1 Reply Latest reply on Mar 19, 2004 4:22 AM by Scott Stark

    Configure basic security in Jboss

    anandkasi Newbie

      Hi All,
      I am a jboss newbie and need to a simple username/password challenge to pop up when someone accesses my web app deployed on jboss. I was looking at UsersRolesLoginModule. I am using jboss-3.2.3 with jetty-4.2.14.
      All I did was the following 3 things.

      1) server/MyServer/conf/login-conf.xml

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
      <policy>
       <application-policy name = "myUsersRolesModule">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "true" >
       <module-option name="hashAlgorithm">MD5</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      
      </policy>
      
      


      2) Create a users.properties file in the conf folder with the following entry.
      anand=kasi.

      3) Create a roles.properties file in the conf folder with the following entry
      anand=admin

      When Jboss starts up, I get the following exception.


      22:15:35,255 ERROR [PersistenceManager] Starting failed
      java.lang.SecurityException: Invalid authentication attempt, principal=null
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.getSubjec
      t(BaseConnectionManager2.java:647)
      at org.jboss.resource.connectionmanager.BaseConnectionManager2.allocateC
      onnection(BaseConnectionManager2.java:476)

      Where do I set the principal. Is that the same as username????
      What am I not doing or doing wrong?? Any suggestions/pointers are highly appreciated. Any alternate solutions?? The simpler the better.

      Regards.
      Andy.