problem upgrading 3.2 to 4.0.2, security manager config
ahardy66 Jul 18, 2005 6:34 AMI upgraded my dev environment to JBoss 4.0.2 and I am trying to set up the security, but I cannot work out what mistake I have made that prevents a normal form-based login succeeding.
It is a servlet & EJB app, with seperate war and ear files.
It throws this exception when I try to log in:
10:56:25,070 ERROR [JaasSecurityManagerService] Failed to create sec mgr java.lang.NullPointerException at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:534) at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514) at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66) at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611) at $Proxy129.lookup(Unknown Source) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) ERROR [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Error during authenticate javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null] at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1052) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) Caused by: javax.naming.NamingException: Failed to create sec mgr:null at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:547) at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514) at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66) at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611) at $Proxy129.lookup(Unknown Source) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046) ... 15 more
This is the relevant part of my web.xml:
<security-constraint> <web-resource-collection> <web-resource-name>Private pages</web-resource-name> <description>CMS</description> <url-pattern>/private/*</url-pattern> </web-resource-collection> <auth-constraint> <description>Anyone with 1 of these roles allowed</description> <role-name>user</role-name> </auth-constraint> <user-data-constraint> <description>SSL required</description> <transport-guarantee>CONFIDENTIAL</transport-guarantee> </user-data-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>GargantusRealm</realm-name> <form-login-config> <form-login-page>/login.html</form-login-page> <form-error-page>/error.html</form-error-page> </form-login-config> </login-config> <security-role> <description>average surfer</description> <role-name>user</role-name> </security-role>
and this is the jboss-web.xml:
<jboss-web> <security-domain>java:/jaas/GargantusRealm</security-domain> <context-root>/</context-root> <ejb-ref> <ejb-ref-name>ejb/SurveyFacade</ejb-ref-name> <jndi-name>ejb/SurveyFacade</jndi-name> </ejb-ref> <ejb-ref> <ejb-ref-name>ejb/LibraryFacade</ejb-ref-name> <jndi-name>ejb/LibraryFacade</jndi-name> </ejb-ref> </jboss-web>
and finally the login-config.xml:
<application-policy name="GargantusRealm"> <authentication> <login-module code="org.gargantus.realm.JBossLoginModule" flag="required"> <module-option name="encryption">MD5</module-option> <module-option name="jndi_name"> java:/jdbc/RealmDS </module-option> </login-module> </authentication> </application-policy>
My bespoke login module extends AbstractServerLoginModule but I don't think JBoss is even getting as far as loading the class (which I have jarred up and put in jboss/server/default/lib).
I turned debug-level logging on for security and can see that JBoss reads the login-config.xml but that's all the info I get, until the exception when I try to log in.
I can see from the forum here that others have set it up successfully so I suspect through some oversight I am making a configuration error.
Any help would be grand!
Adam