[jboss-user] [Security JAAS/JBoss] - Error 401 in jboss Negotiation war for the secured test
Hello, My full story with FreeIPA and jboss negotiation could be found on my blog: ellis2323.blogspot.com To do short: - i have installed to VM with Fedora Core 10 - i have installed FreeIPA on the first - i have installed a server on the second Kerberos is working. I can use ssh without prompting ssh!!! My goal: build a webservice to browse a filesystem. I have already done it with python with root access. Now i want use impersonation with JAAS and Delegation with Kerberos to use the SSH service to access a filesystem. Now i have installed jboss and jboss-negotiation-toolkit.war (2.0.3GA). But i can't have the third test working. I have search during 3 days but no idea. The message is a checksum error : | 2:20:21,919 INFO [BasicNegotiationServlet] No Authorization Header, sending 401 | 02:20:22,027 INFO [BasicNegotiationServlet] Authorization header received - decoding token. | 02:20:37,558 INFO [STDOUT] Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /usr/java/jboss/server/default/conf/test.keytab refreshKrb5Config is false principal is host/server1.scigems@scigems.org tryFirstPass is false useFirstPass is false storePass is false clearPass is false | 02:20:37,582 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,583 INFO [STDOUT] KeyTabInputStream, readName(): HTTP | 02:20:37,583 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,585 INFO [STDOUT] KeyTab: load() entry length: 87; type: 18 | 02:20:37,585 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,586 INFO [STDOUT] KeyTabInputStream, readName(): HTTP | 02:20:37,586 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,586 INFO [STDOUT] KeyTab: load() entry length: 71; type: 17 | 02:20:37,587 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,588 INFO [STDOUT] KeyTabInputStream, readName(): HTTP | 02:20:37,588 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,588 INFO [STDOUT] KeyTab: load() entry length: 79; type: 16 | 02:20:37,589 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,589 INFO [STDOUT] KeyTabInputStream, readName(): HTTP | 02:20:37,589 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,590 INFO [STDOUT] KeyTab: load() entry length: 71; type: 23 | 02:20:37,590 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,590 INFO [STDOUT] KeyTabInputStream, readName(): HTTP | 02:20:37,590 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,591 INFO [STDOUT] KeyTab: load() entry length: 63; type: 1 | 02:20:37,591 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,591 INFO [STDOUT] KeyTabInputStream, readName(): host | 02:20:37,591 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,593 INFO [STDOUT] KeyTab: load() entry length: 87; type: 18 | 02:20:37,593 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,605 INFO [STDOUT] KeyTabInputStream, readName(): host | 02:20:37,605 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,606 INFO [STDOUT] KeyTab: load() entry length: 71; type: 17 | 02:20:37,607 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,607 INFO [STDOUT] KeyTabInputStream, readName(): host | 02:20:37,608 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,609 INFO [STDOUT] KeyTab: load() entry length: 79; type: 16 | 02:20:37,609 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,611 INFO [STDOUT] KeyTabInputStream, readName(): host | 02:20:37,611 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,611 INFO [STDOUT] KeyTab: load() entry length: 71; type: 23 | 02:20:37,612 INFO [STDOUT] KeyTabInputStream, readName(): SCIGEMS.ORG | 02:20:37,612 INFO [STDOUT] KeyTabInputStream, readName(): host | 02:20:37,613 INFO [STDOUT] KeyTabInputStream, readName(): server1.scigems.org | 02:20:37,613 INFO [STDOUT] KeyTab: load() entry length: 63; type: 1 | 02:20:37,621 INFO [STDOUT] Added key: 1version: 10 | 02:20:37,623 INFO [STDOUT] Added key: 23version: 10 | 02:20:37,623 INFO [STDOUT] Added key: 16version: 10 | 02:20:37,623 INFO [STDOUT] Added key: 17version: 10 | 02:20:37,624 INFO [STDOUT] Added key: 18version: 10 | 02:20:37,624 INFO [STDOUT] Ordering keys wrt default_tkt_enctypes list | 02:20:37,630 INFO [STDOUT] Using builtin default etypes for default_tkt_enctypes | 02:20:37,631 INFO [STDOUT] default etypes for default_tkt_enctypes: | 02:20:37,631 INFO [STDOUT] 3 | 02:20:37,631 INFO [STDOUT] 1 | 02:20:37,632 INFO [STDOUT] 23 | 02:20:37,632 INFO [STDOUT] 16 |
[jboss-user] [Security JAAS/JBoss] - error when copy my-login-config-service.xml to deploy folder
