1 Reply Latest reply on Feb 7, 2005 4:30 PM by john_anderson_ii

    Error securing web-console.

    john_anderson_ii
    john_anderson_ii Feb 7, 2005 4:18 PM

      I'm looking into using JAAS/Jboss security for the first time. I thoguht I would try to get the hang of it by securing the web-console and jmx-console with the generic password file method. I looked into the following rescources and followed the directions they contain.

      http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html
      http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole


      After making the changes suggested, my configuration looks like:


      /usr/local/jboss/server/default/conf/login-config

      *SNIPPED*
 <application-policy name = "web-console">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">web-console-users.properties</module-option>
 <module-option name="rolesProperties">web-console-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>
*SNIPPED*


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/jboss-web.xml 
      <?xml version='1.0' encoding='UTF-8' ?>

<!DOCTYPE jboss-web
 PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">

<jboss-web>
 <!-- Isolate the console mgr classes from other deployments -->
 <class-loading>
 <loader-repository>
 jboss.console:sar=console-mgr.sar
 <loader-repository-config>
 java2ParentDelegation=true
 </loader-repository-config>
 </loader-repository>
 </class-loading>
 <security-domain>java:/jaas/web-console</security-domain>
</jboss-web>


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/web.xml 
      *SNIPPED*
 <security-constraint>
 <web-resource-collection>
 <web-resource-name>HtmlAdaptor</web-resource-name>
 <description>An example security config that only allows users with the
 role JBossAdmin to access the HTML JMX console web application
 </description>
 <url-pattern>/*</url-pattern>
 <http-method>GET</http-method>
 <http-method>POST</http-method>
 </web-resource-collection>
 <auth-constraint>
 <role-name>JBossAdmin</role-name>
 </auth-constraint>
 </security-constraint>


 <login-config>
 <auth-method>BASIC</auth-method>
 <realm-name>JBoss WEB Console</realm-name>
 </login-config>

 <security-role>
 <role-name>JBossAdmin</role-name>
 </security-role>
*SNIPPED*


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-users.properties 
      admin=blerg

      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-roles.properties 
      admin=JBossAdmin


      When I go to http://localhost:8080/web-console/ I am greeted with a login prompt, however, an exception is thrown before I ever even submit the login info. The exception follows: 

      14:06:05,419 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: Properties file users.properties not found
 at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
 at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
 at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316)
 at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
 at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
 at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
 at java.lang.Thread.run(Thread.java:534)
14:06:05,423 WARN [JAASRealm] Login exception authenticating username
javax.security.auth.login.LoginException: Missing users.properties file.
 at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:120)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:324)
 at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
 at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
 at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
 at java.security.AccessController.doPrivileged(Native Method)
 at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
 at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
 at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316)
 at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
 at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
 at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
 at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
 at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
 at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
 at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
 at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
 at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
 at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
 at java.lang.Thread.run(Thread.java:534)


      Why is the UsersRolesLoginModules still attempting to open a file named "users.properties" when login-config.xml is passing in the filename of "web-console-users.properties"?

      • 2395 Views
      • Tags: