3 Replies Latest reply on Jan 3, 2013 3:09 PM by Bruce Sanders

    Configure JAAS security for default app with Jetty

    George Stoianov Newbie

      Hello,

      I am using JBoss 4.2.2 GA with Jetty 6.1 latest sar and I have setup a default app but I am having a hard time finding any instructions on how to map that app into a jaas secured application policy:

      <application-policy name = "default">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
       flag = "required">
       <module-option name="usersProperties">props/users.properties</module-option>
       <module-option name="rolesProperties">props/roles.properties</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      I tried "default", "/", "*" as the name attribute of the element and restarted the server each time and still I am getting:

      2008-05-08 09:20:49,603 ERROR [org.jboss.security.auth.spi.UsersRolesLoginModule] Failed to load users/passwords/role files
      java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
       at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)
      


      This is one of those simple and easy to solve -> you have to spend hours on searching for information. If anyone knows the name of the class parsing the xml and points me to a subversion link :) I will be greatly appreciative if a straight answer is not available that is..

      Thanks in advance and best!
      George

        • 1. Re: Configure JAAS security for default app with Jetty
          George Stoianov Newbie

          I solved my own problem. Here is for all that may face the same situation:
          The solution is that your webapp jboss-web.xml file should map the protected context as:

          <?xml version='1.0' encoding='UTF-8' ?>
          
          <!DOCTYPE jboss-web
           PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN"
           "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd">
          
          <jboss-web>
           <context-root>/</context-root>
           <!-- Uncomment the security-domain to enable security. You will
           need to edit the htmladaptor login configuration to setup the
           login modules used to authentication users. -->
           <security-domain>java:/jaas/default</security-domain>
          </jboss-web>
          
          


          and the login-config.xml should match that:

          <application-policy name = "default">
           <authentication>
           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
           flag = "required">
           <module-option name="usersProperties">props/users.properties</module-option>
           <module-option name="rolesProperties">props/roles.properties</module-option>
           </login-module>
           </authentication>
           </application-policy>
          
          


          do a restart and then everything should work.
          Regards,
          George

          • 2. Re: Configure JAAS security for default app with Jetty
            Bruce Sanders Newbie

            i'm having a similar problem.  My problem is when it's makes a call to the bean.

             

            I'm running JBOSS 6. I'm not 100% sure that this is the security model as I took this from an example found on the internet for JBOSS 5.


            1st - I don't want any security around my EJB. If anyone has ideas as to how to do that, insight would be appreciated. Why no security, I'm just running it on my local for now.

            2nd - Since I can find nothing that enables me to do this, I now am stuck w/the inability to find property files.

            Here is all of my xml files.

            I have added the following to each login-config.xml file in JBOSS.
            <application-policy name = "my-web">
            <authentication>
            <login-module
            code="org.jboss.security.auth.spi.UsersRolesLoginModule"
            flag = "required">
            <module-option
            name="usersProperties">
            props/my-web-users.properties
            </module-option>
            <module-option
            name="rolesProperties">
            props/my-web-roles.properties
            </module-option>
            </login-module>
            </authentication>
            </application-policy>


            Contents of jboss-web.xml
            <?xml version="1.0" encoding="UTF-8"?>
            <jboss-web>
            <security-domain>java:/jaas/my-web</security-domain>
            </jboss-web>

            Contents of ejb-jar.xml

            <?xml version="1.0" encoding="UTF-8" ?>

            <!DOCTYPE ejb-jar PUBLIC "-//Sun Microsystems, Inc.//DTD Enterprise JavaBeans 2.0//EN" "http://java.sun.com/dtd/ejb-jar_2_0.dtd">

            <ejb-jar>


            <enterprise-beans>
            <session>
            <description>Calculation Appeals Manager EJB</description>
            <display-name>CalculationAppealsManagerBean</display-name>
            <ejb-name>CalculationAppealsManagerBean</ejb-name>
            <home>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerHome</home>
            <remote>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManager</remote>
            <ejb-class>com.spcs.intranet.calculationAppeals.business.ejb.CalculationAppealsManagerBean</ejb-class>
            <session-type>Stateless</session-type>
            <transaction-type>Container</transaction-type>
            <env-entry>
            <env-entry-name>ejb.sessionTimeout</env-entry-name>
            <env-entry-type>java.lang.String</env-entry-type>
            <env-entry-value>600</env-entry-value>
            </env-entry>
            <security-role-ref>
            <role-name>EchoUser</role-name>
            <role-link>Echo</role-link>
            </security-role-ref>
            <security-identity>
            <run-as>
            <role-name>InternalUser</role-name>
            </run-as>
            </security-identity>
            </session>