I have my-login-config.xml in /server/default/config - ?xml version='1.0'? !DOCTYPE policy PUBLIC -//JBoss//DTD JBOSS Security Config 3.0//EN http://www.jboss.org/j2ee/dtd/security_config.dtd; application-policy name=example2 login-module code=org.jboss.security.auth.spi.DatabaseServerLoginModule flag=required module-option name=dsJndiNamejava:/Book/module-option module-option name=principalsQuery select password from principals principalID where principalID=?/module-option module-option name=rolesQuery select Role, RoleGroup from Roles where PrincipalID=?/module-option /login-module /application-policy - I need to tell JBoss to load this file at startup time To do this, I create a JMX MBean defined in a service file my-login-config-service.xml ?xml version=1.0 encoding=UTF-8? my-login-config.xml depends optional-attribute-name=LoginConfigService jboss.security:service=XMLLoginConfig depends optional-attribute-name=SecurityManagerService jboss.security:service=JaasSecurityManager and I receive error Encountered \u00ef\u00bb\u00bf?xml at line 1, column 1 Was expecting one of View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=412#412 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=412 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - Error interface org.jboss.security.saml.SSOManagerService is
Hi, I've configured 2 webapps with SSO Federated on JBoss. Configurations seems to be fine. But, I've got the error below when trying to access the index page on one of webapps. Looking for SSOManagerService on Jboss JMX Console, and there it is. Debugging the code of SSOManager class I realized that sometimes the code works and SSOManagerService is returned, but in other cases the error occurs. Has anybody any ideia??? thanks 10:14:33,968 ERROR [SSOAutoLogout] org.jboss.security.valve.SSOAutoLogout[/PocSSOApp1] javax.servlet.ServletException: java.lang.IllegalArgumentException: interface org.jboss.security.saml.SSOManagerService is not visible from class loader at org.jboss.security.valve.SSOTokenManager.invoke(SSOTokenManager.java:201) at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:172) at org.jboss.security.valve.SSOFederationRouter.invoke(SSOFederationRouter.java:135) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) 10:14:33,968 ERROR [CoyoteAdapter] An exception or error occurred in the container during the request processing javax.servlet.ServletException: java.lang.IllegalArgumentException: interface org.jboss.security.saml.SSOManagerService is not visible from class loader at org.jboss.security.valve.SSOAutoLogout.invoke(SSOAutoLogout.java:178) at org.jboss.security.valve.SSOFederationRouter.invoke(SSOFederationRouter.java:135) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:74) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105) at org.jboss.web.tomcat.tc5.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:156) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:869) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:664) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527) at org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSlaveWorkerThread.java:112) at java.lang.Thread.run(Thread.java:595) View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4122160#4122160 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4122160 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - error
in the following stackTrace: what does this mean? [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null Thanks, 07-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull 2007-11-30 16:36:18,128 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,128 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callernull 2007-11-30 16:36:18,128 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 71E7535CC7D5FA940BF0EC8946FB708B 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request GET /Shields-UI/images/topBtn_search_on.gif 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecurePages]' against GET /images/topBtn_search_on.gif -- false 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecurePages]' against GET /images/topBtn_search_on.gif -- false 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecurePages]' against GET /images/topBtn_search_on.gif -- false 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecurePages]' against GET /images/topBtn_search_on.gif -- false 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.realm.RealmBase] No applicable constraint located 2007-11-30 16:36:18,128 