Simple JAAS Configuration ?
I have been trying to get a JAAS configuration running and am having alot of problems. I am using JBoss 4.0.2 which is configured as was when installed other than addition of lines below.
Right now, I have the following and the code is below as well. I have just a simple JSP login page which call j_security_check. Here is the code and below is the exception I am getting. I am pretty sure everything is configured correctly. Prior to this I was doing a custom login which worked but I always received the unauthenticated principal error so I decided to try a simple example using j_security_check. My login module extends JBoss UsernamePasswordLoginModule.
Anybody care to shed some light on this so that I can continue on. This thing is starting to give me a headache. Thanks alot.
Curtis
web.xml
<!-- ### Security --> <security-constraint> <web-resource-collection> <web-resource-name>Restricted</web-resource-name> <description>Declarative security tests</description> <url-pattern>/dashboard.jsp</url-pattern> <http-method>HEAD</http-method> <http-method>GET</http-method> <http-method>POST</http-method> <http-method>PUT</http-method> <http-method>DELETE</http-method> </web-resource-collection> <auth-constraint> <role-name>service_mgr</role-name> </auth-constraint> </security-constraint> <login-config> <auth-method>FORM</auth-method> <form-login-config> <form-login-page>/login.jsp</form-login-page> <form-error-page>/logoff.jsp</form-error-page> </form-login-config> </login-config> <security-role> <description>Service Manager role</description> <role-name>service_mgr</role-name> </security-role>
jboss-web.xml
<jboss-web> <security-domain>java:/jaas/overdrive</security-domain> <class-loading java2ClassLoadingCompliance="false"> <loader-repository> sf:loader=sf.war <loader-repository-config>java2ParentDelegation=false</loader-repository-config> </loader-repository> </class-loading> </jboss-web>
login.jsp
<form action="<%=request.getContextPath()%>/j_security_check" method="POST"> User: <input type="text" name="j_username" ><br> Password: <input type="password" name="j_password" ><br> <input type="submit" value="Submit" /> </form>
Dump:
07:15:28,302 ERROR [JaasSecurityManagerService] Failed to create sec mgr java.lang.NullPointerException at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:534) at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514) at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66) at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611) at $Proxy48.lookup(Unknown Source) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) 07:15:28,302 ERROR [JBossSecurityMgrRealm] Error during authenticate javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NamingException: Failed to create sec mgr:null] at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1052) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:685) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:227) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) Caused by: javax.naming.NamingException: Failed to create sec mgr:null at org.jboss.security.plugins.JaasSecurityManagerService.newSecurityDomainCtx(JaasSecurityManagerService.java:547) at org.jboss.security.plugins.JaasSecurityManagerService.lookupSecurityDomain(JaasSecurityManagerService.java:514) at org.jboss.security.plugins.JaasSecurityManagerService.access$200(JaasSecurityManagerService.java:66) at org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory.invoke(JaasSecurityManagerService.java:611) at $Proxy48.lookup(Unknown Source) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:701) at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:572) at javax.naming.InitialContext.lookup(InitialContext.java:351) at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1046) ... 15 more
