3 Replies Latest reply on Aug 14, 2007 3:34 AM by Sascha Effert

    Login for Web-Application

    Sascha Effert Newbie

      Hi,

      I want to build a web-application using JBoss. The Application should only be usable for authorized users. So I have build a protected Webside called protected/test.jsp. Then I used the following web.xml:


      <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

      <session-config>
      <session-timeout>
      30
      </session-timeout>
      </session-config>

      <welcome-file-list>
      <welcome-file>
      index.jsp
      </welcome-file>
      </welcome-file-list>

      <security-constraint>
      <display-name>VDrive Protected</display-name>
      <web-resource-collection>
      <web-resource-name>VDrive</web-resource-name>
      VDrive Configuration Pages
      <url-pattern>/vdrive/test.jsp</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      <http-method>HEAD</http-method>
      <http-method>PUT</http-method>
      <http-method>OPTIONS</http-method>
      <http-method>TRACE</http-method>
      <http-method>DELETE</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>administrator</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>BASIC</auth-method>
      </login-config>
      </web-app>


      In the directory server/default/conf I put the following users.properties:

      fermat=test


      and roles.properties:

      fermat=administrator


      This is based on http://www.techienuggets.com/Detail?tx=2, but I used basic authentication instead of form. But anyway (if using Form or Basic) I am asked for a login and password and after entering I get an empty page and the following exception:


      14:41:39,763 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing
      java.lang.ClassCastException: org.jnp.interfaces.NamingContext cannot be cast to org.jboss.security.SubjectSecurityManager
      at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:488)
      at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
      at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
      at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:157)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
      at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
      at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:580)
      at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
      at java.lang.Thread.run(Thread.java:619)


      Can anyone tell me what is going wrong? Is there a usable tutorial for this?

        • 1. Re: Login for Web-Application
          Sascha Effert Newbie

          To avoid questions: The protected page is vdrive/test.jsp, not protected/test.jsp....

          • 2. Re: Login for Web-Application
            Peter Johnson Master

            First, when posting xml content, bracket it with [ code]..[ code ] (without the spaces). you can easily do this by selecting the text and clicking the Code button. I noticed that you used < code > brackets, but that will not work other than forcing fixed-width font, the tags within the xml can still cause problems.

            Try adding a WEB-INF/jboss-web.xml files, containing the following:

            <jboss-web>
             <security-domain>java:/jaas/myloginmodule</security-domain>
            </jboss-web>


            and then add the following to the server/xxx/data/login-config.xml file:

            <application-policy name = "myloginmodule">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name="usersProperties">props/users.properties</module-option>
             <module-option name="rolesProperties">props/roles.properties</module-option>
             </login-module>
             </authentication>
             </application-policy>
            



            • 3. Re: Login for Web-Application
              Sascha Effert Newbie

              Thank you, it works now. Sorry for the wrong tag...

              For others reading this: I realized the the directory in the module-options is relative to the conf-directory of the server I started (e.g. $JBOSS_HOME/se4rver/default/conf/). It seems not to be possible to use an absolute path, because than you get an IOException that the property-files could not be found.

              Thank you very much...