7 Replies Latest reply on Jul 5, 2004 1:33 AM by mikefinn

login-config.xml problem

gortz Jul 2, 2004 4:23 AM

Hi!

I'm trying to password protect one of my .war files but have yet run out of luck. I think my problem lies within the login-config.xml file since the is a WARN in the log when reading this file, cut from the server.log file:

2004-07-02 10:13:58,326 INFO [org.jboss.security.plugins.SecurityConfig] Started jboss.security:service=SecurityConfig
2004-07-02 10:13:58,426 WARN [org.jboss.security.auth.login.XMLLoginConfigImpl] Failed to load config: file:/C:/Legatus/jboss-3.2.3/server/default/conf/login-config.xml
org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
Was expecting one of:

...

at org.jboss.security.auth.login.SunConfigParser.generateParseException()Lorg.jboss.security.auth.login.ParseException;(SunConfigParser.java:389)
at org.jboss.security.auth.login.SunConfigParser.jj_consume_token(I)Lorg.jboss.security.auth.login.Token;(SunConfigParser.java:327)
at org.jboss.security.auth.login.SunConfigParser.config()V(SunConfigParser.java:98)
at org.jboss.security.auth.login.SunConfigParser.parse(Ljava.io.Reader;Lorg.jboss.security.auth.login.XMLLoginConfigImpl;Z)V(SunConfigParser.java:57)
at org.jboss.security.auth.login.SunConfigParser.doParse(Ljava.io.Reader;Lorg.jboss.security.auth.login.XMLLoginConfigImpl;Z)V(SunConfigParser.java:79)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(Ljava.net.URL;Ljava.util.ArrayList;)V(XMLLoginConfigImpl.java:273)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(Ljava.net.URL;)[Ljava.lang.String;(XMLLoginConfigImpl.java:257)
at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig()V(XMLLoginConfigImpl.java:233)
at org.jboss.security.auth.login.XMLLoginConfig.startService()V(XMLLoginConfig.java:152)
at org.jboss.system.ServiceMBeanSupport.start()V(ServiceMBeanSupport.java:192)
at jrockit.reflect.NativeMethodInvoker.invoke0(Ljava.lang.Object;ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:546)
at org.jboss.system.ServiceController$ServiceProxy.invoke(Ljava.lang.Object;Ljava.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(ServiceController.java:976)
at $Proxy0.start()V(Unknown Source)
at org.jboss.system.ServiceController.start(Ljavax.management.ObjectName;)V(ServiceController.java:394)
at jrockit.reflect.NativeMethodInvoker.invoke0(Ljava.lang.Object;ILjava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.NativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
at java.lang.reflect.Method.invoke(Ljava.lang.Object;[Ljava.lang.Object;I)Ljava.lang.Object;(Unknown Source)
at org.jboss.mx.capability.ReflectedMBeanDispatcher.invoke(Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(ReflectedMBeanDispatcher.java:284)
at org.jboss.mx.server.MBeanServerImpl.invoke(Ljavax.management.ObjectName;Ljava.lang.String;[Ljava.lang.Object;[Ljava.lang.String;)Ljava.lang.Object;(MBeanServerImpl.java:546)
at org.jboss.mx.util.MBeanProxyExt.invoke(Ljava.lang.Object;Ljava.lang.reflect.Method;[Ljava.lang.Object;)Ljava.lang.Object;(MBeanProxyExt.java:177)
at $Proxy4.start(Ljavax.management.ObjectName;)V(Unknown Source)
at org.jboss.deployment.SARDeployer.start(Lorg.jboss.deployment.DeploymentInfo;)V(SARDeployer.java:226)
at org.jboss.deployment.MainDeployer.start(Lorg.jboss.deployment.DeploymentInfo;)V(MainDeployer.java:832)
at org.jboss.deployment.MainDeployer.deploy(Lorg.jboss.deployment.DeploymentInfo;)V(MainDeployer.java:642)
at org.jboss.deployment.MainDeployer.deploy(Ljava.net.URL;)V(MainDeployer.java:605)
at org.jboss.deployment.MainDeployer.deploy(Ljava.lang.String;)V(MainDeployer.java:589)

