0 Replies Latest reply on May 13, 2009 12:38 PM by Alvaro Gonzalez Debernardi

    JBoss Security configuration

    Alvaro Gonzalez Debernardi Newbie


      I have the next issue...

      My web.xml

      <web-app id="WebApp">
      ...
       <filter>
       <filter-name>LoginFilter</filter-name>
       <display-name>PostLoginFilter</display-name>
       <filter-class>ar.com.rio.emm.admin.app.LoginFilter</filter-class>
       </filter>
      
       <filter-mapping>
       <filter-name>LoginFilter</filter-name>
       <url-pattern>/app/admin/j_security_check</url-pattern>
       </filter-mapping>
      
       <filter-mapping>
       <filter-name>LoginFilter</filter-name>
       <url-pattern>/j_security_check</url-pattern>
       </filter-mapping>
      ...
       <security-constraint>
       <display-name>EMM Security Constraint</display-name>
       <web-resource-collection>
       <web-resource-name>app</web-resource-name>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       </security-constraint>
      
       <login-config>
       <auth-method>FORM</auth-method>
       <realm-name>EMM login</realm-name>
       <form-login-config>
       <form-login-page>/app/admin/login.jsp</form-login-page>
       <form-error-page>/app/admin/login.jsp?err=1</form-error-page>
       </form-login-config>
       </login-config>
      </web-app>


      My login-config.xml (the default in my ${jboss.dist}/server/all/conf/)
      <policy>
      ...
       <application-policy name = "other">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "required" />
       </authentication>
       </application-policy>
      </policy>


      The thing is that, with this configuration, it is mandatory to have users.properties and roles.properties, and I do not want to use them. I just perform the authentication in the filter: LoginFilter where I also resolve the roles...

      I keep getting this stack trace whenever I try to log in
      13:21:48,096 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
       at java.lang.reflect.Method.invoke(Unknown Source)
       at javax.security.auth.login.LoginContext.invoke(Unknown Source)
       at javax.security.auth.login.LoginContext.access$000(Unknown Source)
       at javax.security.auth.login.LoginContext$4.run(Unknown Source)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
       at javax.security.auth.login.LoginContext.login(Unknown Source)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491)
       at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
       at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
       at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446)
       at java.lang.Thread.run(Unknown Source)


      If someone could help me with this. It's getting me nuts...