Re: [Acegisecurity-developer] JAAS Integration - JBoss hijackingKerberos authentication mechanism

Thu, 20 Jul 2006 07:13:11 -0700 

Have you correctly defined the Jboss realm for the web-app in a
jboss-web.xml file?

<jboss-web>
        <security-domain>java:/jaas/YourSecurityDomain</security-domain>
</jboss-web>

-----Mensaje original-----
De: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] En nombre de
Benjamin Brown
Enviado el: jueves, 20 de julio de 2006 13:23
Para: [email protected]
Asunto: [Acegisecurity-developer] JAAS Integration - JBoss hijackingKerberos
authentication mechanism


Hi,

I'm new to Acegi but I understand the basic concepts well enough to
configure it with our Spring based webapp.

I'm having a particular problem with JAAS and Kerberos integration - it
appears our JBoss application server is possibly hijacking authentication
calls by JAAS but I'm unsure why. Its looking for a users/passwords/role
file despite being configured to use Kerberos, not a dao setup. It seems to
work fine in Tomcat 5 standalone.

Does anyone know how to prevent this?

Any pointers would be greatly appreciated,

Benjamin

Here's the relevant part of the log:

17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load
users/passwords/role files
java.io.IOException: Properties file users.properties not found
    at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesL
oginModule.java:217)
    at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginM
odule.java:234)
    at
org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLogin
Module.java:100)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39
)
    at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl
.java:25)
    at java.lang.reflect.Method.invoke(Method.java:324)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
    at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
    at java.security.AccessController.doPrivileged(Native Method)
    at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
    at
org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(Jaa
sAuthenticationProvider.java:162)

Here's the JAAS config:

JAASTest {
      com.sun.security.auth.module.Krb5LoginModule required debug=true; };

Here's the relevant parts of the applicationContext-acegi-security.xml
(kerberos bean is an initializing bean to simply set the relevant
java.security properties for kerberos on startup) :

    <bean id="authenticationManager"
class="org.acegisecurity.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="jaasAuthenticationProvider"/>
            </list>
        </property>
    </bean>

<bean id="jaasAuthenticationProvider"
class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
        <property
name="loginConfig"><value>/WEB-INF/login.conf</value></property>
        <property name="loginContextName"><value>JAASTest</value></property>
        <property name="callbackHandlers">
            <list>
                <bean
class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
                <bean
class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
              </list>
          </property>
          <property name="authorityGranters">
              <list>
                <!-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE EXAMPLE
-->
                  <bean
class="OURPACKAGE.security.PrincipalRoleAuthorityGranter"/>
              </list>
          </property>
    </bean>

    <!-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE EXAMPLE
-->
    <bean id="kerberosBean" class="OURPACKAGE.security.KerberosBean">
        <property name="realm" value="OURREALM.COM"/>
        <property name="kdc" value="OURKDC"/>
           <property name="debug" value="false"/>
    </bean>


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

-- 
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.1.394 / Virus Database: 268.10.2/393 - Release Date: 19/07/2006
 


-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to