My login-config.xml looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">


<application-policy name = "client-login">

<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>

</application-policy>


<application-policy name = "snip">

<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"/>

</application-policy>


<application-policy name = "jbossmq">

<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
</login-module>

</application-policy>


<application-policy name = "HsqlDbRealm">

<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>

</application-policy>

<application-policy name = "FirebirdDBRealm">

<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sysdba</module-option>
<module-option name = "userName">sysdba</module-option>
<module-option name = "password">masterkey</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
</login-module>

</application-policy>

<application-policy name = "JmsXARealm">

<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>

</application-policy>


<application-policy name = "jmx-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>


<application-policy name = "web-console">

<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>


<application-policy name = "other">


<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />

</application-policy>

where the application-policy name = snip is the .war file that I want to password protect.

/Anders

1. Re: login-config.xml problem

jardia Jul 2, 2004 5:40 AM (in response to gortz)

Hmm maybe you cut-n-pasted the login-config.xml file wrong,
but it seems to be missing the root element defined in the DTD (security_config.dtd)

The outline of the application-policy is:
<policy>
 <application-policy name="security-domain-name">
 <authentication>
 <login-module code="login.module1.class.name" flag="control_flag">
 <module-option name = "option1-name">option1-value</module-option>
 <module-option name = "option2-name">option2-value</module-option>
 ...
 </login-module>

 <login-module code="login.module2.class.name" flag="control_flag">
 ...
 </login-module>
 ...
 </authentication>
 </application-policy>
</policy>

2. Re: login-config.xml problem

gortz Jul 2, 2004 6:31 AM (in response to gortz)

I'm sorry but I don't really see what you mean, what root-element?
Actions
3. Re: login-config.xml problem

jardia Jul 2, 2004 6:53 AM (in response to gortz)
hmm why did i post the example and make the policy element bold? The root element is policy.

What does that mean? Everything inside this file must be contained inside a policy element (just like the example i posted shows).

By everything we obviously do not mean the XML declaration at the top
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd">
Actions
4. Re: login-config.xml problem

gortz Jul 2, 2004 7:07 AM (in response to gortz)

Sorry, but I am all new to this.

Yes, I forgot to copy the last line with the statement so that's not the error. I'm all out of ideas, I've tried different encoding of the file, taking away alla unnecessay spaces.
Actions
5. Re: login-config.xml problem

jardia Jul 2, 2004 7:34 AM (in response to gortz)
Hi.

Just tried your file...it is pretty broken.
So what i did, i took my vanilla login-config.xml from a clean JBoss installation and added your new security domain to the end like so:

 <application-policy name = "snip"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required"/> </authentication> </application-policy>

Notice that the login-module element is enclosed in an authentication element.

Also, you should really also mention what version of jboss you are using.
I'm using 3.2.4.

Another example of why your file is broken is:
<application-policy name = "client-login"> <login-module code = "org.jboss.security.ClientLoginModule" flag = "required"> <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">anonymous</module-option> </login-module> </application-policy>

there is no XML closing tag after the first login-module
Actions
6. Re: login-config.xml problem

gortz Jul 2, 2004 7:59 AM (in response to gortz)

Thank you!

Now I don't get any errors in the log anymore. How did you parse the xml document, by hand or with a program.

My really big problem still remains; when logging on to the service I can logon without entering any login info even though I've changed the web.xml and jbossweb.xml and created the users.- and roles.properties.

The version I'm running is 3.2.3
Actions
7. Re: login-config.xml problem

mikefinn Jul 5, 2004 1:33 AM (in response to gortz)

Post your web.xml and jboss-web.xml. Use the 'code' style when pasting them, so the XML doesn't get munged.

mike
Actions

Go to original post