2 Replies Latest reply on Feb 28, 2007 12:49 AM by Cyrus Torralba

    Can secure jmx-console but not my own web app!!!

    Cyrus Torralba Newbie

      Hi,
      Can anybody out there show me how to secure a web app? I have successfully secured jmx-console using the DatabaseServerLoginModule but can't access a deployed web (sample web) in my JBOSS AP server.

      Below are the configurations made for my sample web.

      login-config.xml entries

      <application-policy name = "My-web">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "dsJndiName">java:/DefaultDS</module-option>
      <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
      </login-module>

      </application-policy>

      ---------------------

      jboss-web.xml entries

      <jboss-web>
      <security-domain>java:/jass/My-web</security-domain>
      <context-root>/My-web</context-root>
      </jboss-web>

      -----------------------

      web.xml file entries

      <web-app>

      <security-constraint>
      <web-resource-collection>
      <web-resource-name>my-web</web-resource-name>
      An example security config that only allows users with the
      role WebAppUser to access the My-web web application

      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>WebAppUser</role-name>
      </auth-constraint>
      </security-constraint>


      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>My-web Realm</realm-name>
      </login-config>

      <security-role>
      <role-name>WebAppUser</role-name>
      </security-role>
      </web-app>

      ---------------------
      JBoss server log


      javax.naming.NamingException: Could not dereference object [Root exception is javax.naming.NameNotFoundException: jass not bound]
      at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1067)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:700)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:180)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:490)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
      at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869)
      at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664)
      at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
      at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112)
      at java.lang.Thread.run(Thread.java:595)
      Caused by: javax.naming.NameNotFoundException: jass not bound
      at org.jnp.server.NamingServer.getBinding(NamingServer.java:529)
      at org.jnp.server.NamingServer.getBinding(NamingServer.java:537)
      at org.jnp.server.NamingServer.getObject(NamingServer.java:543)
      at org.jnp.server.NamingServer.lookup(NamingServer.java:267)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:625)
      at org.jnp.interfaces.NamingContext.lookup(NamingContext.java:587)
      at javax.naming.InitialContext.lookup(InitialContext.java:351)
      at org.jnp.interfaces.NamingContext.resolveLink(NamingContext.java:1061)
      ... 16 more


      Thanks,
      cgt001