12 Replies Latest reply on Nov 18, 2006 5:00 AM by jaikiran

    Why JAAS authenticate() fails?

    benccit

      I am trying to restrict web access on certain web pages. I checked the FAQ, but I couldn't find any clue. I am hoping you can point me in the right direction.

      I am having difficulty to configure secured web pages which requires users to login before they can view the content.

      I am using the jbossweb-tomcat55.sar/ROOT.war of version JBoss-4.0.3SP1 to host forum and some static web pages. Without the requirement of secured access, the website runs fine. I was then asked to add a login prompt when the first time any user wants to access anything on the application. The login prompt should include user name and password.

      I thought that requirement was a piece of cake. So I performed the following steps:

      A. I create a security domain, transportation-security, in login-config.xml as follows:

      <application-policy name = "transportation-security">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">props/transportation-security-users.properties</module-option>
      <module-option name="rolesProperties">props/transportation-security-roles.properties</module-option>
      </login-module>

      </application-policy>


      B. I then create a testing file, transportation-security-users.properties in the conf/props as follows:

      joe1=pass1

      and a testing file transportation-security-roles.properties in the conf/props as follows:
      joe1=administrator

      C. For the web.xml, in ROOT.war/WEB-INF, I added the following security related page to web.xml:

      <security-role>
      <role-name>administrator</role-name>
      </security-role>
      <security-role>
      <role-name>moderator</role-name>
      </security-role>
      <security-role>
      <role-name>user</role-name>
      </security-role>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>Restricted Area</web-resource-name>
      <url-pattern>/About_us/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>

      <auth-constraint>
      <role-name>administrator</role-name>
      <role-name>moderator</role-name>
      <role-name>user</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>transportation-security</realm-name>
      </login-config>


      D. I also created jboss-web.xml in the jbossweb-tomcat55.sar/ROOT.war/WEB-INF as follows:

      <jboss-web>
      <security-domain>java:/jaas/transportation-security</security-domain>
      </jboss-web>

      I then re-started the JBoss, and use web browser to test the URL /ABout_us. There was a window pop-up with title "transportation-security" with two entry fields: user name; password. I entered joe1 and pass1 respectively. But the same window was re-display with empty entry fields.

      I shut down the JBoss, set the log4j to DEBUG level and re-tested. I noticed that the error message in the log indicated that the authenticate() failed.

      Does anyone know what went wrong? Why the files in props weren't used?

      By the way, do you know how to customize the login prompt and error page if login fails?

      Thanks,

      Bensen



        • 1. Re: Why JAAS authenticate() fails?
          jaikiran

          You will have to obtain TRACE level logs of jboss security package as mentioned in Q4 at:

          http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

          Those logs will give you an idea as to what is going wrong in authentication.

          • 2. Re: Why JAAS authenticate() fails?
            jaikiran

             

            By the way, do you know how to customize the login prompt and error page if login fails?


            You can use FORM based login instead of BASIC. These might get you started:

            http://www.roseindia.net/javacertification/wcd-guide/authentical_type.shtml

            http://www.onjava.com/pub/a/onjava/2001/08/06/webform.html



            • 3. Re: Why JAAS authenticate() fails?
              benccit

              Jaikiran,

              Thanks for the response.

              I followed your lead and use the FORM-based authentication.
              However, I can't make the authentication work. Although the username and password were transmitted to the server, the error page was displayed. I checked the log, it indicated that the username and password were transmitted to the server. However the status was 200. It seems that the servlet path is wrong. For example, if I secured the webpages under /secret, the servlet path become /secret/j_security_check. I guess that is the reason why the authentication failed.

              How can JBoss server know it has to use special j_security_check?

              I have login html code as follows:


              Username:
              Password:






              Do you know why the authentication fail?

              By the way, in the server/default/conf/login-config.xml, the application-policy was defined as follows:

              <application-policy name = "transportation-security">

              <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag = "required">
              <module-option name="usersProperties">/authentik/transportation-security-users.properties</module-option>
              <module-option name="rolesProperties">/authentik/transportation-security-roles.properties</module-option>
              </login-module>

              </application-policy>

              Are the values for module-option usersProperties and rolesProperties correct? I am assuming the root "/" starts at server/default. Is my assumption correct?