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Not subject to any constraint 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] Begin invoke, callernull 2007-11-30 16:36:18,128 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,128 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,143 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,143 TRACE [org.jboss.web.tomcat.security.RunAsListener] default, runAs: null 2007-11-30 16:36:18,143 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null 2007-11-30 16:36:18,143 TRACE [org.jboss.web.tomcat.security.SecurityAssociationValve] End invoke, callernull 2007-11-30 16:36:18,143 TRACE [org.jboss.security.SecurityAssociation] clear, server=true 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.connector.CoyoteAdapter] Requested cookie session id is 71E7535CC7D5FA940BF0EC8946FB708B 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Security checking request POST /Shields-UI/ExecuteSearchService 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.realm.RealmBase] Checking constraint 'SecurityConstraint[SecurePages]' against POST /ExecuteSearchService -- true 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling hasUserDataPermission() 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.realm.RealmBase] User data constraint has no restrictions 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate() 2007-11-30 16:36:18,190 TRACE [org.jboss.web.tomcat.security.SecurityFlushSessionListener] Session Created with id=71E7535CC7D5FA940BF0EC8946FB708B 2007-11-30 16:36:18,190 DEBUG [org.apache.catalina.authenticator.FormAuthenticator] Save request in session '71E7535CC7D5FA940BF0EC8946FB708B' 2007-11-30 16:36:18,221 DEBUG [org.apache.catalina.core.ApplicationDispatcher] servletPath=/login.jsp, pathInfo=null, queryString=null, name=null 2007-11-30 16:36:18,221 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Path Based Forward 2007-11-30 16:36:18,221 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2007-11-30 16:36:18,221 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2007-11-30 16:36:18,221 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2007-11-30 16:36:18,221 TRACE [org.jboss.web.tomcat.security.RunAsListener] jsp, runAs: null 2007-11-30 16:36:18,221 DEBUG [org.apache.catalina.core.ApplicationDispatcher] Disabling the response for
[jboss-user] [Security JAAS/JBoss] - Error registering jboss.web:type=ProtocolHandler, port=28080,
I have written Mbean , which makes a client RMI connection to external application . This bean is configured in the conf/jboss-service.xml so when the jboss is started during the start of my bean i get following error. Can anyone please tell me how to fix this problem. 17:17:07,312 ERROR [Registry] Error registering jboss.web:type=ProtocolHandler,port=28080,address=%2F0.0.0.0 java.lang.SecurityException: MBeanTrustPermission(register) not implied by protection domain of mbean class: org.apache.commons.modeler.BaseModelMBean, pd: ProtectionDomain (file:/opt/jboss-4.0.5.GA/server/coam/tmp/deploy/tmp61685commons-modeler.jar no signer certificates) [EMAIL PROTECTED] url=file:/opt/jboss-4.0.5.GA/server/coam/deploy/jbossweb-tomcat55.sar/ ,addedOrder=9} no principals [EMAIL PROTECTED] ( (java.net.SocketPermission localhost:1024- listen,resolve) (java.net.SocketPermission localhost:1024- listen,resolve) (java.util.PropertyPermission java.version read) (java.util.PropertyPermission java.vm.name read) (java.util.PropertyPermission java.vm.vendor read) (java.util.PropertyPermission os.name read) (java.util.PropertyPermission java.vendor.url read) (java.util.PropertyPermission java.vm.specification.vendor read) (java.util.PropertyPermission os.version read) (java.util.PropertyPermission java.specification.vendor read) (java.util.PropertyPermission java.class.version read) (java.util.PropertyPermission java.specification.name read) (java.util.PropertyPermission file.separator read) (java.util.PropertyPermission os.arch read) (java.util.PropertyPermission java.vm.version read) (java.util.PropertyPermission java.vendor read) (java.util.PropertyPermission java.specification.version read) (java.util.PropertyPermission java.vm.specification.version read) (java.util.PropertyPermission java.vm.specification.name read) (java.util.PropertyPermission path.separator read) (java.util.PropertyPermission line.separator read) (java.lang.RuntimePermission stopThread) (java.io.FilePermission /opt/jboss-4.0.5.GA/server/coam/tmp/deploy/tmp61685commons-modeler.jar