5 Replies Latest reply: Dec 28, 2005 8:40 PM by Jon Coign RSS

    Securing web-console => login failure

    Rainer Frey Newbie

      I tried to secure the web-console as described in the Wiki by uncommenting the security relevant elements in web.xml and jboss-web.xml. On my notebook, I additionally changed the password in the users.properties; on my pc I used the file as is. On both installations, I get a bad password error. And yes, I more than double checked the password.
      My Notebook runs Mac OSX with Java 1.4.2, my PC Suse Linux 9.1, also with Java 1.4.2. JBoss version on both computers is 4.0.0RC1.
      Web browser was Safari on Mac OS, Konqueror 3.3 on Linux.

      Here is an excerpt from server.log:

      [org.jboss.security.auth.spi.UsersRolesLoginModule] Bad password for username=admin
      2004-08-23 17:03:12,690 DEBUG [org.jboss.security.plugins.JaasSecurityManager.web-console] Login failure
      javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
       at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:160)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:116)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
       at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:476)
       at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:430)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246)
       at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:221)
       at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:239)
       at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:146)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:122)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:534)