              Thanks,

              Bensen

              • 4. Re: Why JAAS authenticate() fails?
                jaikiran

                 

                However the status was 200


                Which means the request has succeeded.

                Are the values for module-option usersProperties and rolesProperties correct?


                Looks correct.


                I am assuming the root "/" starts at server/default. Is my assumption correct?


                The "/" indicates the root of your application. Assuming, your application is named myApp.ear then "/authentik/transportation-security-roles.properties" will translate into myApp.ear/authentik/transportation-security-roles.properties.

                Do you know why the authentication fail?


                Please post the contents of your web.xml, jboss-web.xml, the url that you are using to try out your usecase and also the TRACE level logs of jboss security package.(Please remember to use the "Code" to wrap the contents in a code block, while posting these details).



                • 5. Re: Why JAAS authenticate() fails?
                  jaikiran

                   

                  Please remember to use the "Code" to wrap


                  I meant: Please remember to use the "Code" button.

                  • 6. Re: Why JAAS authenticate() fails?
                    benccit

                    Hi jaikiran,

                    Thanks for your help in advance.

                    1. I am using jboss-4.0.3SP1.
                    The application which I am testing is jbossweb-tomcat55.sar/ROOT.war.

                    Under ROOT.war/authentik, I have transportation-security-roles.properties and transportation-security-users.properties.
                    In transportation-security-roles.properties, I have the following line:
                    joe1=moderator

                    In transportation-security-users.properties, I have the following line:
                    joe1=pass

                    The resources to be secured is the directory ROOT.war/secret.
                    I used FORM-based authentication method.
                    The login html file is loginform.html which has action = "j_security_check" with input "j_username" and "j_password".


                    2. The server/default/conf/login-config.xml contains the following application policy:
                    <application-policy name = "transportation-security">

                    <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                    flag = "required">
                    <module-option name="usersProperties">/authentik/transportation-security-users.properties</module-option>
                    <module-option name="rolesProperties">/authentik/transportation-security-roles.properties</module-option>
                    </login-module>

                    </application-policy>


                    3. server/default/conf/log4j.xml is configured to have FILE Appender to log message in server.log, and contains the following categories:



                    <appender-ref ref="FILE"/>



                    <appender-ref ref="FILE"/>



                    <appender-ref ref="FILE"/>


                    4. jboss-web.xml specified the transportation-security policy:
                    <jboss-web>
                    <security-domain>java:/jaas/transportation-security</security-domain>
                    </jboss-web>


                    5. web.xml related to security configuration:

                    <security-role>
                    <role-name>moderator</role-name>
                    </security-role>

                    <security-constraint>
                    <web-resource-collection>
                    <web-resource-name>Restricted Area</web-resource-name>
                    <url-pattern>/secret/*</url-pattern>
                    Authorized user only
                    <http-method>POST</http-method>
                    <http-method>GET</http-method>
                    </web-resource-collection>

                    <auth-constraint>
                    <role-name>moderator</role-name>
                    </auth-constraint>
                    </security-constraint>

                    <login-config>
                    <auth-method>FORM</auth-method>
                    <form-login-config>
                    <form-login-page>/loginform.html</form-login-page>
                    <form-error-page>/loginerror.html</form-error-page>
                    </form-login-config>
                    <realm-name>transportation-security</realm-name>
                    </login-config>
                    </web-app>

                    6. TRACE in jboss.log :

                    REQUEST URI =/secret/j_security_check
                    ..
                    20:53:22,166 INFO [[localhost]] parameter=j_username=joe1
                    20:53:22,166 INFO [[localhost]] parameter=j_password=pass
                    ..
                    20:53:22,167 INFO [[localhost]] servletPath=/secret/j_security_check
                    ..
                    20:53:22,183 INFO [[/]] default: DefaultServlet.serveResource: Serving resource '/loginerror.html' headers and data

                    7. No TRACE message was found in server.log



                    • 7. Re: Why JAAS authenticate() fails?
                      jaikiran

                       

                      7. No TRACE message was found in server.log


                      Please have a look at Q4 at:

                      http://wiki.jboss.org/wiki/Wiki.jsp?page=SecurityFAQ

                      to obtain the TRACE level logs. The reason i am insisting on the TRACE level logs is that they certainly provide a good amount of details as to what is going on as part of the authentication process.

