11 Replies Latest reply on Mar 17, 2010 5:38 AM by gunnarbos

    migrating an app  from JB 4.0 to 5.1. Problem with login handling.

    gunnarbos

      Hi,

      I'm working on moving an application from JB 4 to JB 5.

      In the application we have a special login handling.

      The web.xml contains an <auth-method>APPFORM</auth-method> and a corresponding entry in Authentication.properties that points to the implementation class.

      This doesn't work in JBoss 5.1 and I've not found out a way to do it?

      Can you help?

      Gunnar

        • 1. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
          peterj

          Gunnar, welcome to the JBoss forums!

           

          It usually helps if you post the configuration files in question, otherwise we will just be guessing.

           

          Also, saying "it doesn't work" also does not help. Do you mean that the user gets the login form but his/her credentials are never being accepted? Or is the login form never being displayed? Or is there some other behavior? Depending on the exact bahavior I might ask to see additional configuration files. But without knowing that, I have no idea what to ask for.

           

          By the way, as far as i can recall, this particular area of JBoss AS has not changed between 4.0.x and 5.x.

          • 2. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
            gunnarbos
            Hi Peter,
            The web.xml contains
            <login-config>
              <auth-method>APPFORM</auth-method> 
              <form-login-config>
                 <form-login-page>/WEB-INF/jsp/login.jsp</form-login-page>
                 <form-error-page>/WEB-INF/jsp/loginError.jsp</form-error-page>
              </form-login-config>
            </login-config>
            and the "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar\catalina.jar/org/apache/catalina/startup/Authenticators.properties" file
            is altered to contain APPFORM=mydoman.MyAppform
            There is no "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar" file in JBoss 5.1.0.GA so something is changed.
            Gunnar
            • 3. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
              jaikiran

              gunnarbos wrote:


              and the "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar\catalina.jar/org/apache/catalina/startup/Authenticators.properties" file
              is altered to contain APPFORM=mydoman.MyAppform
              There is no "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar" file in JBoss 5.1.0.GA so something is changed.
              Gunnar

              Why do want to change the internal property file?

               

              gunnarbos wrote:

               

              Hi Peter,
              The web.xml contains
              <login-config>
                <auth-method>APPFORM</auth-method> 

              I haven't heard of APPFORM. Why don't you use FORM?

              • 4. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                peterj

                The stuff that was in jbossweb-tomcat55.sar is now in server/xxx/deployers/jbossweb.deployer and server/xxx/deploy/jbossweb.sar.  And I am as curious as Jaikiran as to why you would edit that properties file; I would think that such a change would be very version specific and not translate well to future versions.

                 

                Anyway, I would have suspected that you would have placed security information into the web.xml, jboss-web.xml (both in WEB-INF in your WAR) and server/xxx/conf/login-config.xml

                 

                You still have not said what "it doesn't work" means.

                • 5. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                  peterj
                  OK, now I see what you are doing - you wrote your own authentication mechanism. Were you able to find the new location of Athenticators.properties? If you can't find it, let me know.
                  • 6. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                    gunnarbos

                    Hi,

                    In the application we use a captcha test and some other checks that need access to the http session. This mustbe done before the usual FORM based  JAAS login.

                     

                    Peter, you are correct and I've still not succeded to find the new location of Authenticators.properties.

                     

                    I've found this issue JBAS-2481 that seems related but it doesn't say how it is solved and how to use it.

                     

                    In the file: "war-deployers-jboss.beans.xml" I've found this interresting remark

                          <!-- You can configure a set of authenticators keyed by http-auth method

                          used. This will apply the same set of authenticators across all web

                          applications. You can override the set of authenticators at the web

                          application level by adding <authenticators> element to the respective

                          jboss-web.xml

                          -->

                     

                    But I don't see how I can add <authenticators> elements to my jboss-web.xml file.

                     

                    This is the jboss-web.xml file I have now:

                    <?xml version="1.0" encoding="UTF-8"?>

                    <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"

                    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">

                    <jboss-web>

                      <security-domain>java:/jaas/casablanca</security-domain>

                      <context-root>/ebill-front</context-root>

                    </jboss-web>

                     

                    Gunnar

                    • 7. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                      jaikiran
                       In AS-5, you can configure the authenticators in  JBOSS_HOME/server/< servername>/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml. Here's what it contains:
                      
