN=cn=Users,dc=ldaphost,dc=foo,dc=com;
                    };

                    When I attempt to instantiate my login context:

                    LoginContext lc = new LoginContext("MyLogin", new MyCallbackHandler());

                    I get an exception thrown because it is trying to use the UsersRolesLoginModule, even though my configuration tells it to use the LdapLoginModule (it is trying to find users.properties file that does not exist).

                    What am I doing wrong. Where does my Login configuration belong?

                    • 7. Re: Problem obtaining login context for module specified in

                      This is easy.
                      1.Put your MyLogin realm configuration into login-config.xml (with apropriate xml syntax, see ldap realm sample commented out)
                      2. Add jboss-web.xml with reference to the MyLogin realm into your war under WEB-INF

                      <?xml version="1.0"?>
                      <jboss-web>
                      <security-domain>java:/jaas/MyLogin</security-domain>
                      </jboss-web>

                      • 8. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                        dvasaturo

                        I am also having this problem with JBoss-3.2.1_Tomcat-4.1.24. This exception is thrown for the jmx-console (ERROR [org.jboss.web.localhost.Engine] ContextConfig[/jmx-console] Exception processing JAR at resource path /WEB-INF/lib/jboss-jmx.jar)

                        2003-08-27 17:37:21,369 ERROR [org.jboss.web.localhost.Engine] ----- Root Cause -----
                        java.net.MalformedURLException: invalid url: jndi:/localhost/jmx-console/WEB-INF/lib/jboss-jmx.jar!/ (java.net.MalformedURLException: unknown protocol: jndi)

                        I see this problem again when JBoss tries to deploy my custom web application (.ear file).

                        I'm running the JBoss/Tomcat bundle under W2K. My run.bat file sets -Djava.security.manager and -Djava.security.policy=.../default/conf/server.policy.

                        I've tried breaking out the .jar files under the ...server/default/deploy directory as suggested in an earlier post but this did not help me.

                        Any other suggestions for using Java2 Security with JBoss-3.2.1_Tomcat-4.1.24?

                        Thank You in advance.
                        dv


                        • 9. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                          jimbrady

                          Hi all,
                          Looks look my message :
                          http://jboss.org/thread.jsp?forum=49&thread=38971
                          belongs to this thread too. Does nobody have a solution to this?
                          A quick aside - I notice everybody here is switching the security manager on in the run configuration. I didn't do that with Jetty but it worked fine. With Tomcat it looks like the sign-on pop-up is invoked but no login module with the security manager not specifically invoked. You seem all to get lots of other problems if you do invoke it. Guess I'll watch this thread and use Jetty for the time being.
                          Jim Brady

                          • 10. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                            doflynn

                            I was able to work around the problem. I'm using JBoss 3.2.1 w/ Tomcat and enabled the security manager.

                            Initially I could not deploy my servlet as well as JBoss's jmx-console (jsp-servlet). I noticed that both of these servlets had jar files in their WEB-INF/lib folder that were duplicates of jar files found in JBoss/lib (ie: jboss-jmx.jar). When I removed the duplijar files from the servlet's WEB-INF/lib folder, everything seemed to work fine.

                            • 11. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                              xtian

                              The SecurityManager issue does appear to be resolved in the JBoss3.2.3/Tomcat4.1.29 bundle.