                      • 8. Re: Why JAAS authenticate() fails?
                        benccit

                        Hi Jaikiran,

                        The following are the TRACE log:

                        2006-11-09 23:56:13,007 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] parameter=j_username=joe1
                        2006-11-09 23:56:13,007 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] parameter=j_password=pass
                        ..
                        2006-11-09 23:56:13,008 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] servletPath=/secret/j_security_check
                        ..
                        2006-11-09 23:56:13,008 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] isSecure=false
                        ..
                        2006-11-09 23:56:13,008 TRACE [org.jboss.web.tomcat.security.FormAuthValve] Enter, j_username=joe1
                        2006-11-09 23:56:13,009 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /secret/j_security_check
                        ..
                        2006-11-09 23:56:13,009 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'joe1'
                        2006-11-09 23:56:13,009 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=joe1
                        ..
                        2006-11-09 23:56:13,023 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No security context for authenticate(String, String)
                        2006-11-09 23:56:13,024 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/loginerror.html, pathInfo=null, queryString=null, name=null

                        Thanks,

                        Bensen

                        • 9. Re: Why JAAS authenticate() fails?
                          moj_sham

                          -- Request with http://localhost:8080/portal/j_security_check?j_username=admin&j_password=admin ---

                          2006-11-10 20:50:07,338 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/j_security_check
                          2006-11-10 20:50:07,338 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'admin'
                          2006-11-10 20:50:07,338 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=admin
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] Begin isValid, principal:admin, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228]
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228];credential.class=java.lang.String@24659469
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] End validateCache, isValid=true
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] End isValid, true
                          2006-11-10 20:50:07,338 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                          Principal: admin
                          Principal: Roles(members:Admin,Authenticated)
                          , sc=org.jboss.security.SecurityAssociation$SubjectContext@1d6fc1b{principal=admin,subject=21063974}
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228]
                          2006-11-10 20:50:07,338 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@1d6fc1b{principal=admin,subject=21063974}
                          2006-11-10 20:50:07,338 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] getUserRoles, subject: Subject:
                          Principal: admin
                          Principal: Roles(members:Admin,Authenticated)

                          2006-11-10 20:50:07,338 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[admin(Admin,Authenticated,)]
                          2006-11-10 20:50:07,338 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful
                          2006-11-10 20:50:07,353 DEBUG [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/portal]] User took so long to log on the session expired
                          2006-11-10 20:50:07,353 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/portal/j_security_check
                          2006-11-10 20:50:07,353 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
                          2006-11-10 20:50:07,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172007666 sessioncount 0
                          2006-11-10 20:50:07,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0




                          2006-11-10 20:52:47,650 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 62864B86858DB412296A21D309CC298D
                          2006-11-10 20:52:47,650 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /portal/j_security_check
                          2006-11-10 20:52:47,650 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'admin'
                          2006-11-10 20:52:47,650 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=admin
                          2006-11-10 20:52:47,650 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] Begin isValid, principal:admin, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228]
                          2006-11-10 20:52:47,650 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] Begin validateCache, info=org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228];credential.class=java.lang.String@24659469
                          2006-11-10 20:52:47,650 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] End validateCache, isValid=true
                          2006-11-10 20:52:47,650 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] End isValid, true
                          2006-11-10 20:52:47,650 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: admin is authenticated
                          2006-11-10 20:52:47,666 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Subject:
                          Principal: admin
                          Principal: Roles(members:Admin,Authenticated)
                          , sc=org.jboss.security.SecurityAssociation$SubjectContext@17e32c7{principal=admin,subject=3659986}
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172167666 sessioncount 3
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172167666 sessioncount 3
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172167666 sessioncount 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172167666 sessioncount 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0
                          2006-11-10 20:52:47,666 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@17e9b52[Subject(22467608).principals=org.jboss.security.SimplePrincipal@4667924(admin)org.jboss.security.SimpleGroup@32473751(Roles(members:Admin,Authenticated)),credential.class=java.lang.String@24659469,expirationTime=1163173710228]
                          2006-11-10 20:52:47,666 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Mapped from input principal: adminto: admin
                          2006-11-10 20:52:47,666 TRACE [org.jboss.security.SecurityAssociation] getSubject, sc=org.jboss.security.SecurityAssociation$SubjectContext@17e32c7{principal=admin,subject=3659986}
                          2006-11-10 20:52:47,666 TRACE [org.jboss.security.plugins.JaasSecurityManager.portal] getUserRoles, subject: Subject:
                          Principal: admin
                          Principal: Roles(members:Admin,Authenticated)

