Basic auth apache fronting JBoss!
mcevikce Jan 8, 2008 1:17 PMOur webapp is deployed in JBoss which is fronted by apache web server.
I have configured Basic authorization in my webapp and JBoss. When I do try to access the protected pages from http://localhost:8080/protected/testpage.jsp I get promoted to enter user name and password. Once everything is entered correctly I proceed to the page.
Now the problem occurs when I try to access the same page from my web server URL(http://myserver.bfm.com/protected/testpage.jsp). Now I am prompted by web server realm to enter user name and password (I set my user name and password to be the same both on JBoss and apache). Once the I enter my credentials I am never prompted by JBoss to enter my credentials again. That can be understandable since the request already had my Basic auth but I get a NullpointerException on the JBoss with following stack trace:
[08-01-2008 12:23:12.904] [3774275] [org.apache.catalina.connector.CoyoteAdapter] [ERROR] [TP-Processor3] An exception or error occurred in the container du
ring the request processing
java.lang.NullPointerException
at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:286)
at org.apache.catalina.realm.RealmBase.hasResourcePermission(RealmBase.java:763)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:464)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:307)
at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385)
at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:748)
at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:678)
at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:871)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:595)
Any ideas to why I am getting this exception everytime I try to access the protected page from my web server. I need to do this to protect access from both localhost or web server.