            </enterprise-beans>


            <assembly-descriptor>
            <security-role>
            <role-name>all</role-name>
            </security-role>
            <method-permission>
            <role-name>all</role-name>
            <method>
            <ejb-name>CalculationAppealsManagerBean</ejb-name>
            <method-name>*</method-name>
            </method>
            </method-permission>
            <container-transaction>
            <method>
            <ejb-name>CalculationAppealsManagerBean</ejb-name>
            <method-name>*</method-name>
            </method>
            <trans-attribute>Required</trans-attribute>
            </container-transaction>

            </assembly-descriptor>
            </ejb-jar>


            contents of web.xml
            <?xml version="1.0" encoding="UTF-8"?>
            <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
            <icon></icon>
            <display-name>Commissions Web Portal</display-name>
            <description>Commissions Web Portal</description>
            <distributable></distributable>
            <servlet>
            <description></description>
            <display-name>CalculationAppealsServlet</display-name>
            <servlet-name>CalculationAppealsServlet</servlet-name>
            <servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
            </servlet>
            <servlet-mapping>
            <servlet-name>CalculationAppealsServlet</servlet-name>
            <url-pattern>/CCAServlet</url-pattern>
            </servlet-mapping>

            <servlet>
            <servlet-name>SecureServlet</servlet-name>
            <servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
            </servlet>
            <servlet>
            <servlet-name>UnsecureServlet</servlet-name>
            <servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
            <run-as>
            <description>InternalThe anonymous user role</description>
            <role-name>InternalUser</role-name>
            </run-as>
            </servlet>
            <servlet>
            <servlet-name>UnsecureServletWithLogin</servlet-name>
            <!-- <description>A servlet whose mapping does not exist under the restricted context that </description>-->
            <servlet-class>com.spcs.intranet.calculationAppeals.presentation.controller.CalculationAppealsServlet</servlet-class>
            </servlet>


            <security-role>
            <description>A user allowed to invoke echo methods</description>
            <role-name>Echo</role-name>
            </security-role>
            <security-role>
            <description>A user with no permissions</description>
            <role-name>nobody</role-name>
            </security-role>


            <session-config>
            <session-timeout>30</session-timeout>
            </session-config>

            <mime-mapping>
            <extension>txt</extension>
            <mime-type>text/plain</mime-type>
            </mime-mapping>

            <mime-mapping>
            <extension>html</extension>
            <mime-type>text/html</mime-type>
            </mime-mapping>

            <mime-mapping>
            <extension>xls</extension>
            <mime-type>application/vnd.ms-excel</mime-type>
            </mime-mapping>

            <welcome-file-list>
            <welcome-file>splash.jsp</welcome-file>
            </welcome-file-list>

            </web-app>

            contents of jboss.xml

            <?xml version="1.0" encoding="UTF-8"?>
            <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS 6.0//EN" "http://www.jboss.org/j2ee/dtd/jboss_6_0.dtd">
            <jboss>
            <security-domain>java:/jaas/my-web</security-domain>

            <enterprise-beans>
            <session>
            <ejb-name>CalculationAppealsManagerBean</ejb-name>
            <jndi-name>CalculationAppealsManagerBean</jndi-name>
            <security-identity>
            <run-as-principal>InternalUser</run-as-principal>
            </security-identity>
            </session>

            </enterprise-beans>

            </jboss>


            I've copied the my-web-roles.properties and my-web-user.properties to the following:
            C:\JBoss\jboss-6.1.0.Final\server\all\conf\props
            C:\JBoss\jboss-6.1.0.Final\server\default\conf\props


            I do get a warning in the logs but while it's an issue, this i believe is the gating issue. Here is the log error:
            14:10:54,828 INFO [ContextConfig] WARNING: Security role name InternalUser used in a <run-as> without being defined in a <security-role>


            You might find that some of the naming around security/roles is not consistent. That I'm aware of but first things first, have to find the properties files.

            • 3. Re: Configure JAAS security for default app with Jetty
              Bruce Sanders Newbie

              I modified my jboss.xml to be this:

               

              <security-domain></security-domain>

               

               

               

              I removed any elements in the <security-domain>

               

               

              Problem resolved.