                          2006-11-10 20:52:47,666 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] End authenticate, principal=GenericPrincipal[admin(Admin,Authenticated,)]
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authentication of 'admin' was successful
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Redirecting to original 'null'
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate() test ??/portal/j_security_check
                          2006-11-10 20:52:47,666 TRACE [org.jboss.security.SecurityAssociation] clear, server=true
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] Start expire sessions StandardManager at 1163172167666 sessioncount 0
                          2006-11-10 20:52:47,666 DEBUG [org.apache.catalina.session.ManagerBase] End expire sessions StandardManager processingTime 0 expired sessions: 0

                          • 10. Re: Why JAAS authenticate() fails?
                            benccit

                            Hi jaikiran, moj_sham,

                            Thanks for your help so far. I still can't make it work. For unknown reason, I got "No security context" message as follows:

                            REQUEST URI =/secret/my_secret.html
                            ..
                            servletPath=/secret/my_secret.html
                            isSecure=false
                            ..
                            2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /secret/my_secret.html2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Restricted Area]' against GET
                            /secret/my_secret.html --> true
                            2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Restricted Area]' against GET
                            /secret/my_secret.html --> true
                            2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
                            2006-11-14 00:42:28,541 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
                            2006-11-14 00:42:28,541 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
                            2006-11-14 00:42:28,553 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Save request in session 'C68A8157F574D0E1024F023A2687D19
                            D'
                            2006-11-14 00:42:28,591 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/loginform.html, pathInfo=null, queryString=null, name=null
                            2006-11-14 00:42:28,591 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward 2006-11-14 00:42:28,596 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
                            2006-11-14 00:42:28,598 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null
                            2006-11-14 00:42:28,598 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null2006-11-14 00:42:28,598 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/]] default: DefaultServlet.serveResource: Serving resource '/loginform.html' headers and data
                            ...
                            2006-11-14 00:42:49,253 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is C68A8157F574D0E1024F023A2687D19D
                            2006-11-14 00:42:49,253 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] REQUEST URI =/secret/j_security_check
                            ...
                            2006-11-14 00:42:49,254 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=referer=http://128.32.nnn.nn:8080/secret/my_secret.html
                            ...
                            method=POST
                            parameter=j_username=joe1
                            parameter=j_password=pass
                            ..
                            queryString=null
                            ..
                            servletPath=/secret/j_security_check
                            ..
                            isSecure=false
                            TRACE [org.jboss.web.tomcat.security.FormAuthValve] Enter, j_username=joe1
                            DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /secret/j_security_check
                            DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'joe1'
                            2006-11-14 00:42:49,258 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=joe1
                            2006-11-14 00:42:49,259 DEBUG [org.apache.catalina.loader.WebappClassLoader] findResources(jndi.properties)
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.NamingContextFactory, false)
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.NamingContextFactory)
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.NamingContextFactory
                            )
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                            2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.naming.java.javaURLContextFactory, false)
                            2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                            2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.naming.java.javaURLContextFactory)
                            2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.naming.java.javaURLContextFactory)
                            2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.spi.ObjectFactory, false)
                            2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class class org.jboss.naming.java.javaURLContextFactory
                            2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loaded by WebappClassLoader
                            delegate: false
                            repositories:
                            /WEB-INF/classes/
                            ----------> Parent Classloader:
                            java.net.FactoryURLClassLoader@dc64a2

                            2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
                            2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.Naming, false)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.Naming)
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.Naming)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.NamingException, false)
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.server.NamingServer, false)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.server.NamingServer)
                            2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.server.NamingServer)2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                            DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.NamingContext, false)
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.NamingContext)
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.NamingContext)
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                            2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                            2006-11-14 00:42:49,272 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No security context for authenticate(String, String)
                            2006-11-14 00:42:49,272 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/loginerror.html, pathInfo=null, queryString=null, name=null

                            • 11. Re: Why JAAS authenticate() fails?
                              benccit

                              Hi jaikiran, moj_sham,

                              I replied your message several days. For unknown reason, it is not displayed. So I am re-replying it.

