3 Replies Latest reply on Aug 14, 2007 3:34 AM by fermat42

    Login for Web-Application

    fermat42
    fermat42 Aug 13, 2007 8:58 AM

      Hi,

      I want to build a web-application using JBoss. The Application should only be usable for authorized users. So I have build a protected Webside called protected/test.jsp. Then I used the following web.xml:


      <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

      <session-config>
      <session-timeout>
      30
      </session-timeout>
      </session-config>

      <welcome-file-list>
      <welcome-file>
      index.jsp
      </welcome-file>
      </welcome-file-list>

      <security-constraint>
      <display-name>VDrive Protected</display-name>
      <web-resource-collection>
      <web-resource-name>VDrive</web-resource-name>
      VDrive Configuration Pages
      <url-pattern>/vdrive/test.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>administrator</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      </login-config>
      </web-app>


      In the directory server/default/conf I put the following users.properties:

      fermat=test


      and roles.properties:

      fermat=administrator


      This is based on http://www.techienuggets.com/Detail?tx=2, but I used basic authentication instead of form. But anyway (if using Form or Basic) I am asked for a login and password and after entering I get an empty page and the following exception:


      14:41:39,763 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
      java.lang.ClassCastException: org.jnp.interfaces.NamingContext cannot be cast to org.jboss.security.SubjectSecurityManager
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)


      Can anyone tell me what is going wrong? Is there a usable tutorial for this?

      • 1892 Views
      • Tags:
        • 1. Re: Login for Web-Application
          fermat42
          fermat42 Aug 13, 2007 9:01 AM (in response to fermat42)

          To avoid questions: The protected page is vdrive/test.jsp, not protected/test.jsp....

            • Actions
          • 2. Re: Login for Web-Application
            peterj
            peterj Aug 13, 2007 3:55 PM (in response to fermat42)

            First, when posting xml content, bracket it with [ code]..[ code ] (without the spaces). you can easily do this by selecting the text and clicking the Code button. I noticed that you used < code > brackets, but that will not work other than forcing fixed-width font, the tags within the xml can still cause problems.

            Try adding a WEB-INF/jboss-web.xml files, containing the following:

            <jboss-web>
 <security-domain>java:/jaas/myloginmodule</security-domain>
</jboss-web>


            and then add the following to the server/xxx/data/login-config.xml file: 

            <application-policy name = "myloginmodule">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">props/users.properties</module-option>
 <module-option name="rolesProperties">props/roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>



              • Actions
            • 3. Re: Login for Web-Application
              fermat42
              fermat42 Aug 14, 2007 3:34 AM (in response to fermat42)

              Thank you, it works now. Sorry for the wrong tag...

              For others reading this: I realized the the directory in the module-options is relative to the conf-directory of the server I started (e.g. $JBOSS_HOME/se4rver/default/conf/). It seems not to be possible to use an absolute path, because than you get an IOException that the property-files could not be found.

              Thank you very much...

                • Actions