Securing web-console => login failure
rainerfrey Aug 23, 2004 7:22 PMI tried to secure the web-console as described in the Wiki by uncommenting the security relevant elements in web.xml and jboss-web.xml. On my notebook, I additionally changed the password in the users.properties; on my pc I used the file as is. On both installations, I get a bad password error. And yes, I more than double checked the password.
My Notebook runs Mac OSX with Java 1.4.2, my PC Suse Linux 9.1, also with Java 1.4.2. JBoss version on both computers is 4.0.0RC1.
Web browser was Safari on Mac OS, Konqueror 3.3 on Linux.
Here is an excerpt from server.log:
[org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=admin 2004-08-23 17:03:12,690 DEBUG [org.jboss.security.plugins.JaasSecurityManager.web-console] Login failure javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160) at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:116) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:476) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:430) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:221) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:239) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:146) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:122) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534)