11 Replies Latest reply on May 18, 2004 7:59 PM by Cristian Southall

    Problem deploying Web application JBoss-3.2.0 Tomcat-4.1.24

    sbarnaby Newbie

      I am attempting to start JBoss with the -Djava.security.manager -Djava.security.policy=<policy file> options to enable the security manager. I am also defining a policy where everything is allowed (for the time being) like this:

      grant {
      permission java.security.AllPermission\
      }

      I am deploying a web application in a .war file. I keep getting an error trace on one of my libraries in WEB-INF/lib that says (just the last line of the trace is included):

      jndi:/localhost/webapp/WEB-INF/lib/ojdbc14.jar!/ (java.net.MalformedURLException: unknown protocol: jndi

      This only happens when I attempt to deploy with security turned on. What could be causing this problem (this certainly does not look like a valid URL, but what is producing it)?

        • 2. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
          Edouard Chevtchouk Chevtchouk Newbie

          jboss-3.0.7_jakarta-tomcat-4.1.24

          I enabled security manager
          by setting

          -Djava.security.manager

          -Djava.security.policy==
          ../server/CONFIG%/conf/server.policy

          Actually i have a strange exception from catalina AbstractWebContainer implementation, the creation of url from string "jar:jndi/localhost/lala/WEB-INF/lib/bebe/jar!/" throws MailformedUrlException
          BUT ! only when security manager is enabled

          • 3. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
            Edouard Chevtchouk Chevtchouk Newbie

            org.apache.catalina.startup;

            ...
            import java.net.URL;
            ...

            public final class ContextConfig
            implements LifecycleListener {

            ...
            ---> url = new URL("jar:" + url.toString() + "!/");


            ooops ::



            16:59:35,218 ERROR [Engine] ContextConfig[/JaasJBossExampleWeb] Exception lors d
            u traitement du JAR indique par le chemin de ressource /WEB-INF/lib/controller.j
            ar
            javax.servlet.ServletException: Exception lors du traitement du JAR indique par
            le chemin de ressource /WEB-INF/lib/controller.jar
            at org.apache.catalina.startup.ContextConfig.tldScanJar(ContextConfig.ja
            va:930)
            at org.apache.catalina.startup.ContextConfig.tldScan(ContextConfig.java:
            868)
            at org.apache.catalina.startup.ContextConfig.start(ContextConfig.java:64
            7)

            • 4. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
              Edouard Chevtchouk Chevtchouk Newbie

              16:59:35,265 ERROR [Engine] ----- Root Cause -----
              java.net.MalformedURLException: java.lang.NullPointerException: invalid url: jnd
              i:/localhost/JaasJBossExampleWeb/WEB-INF/lib/controller.jar!/ (java.net.Malforme
              dURLException: unknown protocol: jndi)
              at java.net.URL.(URL.java:491)
              at java.net.URL.(URL.java:371)
              at java.net.URL.(URL.java:325)
              at org.apache.catalina.startup.ContextConfig.tldScanJar(ContextConfig.ja
              va:902)
              at org.apache.catalina.startup.ContextConfig.tldScan(ContextConfig.java:
              868)

              • 5. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                Edouard Chevtchouk Chevtchouk Newbie

                So, no way .... :(
                It works pretty well with Tomcat standalone...

                Could You suggest a version Jboss + container that works with Java 2 security manager enabled ?

                • 6. Re: Problem obtaining login context for module specified in
                  sbarnaby Newbie

                  Apparently JBoss/Tomcat has trouble unpacking the .war file. Just unpacking it and putting it in the deploy directory gets me past the initial problem.

                  However now I am trying to register my login configuration with the security manager. I try putting it in the client/all/auth.conf file, I have also tried adding a -Djava.security.auth.login.config=<config file> in my run.sh file and I cannot get my configuration to load.