                      {code:xml}
                      <!-- You can configure a set of authenticators keyed by http-auth method
                            used. This will apply the same set of authenticators across all web
                            applications. You can override the set of authenticators at the web
                            application level by adding <authenticators> element to the respective
                            jboss-web.xml
                            -->     
                            <property name="authenticators">
                               <map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String">
                                  <entry>
                                     <key>BASIC</key>
                                     <value>org.apache.catalina.authenticator.BasicAuthenticator</value>
                                  </entry>
                                  <entry>
                                     <key>CLIENT-CERT</key>
                                     <value>org.apache.catalina.authenticator.SSLAuthenticator</value>
                                  </entry>
                                  <entry>
                                     <key>DIGEST</key>
                                     <value>org.apache.catalina.authenticator.DigestAuthenticator</value>
                                  </entry>
                                  <entry>
                                     <key>FORM</key>
                                     <value>org.apache.catalina.authenticator.FormAuthenticator</value>
                                  </entry>
                                  <entry>
                                     <key>NONE</key>
                                     <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value>
                                  </entry>
                               </map>        
                            </property>
                      {code}
                      
                      Note that it's better to configure this in the WEB-INF/jboss-web.xml of your application (if you don't have that file then add a new one). That way you don't have to keep looking for the location of this file every time the file is moved between versions. The comments in the above xml file, tell you how to add the authenticators in your jboss-web.xml
                      
                      • 8. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                        jaikiran

                        Hmm, you seem to have edited your post while i was typing my previous reply

                         

                        gunnarbos wrote:

                         

                         

                        In the file: "war-deployers-jboss.beans.xml" I've found this interresting remark

                              <!-- You can configure a set of authenticators keyed by http-auth method

                              used. This will apply the same set of authenticators across all web

                              applications. You can override the set of authenticators at the web

                              application level by adding <authenticators> element to the respective

                              jboss-web.xml

                              -->

                         

                        But I don't see how I can add <authenticators> elements to my jboss-web.xml file.

                         

                        This is the jboss-web.xml file I have now:

                        <?xml version="1.0" encoding="UTF-8"?>

                        <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"

                        "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">

                        <jboss-web>

                          <security-domain>java:/jaas/casablanca</security-domain>

                          <context-root>/ebill-front</context-root>

                        </jboss-web>

                         

                        Gunnar

                         

                        Looking at the jboss-web_5_0.dtd, the authenticators element is no longer available. But it's there in jboss-web_4_2.dtd:

                        <!ELEMENT jboss-web (class-loading?, security-domain?, jacc-star-role-allow?, context-root?,
                        
                           virtual-host*, use-session-cookies?, replication-config?, resource-env-ref*,
                        
                           resource-ref*, security-role*, ejb-ref*, ejb-local-ref*, 
                        
                           message-destination-ref*, message-destination*, 
                        
                           webservice-description*, service-ref*, depends*, servlet*, authenticators*)>
                        

                         

                        Try using that in AS-5, i believe it should work. The dtd can be found in JBOSS_HOME/docs/dtd/jboss-web_4_2.dtd

                        • 9. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                          gunnarbos

                          Hi,

                          I've tried your suggestion like this:

                          <?xml version="1.0" encoding="UTF-8"?>

                          <!DOCTYPE jboss-web PUBLIC

                              "-//JBoss//DTD Web Application 4.2//EN"

                              "http://www.jboss.org/j2ee/dtd/jboss-web_4_2.dtd">

                          <jboss-web>

                          <security-domain>java:/jaas/casablanca</security-domain>

                          <context-root>/ebill-front</context-root>

                          <authenticators>

                          <authenticator>

                          <key>CAPTCHAFORM</key>

                          <value>mydomain.jcaptcha.CaptchaAuthenticator</value>

                          </authenticator>

                          </authenticators>

                          </jboss-web>

                           

                          but now I get an exception when starting JBoss

                           

                          Caused by: org.jboss.xb.binding.JBossXBRuntimeException: authenticators cannot appear in this position. Expected content of jboss-web is unordered_sequence: security-role* max-active-sessions? webservice-description* class-loading? jacc-star-role-allow? message-destination* servlet* replication-config? passivation-config? context-root? security-domain? virtual-host* use-session-cookies? depends* {unordered_sequence jndiEnvironmentRefsGroup}?

                          at org.jboss.xb.binding.sunday.unmarshalling.SundayContentHandler.startElement(SundayContentHandler.java:449)

                           

                          Obviously I can't use the 4.2 DTD!

                           

                          Gunnar

                           

                          • 10. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                            jaikiran
                            I had a quick look at the code and it looks like the metadata which back the jboss-web.dtd/xsd, no longer supports this irrespective of the dtd/xsd version. So i guess, you are left with changing the global war-deployers-jboss-beans.xml file.
                            • 11. Re: migrating an app  from JB 4.0 to 5.1. Problem with login handling.
                              gunnarbos

                              Hi,

                              It works now!

                              Thanks to all who helped me out!

                               

                              Gunnar