Apologies - initially it was sent from the wrong email address and left
in a pending state with the moderator (since I wasn't a group member). I
then changed my email address in account settings and sent it again few
minutes later. The second post was likely the one held by the mod.
I've not solved the issue but it is the default JBoss JAAS config
causing the problem. Removing the JAAS config from JBoss just prevents
it from starting up - so it is required. I'll reply back here if I find
a proper solution.
Thanks,
Benjamin
Ray Krueger wrote:
> Benjamin, you posted this thread once already. Myself and some others
> already replied.
> Please read the replies to your previous post.
>
> On 7/20/06, Benjamin Brown <[EMAIL PROTECTED]> wrote:
>
>> Hi,
>>
>> I'm new to Acegi but I understand the basic concepts well enough to
>> configure it with our Spring based webapp.
>>
>> I'm having a particular problem with JAAS and Kerberos integration - it
>> appears our JBoss application server is possibly hijacking
>> authentication calls by JAAS but I'm unsure why. Its looking for a
>> users/passwords/role file despite being configured to use Kerberos, not
>> a dao setup. Does anyone know how to prevent this?
>>
>> Any pointers would be greatly appreciated,
>>
>> Benjamin
>>
>> Here's the relevant part of the log:
>>
>> 17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load
>> users/passwords/role files
>> java.io.IOException: Properties file users.properties not found
>> at
>> org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
>> at
>> org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
>> at
>> org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>> at java.lang.reflect.Method.invoke(Method.java:324)
>> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
>> at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
>> at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
>> at
>> org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(JaasAuthenticationProvider.java:162)
>>
>> Here's the JAAS config:
>>
>> JAASTest {
>> com.sun.security.auth.module.Krb5LoginModule required debug=true;
>> };
>>
>> Here's the relevant parts of the applicationContext-acegi-security.xml
>> (kerberos bean is an initializing bean to simply set the relevant
>> java.security properties for kerberos on startup) :
>>
>> <bean id="authenticationManager"
>> class="org.acegisecurity.providers.ProviderManager">
>> <property name="providers">
>> <list>
>> <ref bean="jaasAuthenticationProvider"/>
>> </list>
>> </property>
>> </bean>
>>
>> <bean id="jaasAuthenticationProvider"
>> class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
>> <property
>> name="loginConfig"><value>/WEB-INF/login.conf</value></property>
>> <property name="loginContextName"><value>JAASTest</value></property>
>> <property name="callbackHandlers">
>> <list>
>> <bean
>> class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
>> <bean
>> class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
>> </list>
>> </property>
>> <property name="authorityGranters">
>> <list>
>> <!-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE
>> EXAMPLE -->
>> <bean
>> class="OURPACKAGE.security.PrincipalRoleAuthorityGranter"/>
>> </list>
>> </property>
>> </bean>
>>
>> <!-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE
>> EXAMPLE -->
>> <bean id="kerberosBean" class="OURPACKAGE.security.KerberosBean">
>> <property name="realm" value="OURREALM.COM"/>
>> <property name="kdc" value="OURKDC"/>
>> <property name="debug" value="false"/>
>> </bean>
>>
>> -------------------------------------------------------------------------
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to share your
>> opinions on IT & business topics through brief surveys -- and earn cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> _______________________________________________
>> Home: http://acegisecurity.org
>> Acegisecurity-developer mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>>
>>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