                  I am trying to use the LdapLoginModule to authenticate against Active Directory. I am using the following configuration:

                  MyLogin {
                  org.jboss.security.auth.spi.LdapLoginModule required debug=true
                  java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
                  java.naming.provider.url="ldap://activedir.foo.com:1389/"
                  java.naming.security.authentication=simple
                  uidAttributeID=userId
                  roleAttributeID=roleName
                  roleAttributeIsDN=true
                  roleNameAttributeId=roleAttr
                  principalDNSuffix=,ou=admins
                  rolesCtxDN=cn=Users,dc=ldaphost,dc=foo,dc=com;
                  };

                  When I attempt to instantiate my login context:

                  LoginContext lc = new LoginContext("MyLogin", new MyCallbackHandler());

                  I get an exception thrown because it is trying to use the UsersRolesLoginModule, even though my configuration tells it to use the LdapLoginModule (it is trying to find users.properties file that does not exist).

                  What am I doing wrong. Where does my Login configuration belong?

                  • 7. Re: Problem obtaining login context for module specified in
                    Edouard Chevtchouk Chevtchouk Newbie

                    This is easy.
                    1.Put your MyLogin realm configuration into login-config.xml (with apropriate xml syntax, see ldap realm sample commented out)
                    2. Add jboss-web.xml with reference to the MyLogin realm into your war under WEB-INF

                    <?xml version="1.0"?>
                    <jboss-web>
                    <security-domain>java:/jaas/MyLogin</security-domain>
                    </jboss-web>

                    • 8. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                      dvasaturo Newbie

                      I am also having this problem with JBoss-3.2.1_Tomcat-4.1.24. This exception is thrown for the jmx-console (ERROR [org.jboss.web.localhost.Engine] ContextConfig[/jmx-console] Exception processing JAR at resource path /WEB-INF/lib/jboss-jmx.jar)

                      2003-08-27 17:37:21,369 ERROR [org.jboss.web.localhost.Engine] ----- Root Cause -----
                      java.net.MalformedURLException: invalid url: jndi:/localhost/jmx-console/WEB-INF/lib/jboss-jmx.jar!/ (java.net.MalformedURLException: unknown protocol: jndi)

                      I see this problem again when JBoss tries to deploy my custom web application (.ear file).

                      I'm running the JBoss/Tomcat bundle under W2K. My run.bat file sets -Djava.security.manager and -Djava.security.policy=.../default/conf/server.policy.

                      I've tried breaking out the .jar files under the ...server/default/deploy directory as suggested in an earlier post but this did not help me.

                      Any other suggestions for using Java2 Security with JBoss-3.2.1_Tomcat-4.1.24?

                      Thank You in advance.
                      dv


                      • 9. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                        jimbrady Newbie

                        Hi all,
                        Looks look my message :
                        http://jboss.org/thread.jsp?forum=49&thread=38971
                        belongs to this thread too. Does nobody have a solution to this?
                        A quick aside - I notice everybody here is switching the security manager on in the run configuration. I didn't do that with Jetty but it worked fine. With Tomcat it looks like the sign-on pop-up is invoked but no login module with the security manager not specifically invoked. You seem all to get lots of other problems if you do invoke it. Guess I'll watch this thread and use Jetty for the time being.
                        Jim Brady

                        • 10. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                          Dennis O'Flynn Newbie

                          I was able to work around the problem. I'm using JBoss 3.2.1 w/ Tomcat and enabled the security manager.

                          Initially I could not deploy my servlet as well as JBoss's jmx-console (jsp-servlet). I noticed that both of these servlets had jar files in their WEB-INF/lib folder that were duplicates of jar files found in JBoss/lib (ie: jboss-jmx.jar). When I removed the duplijar files from the servlet's WEB-INF/lib folder, everything seemed to work fine.

                          • 11. Re: Problem deploying Web application JBoss-3.2.0 Tomcat-4.1
                            Cristian Southall Newbie

                            The SecurityManager issue does appear to be resolved in the JBoss3.2.3/Tomcat4.1.29 bundle.