Hi,
I'm new to Acegi but I understand the basic concepts well enough to
configure it with our Spring based webapp.
I'm having a particular problem with JAAS and Kerberos integration - it
appears our JBoss application server is possibly hijacking
authentication calls by JAAS but I'm unsure why. Its looking for a
users/passwords/role file despite being configured to use Kerberos, not
a dao setup. It seems to work fine in Tomcat 5 standalone.
Does anyone know how to prevent this?
Any pointers would be greatly appreciated,
Benjamin
Here's the relevant part of the log:
17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load
users/passwords/role files
java.io.IOException: Properties file users.properties not found
at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
at
org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:324)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
at
org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(JaasAuthenticationProvider.java:162)
Here's the JAAS config:
JAASTest {
com.sun.security.auth.module.Krb5LoginModule required debug=true;
};
Here's the relevant parts of the applicationContext-acegi-security.xml
(kerberos bean is an initializing bean to simply set the relevant
java.security properties for kerberos on startup) :
<bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
<property name="providers">
<list>
<ref bean="jaasAuthenticationProvider"/>
</list>
</property>
</bean>
<bean id="jaasAuthenticationProvider"
class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
<property
name="loginConfig"><value>/WEB-INF/login.conf</value></property>
<property name="loginContextName"><value>JAASTest</value></property>
<property name="callbackHandlers">
<list>
<bean
class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
<bean
class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<!-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE
EXAMPLE -->
<bean
class="OURPACKAGE.security.PrincipalRoleAuthorityGranter"/>
</list>
</property>
</bean>
<!-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE
EXAMPLE -->
<bean id="kerberosBean" class="OURPACKAGE.security.KerberosBean">
<property name="realm" value="OURREALM.COM"/>
<property name="kdc" value="OURKDC"/>
<property name="debug" value="false"/>
</bean>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
