1 Reply Latest reply on Feb 7, 2005 4:30 PM by John Anderson

    Error securing web-console.

    John Anderson Newbie

      I'm looking into using JAAS/Jboss security for the first time. I thoguht I would try to get the hang of it by securing the web-console and jmx-console with the generic password file method. I looked into the following rescources and followed the directions they contain.

      http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html
      http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole


      After making the changes suggested, my configuration looks like:


      /usr/local/jboss/server/default/conf/login-config

      *SNIPPED*
       <application-policy name = "web-console">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "required">
       <module-option name="usersProperties">web-console-users.properties</module-option>
       <module-option name="rolesProperties">web-console-roles.properties</module-option>
       </login-module>
       </authentication>
       </application-policy>
      *SNIPPED*
      


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/jboss-web.xml
      <?xml version='1.0' encoding='UTF-8' ?>
      
      <!DOCTYPE jboss-web
       PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
       "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
      
      <jboss-web>
       <!-- Isolate the console mgr classes from other deployments -->
       <class-loading>
       <loader-repository>
       jboss.console:sar=console-mgr.sar
       <loader-repository-config>
       java2ParentDelegation=true
       </loader-repository-config>
       </loader-repository>
       </class-loading>
       <security-domain>java:/jaas/web-console</security-domain>
      </jboss-web>
      


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/web.xml
      *SNIPPED*
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>HtmlAdaptor</web-resource-name>
       <description>An example security config that only allows users with the
       role JBossAdmin to access the HTML JMX console web application
       </description>
       <url-pattern>/*</url-pattern>
       <http-method>GET</http-method>
       <http-method>POST</http-method>
       </web-resource-collection>
       <auth-constraint>
       <role-name>JBossAdmin</role-name>
       </auth-constraint>
       </security-constraint>
      
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>JBoss WEB Console</realm-name>
       </login-config>
      
       <security-role>
       <role-name>JBossAdmin</role-name>
       </security-role>
      *SNIPPED*
      


      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-users.properties
      admin=blerg
      

      /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-roles.properties
      admin=JBossAdmin
      


      When I go to http://localhost:8080/web-console/ I am greeted with a login prompt, however, an exception is thrown before I ever even submit the login info. The exception follows:

      14:06:05,419 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: Properties file users.properties not found
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
       at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
       at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316)
       at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:534)
      14:06:05,423 WARN [JAASRealm] Login exception authenticating username
      javax.security.auth.login.LoginException: Missing users.properties file.
       at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:120)
       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
       at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
       at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
       at java.lang.reflect.Method.invoke(Method.java:324)
       at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675)
       at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
       at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
       at java.security.AccessController.doPrivileged(Native Method)
       at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
       at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
       at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316)
       at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
       at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
       at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
       at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
       at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
       at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
       at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
       at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
       at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
       at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
       at java.lang.Thread.run(Thread.java:534)
      


      Why is the UsersRolesLoginModules still attempting to open a file named "users.properties" when login-config.xml is passing in the filename of "web-console-users.properties"?