Error securing web-console.
john_anderson_ii Feb 7, 2005 4:18 PMI'm looking into using JAAS/Jboss security for the first time. I thoguht I would try to get the hang of it by securing the web-console and jmx-console with the generic password file method. I looked into the following rescources and followed the directions they contain.
http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html
http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole
After making the changes suggested, my configuration looks like:
/usr/local/jboss/server/default/conf/login-config
*SNIPPED* <application-policy name = "web-console"> <authentication> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"> <module-option name="usersProperties">web-console-users.properties</module-option> <module-option name="rolesProperties">web-console-roles.properties</module-option> </login-module> </authentication> </application-policy> *SNIPPED*
/usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/jboss-web.xml
<?xml version='1.0' encoding='UTF-8' ?> <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd"> <jboss-web> <!-- Isolate the console mgr classes from other deployments --> <class-loading> <loader-repository> jboss.console:sar=console-mgr.sar <loader-repository-config> java2ParentDelegation=true </loader-repository-config> </loader-repository> </class-loading> <security-domain>java:/jaas/web-console</security-domain> </jboss-web>
/usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/web.xml
*SNIPPED* <security-constraint> <web-resource-collection> <web-resource-name>HtmlAdaptor</web-resource-name> <description>An example security config that only allows users with the role JBossAdmin to access the HTML JMX console web application </description> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> <auth-constraint> <role-name>JBossAdmin</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>BASIC</auth-method> <realm-name>JBoss WEB Console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> *SNIPPED*
/usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-users.properties
admin=blerg
/usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-roles.properties
admin=JBossAdmin
When I go to http://localhost:8080/web-console/ I am greeted with a login prompt, however, an exception is thrown before I ever even submit the login info. The exception follows:
14:06:05,419 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: Properties file users.properties not found at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534) 14:06:05,423 WARN [JAASRealm] Login exception authenticating username javax.security.auth.login.LoginException: Missing users.properties file. at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:120) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:324) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) at javax.security.auth.login.LoginContext.login(LoginContext.java:534) at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316) at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) at java.lang.Thread.run(Thread.java:534)
Why is the UsersRolesLoginModules still attempting to open a file named "users.properties" when login-config.xml is passing in the filename of "web-console-users.properties"?