JBoss Security configuration
vareno May 13, 2009 12:38 PM
I have the next issue...
My web.xml
<web-app id="WebApp"> ... <filter> <filter-name>LoginFilter</filter-name> <display-name>PostLoginFilter</display-name> <filter-class>ar.com.rio.emm.admin.app.LoginFilter</filter-class> </filter> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/app/admin/j_security_check</url-pattern> </filter-mapping> <filter-mapping> <filter-name>LoginFilter</filter-name> <url-pattern>/j_security_check</url-pattern> </filter-mapping> ... <security-constraint> <display-name>EMM Security Constraint</display-name> <web-resource-collection> <web-resource-name>app</web-resource-name> <url-pattern>/*</url-pattern> <http-method>GET</http-method> <http-method>POST</http-method> </web-resource-collection> </security-constraint> <login-config> <auth-method>FORM</auth-method> <realm-name>EMM login</realm-name> <form-login-config> <form-login-page>/app/admin/login.jsp</form-login-page> <form-error-page>/app/admin/login.jsp?err=1</form-error-page> </form-login-config> </login-config> </web-app>
My login-config.xml (the default in my ${jboss.dist}/server/all/conf/)
<policy> ... <application-policy name = "other"> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" /> </authentication> </application-policy> </policy>
The thing is that, with this configuration, it is mandatory to have users.properties and roles.properties, and I do not want to use them. I just perform the authentication in the filter: LoginFilter where I also resolve the roles...
I keep getting this stack trace whenever I try to log in
13:21:48,096 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at javax.security.auth.login.LoginContext.invoke(Unknown Source) at javax.security.auth.login.LoginContext.access$000(Unknown Source) at javax.security.auth.login.LoginContext$4.run(Unknown Source) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(Unknown Source) at javax.security.auth.login.LoginContext.login(Unknown Source) at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:603) at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:537) at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:344) at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:491) at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:257) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:416) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:262) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:446) at java.lang.Thread.run(Unknown Source)
If someone could help me with this. It's getting me nuts...