                              Although I configured the log4j.properties, I couldn't get much logging message on the security.

                              So far. I still can't make it work. For unknown reason, I got "No security context" message as follows:

                              REQUEST URI =/secret/my_secret.html
                              ..
                              servletPath=/secret/my_secret.html
                              isSecure=false
                              ..
                              2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /secret/my_secret.html2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Restricted Area]' against GET
                              /secret/my_secret.html --> true
                              2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[Restricted Area]' against GET
                              /secret/my_secret.html --> true
                              2006-11-14 00:42:28,540 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission()
                              2006-11-14 00:42:28,541 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions
                              2006-11-14 00:42:28,541 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
                              2006-11-14 00:42:28,553 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Save request in session 'C68A8157F574D0E1024F023A2687D19
                              D'
                              2006-11-14 00:42:28,591 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/loginform.html, pathInfo=null, queryString=null, name=null
                              2006-11-14 00:42:28,591 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward 2006-11-14 00:42:28,596 DEBUG [org.apache.catalina.core.StandardWrapper] Returning non-STM instance
                              2006-11-14 00:42:28,598 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null
                              2006-11-14 00:42:28,598 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null2006-11-14 00:42:28,598 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/]] default: DefaultServlet.serveResource: Serving resource '/loginform.html' headers and data
                              ...
                              2006-11-14 00:42:49,253 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is C68A8157F574D0E1024F023A2687D19D
                              2006-11-14 00:42:49,253 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] REQUEST URI =/secret/j_security_check
                              ...
                              2006-11-14 00:42:49,254 INFO [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost]] header=referer=http://128.32.nnn.nn:8080/secret/my_secret.html
                              ...
                              method=POST
                              parameter=j_username=joe1
                              parameter=j_password=pass
                              ..
                              queryString=null
                              ..
                              servletPath=/secret/j_security_check
                              ..
                              isSecure=false
                              TRACE [org.jboss.web.tomcat.security.FormAuthValve] Enter, j_username=joe1
                              DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /secret/j_security_check
                              DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Authenticating username 'joe1'
                              2006-11-14 00:42:49,258 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] Begin authenticate, username=joe1
                              2006-11-14 00:42:49,259 DEBUG [org.apache.catalina.loader.WebappClassLoader] findResources(jndi.properties)
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.NamingContextFactory, false)
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.NamingContextFactory)
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.NamingContextFactory
                              )
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                              2006-11-14 00:42:49,267 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jboss.naming.java.javaURLContextFactory, false)
                              2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                              2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jboss.naming.java.javaURLContextFactory)
                              2006-11-14 00:42:49,268 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jboss.naming.java.javaURLContextFactory)
                              2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.spi.ObjectFactory, false)
                              2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Returning class class org.jboss.naming.java.javaURLContextFactory
                              2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loaded by WebappClassLoader
                              delegate: false
                              repositories:
                              /WEB-INF/classes/
                              ----------> Parent Classloader:
                              java.net.FactoryURLClassLoader@dc64a2

                              2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from local repository
                              2006-11-14 00:42:49,269 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.Naming, false)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.Naming)
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.Naming)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.NamingException, false)
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.server.NamingServer, false)2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.server.NamingServer)
                              2006-11-14 00:42:49,270 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.server.NamingServer)2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                              DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] loadClass(org.jnp.interfaces.NamingContext, false)
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Searching local repositories
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClass(org.jnp.interfaces.NamingContext)
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] findClassInternal(org.jnp.interfaces.NamingContext)
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] --> Passing on ClassNotFoundException2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Delegating to parent classloader at end: java.net.FactoryURLClassLoader@dc64a2
                              2006-11-14 00:42:49,271 DEBUG [org.apache.catalina.loader.WebappClassLoader] Loading class from parent
                              2006-11-14 00:42:49,272 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] No security context for authenticate(String, String)
                              2006-11-14 00:42:49,272 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/loginerror.html, pathInfo=null, queryString=null, name=null

                              • 12. Re: Why JAAS authenticate() fails?
                                jaikiran

                                benccit, i tried out a sample application with a similar setup as you have mentioned and it worked in my case. If you have a sample application which is not large and which can be shared, mail it to me at jai_forums2005 AT yahoo DOT co DOT in. Let me try it on my setup.