read) (java.io.FilePermission /opt/jboss-4.0.5.GA/server/coam/deploy/jbossweb-tomcat55.sar read) ) at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:1398) at org.jboss.mx.server.MBeanServerImpl.registerMBean(MBeanServerImpl.java:376) at org.apache.commons.modeler.Registry.registerComponent(Registry.java:871) at org.apache.catalina.connector.Connector.start(Connector.java:1076) at org.jboss.web.tomcat.tc5.Tomcat5.startConnectors(Tomcat5.java:590) at org.jboss.web.tomcat.tc5.Tomcat5.handleNotification(Tomcat5.java:627) at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153) at $Proxy41.handleNotification(Unknown Source) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127) at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108) at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:908) at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497) at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362) at org.jboss.Main.boot(Main.java:200) at org.jboss.Main$1.run(Main.java:490) at java.lang.Thread.run(Thread.java:595) 17:17:07,314 ERROR [Connector] Protocol JMX registration failed .. thanks in advance Mallick View the original post : http://www.jboss.com/index.html?module=bbop=viewtopicp=4041634#4041634 Reply to the post : http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4041634 ___ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
[jboss-user] [Security JAAS/JBoss] - error deploying .ear
Hi!!! I have the next problem while trying to deploy the .ear file.. Im trying to make an easy FORM Login but it isnt so easy. The error is in the web.xml but i cant find it.. can anyone help me.. the web.xml , the things i add before the error and in bold: ?xml version=1.0 encoding=UTF-8? !DOCTYPE web-app PUBLIC -//Sun Microsystems, Inc.//DTD Web Application 2.3//EN http://java.sun.com/dtd/web-app_2_3.dtd; web-app !-- To use non XDoclet filters, create a filters.xml file that contains the additional filters (eg Sitemesh) and place it in your project's merge dir. Don't include filter-mappings in this file, include them in a file called filter-mappings.xml and put that in the same directory. -- !-- To use non XDoclet filter-mappings, create a filter-mappings.xml file that contains the additional filter-mappings and place it in your project's merge dir. -- !-- To use non XDoclet listeners, create a listeners.xml file that contains the additional listeners and place it in your project's merge dir. -- servlet-nameCompute/servlet-name display-nameComputation Servlet/display-name ![CDATA[Servlet that compute de LoginService]] servlet-classlogin.web.ComputeServlet/servlet-class !-- To use non XDoclet servlets, create a servlets.xml file that contains the additional servlets (eg Struts) and place it in your project's merge dir. Don't include servlet-mappings in this file, include them in a file called servlet-mappings.xml and put that in the same directory. -- servlet-mapping servlet-nameCompute/servlet-name url-pattern/Compute/url-pattern /servlet-mapping !-- To specify mime mappings, create a file named mime-mappings.xml, put it in your project's mergedir. Organize mime-mappings.xml following this DTD slice: !ELEMENT mime-mapping (extension, mime-type) -- !-- To specify error pages, create a file named error-pages.xml, put it in your project's mergedir. Organize error-pages.xml following this DTD slice: !ELEMENT error-page ((error-code | exception-type), location) -- !-- To add taglibs by xml, create a file called taglibs.xml and place it in your merge dir. -- !-- To set up security settings for your web app, create a file named web-security.xml, put it in your project's mergedir. Organize web-security.xml following this DTD slice: !ELEMENT security-constraint (display-name?, web-resource-collection+, auth-constraint?, user-data-constraint?) !ELEMENT web-resource-collection (web-resource-name, description?, url-pattern*, http-method*) !ELEMENT web-resource-name (#PCDATA) !ELEMENT url-pattern (#PCDATA) !ELEMENT http-method (#PCDATA) !ELEMENT user-data-constraint (description?, transport-guarantee) !ELEMENT transport-guarantee (#PCDATA) !ELEMENT login-config (auth-method?, realm-name?, form-login-config?) !ELEMENT auth-method (#PCDATA) !ELEMENT realm-name (#PCDATA) !ELEMENT form-login-config (form-login-page, form-error-page) !ELEMENT form-login-page (#PCDATA) !ELEMENT form-error-page (#PCDATA) -- security-constraint web-resource-collection web-resource-nameUser Auth/web-resource-name url-pattern/*.html/url-pattern /web-resource-collection auth-constraint role-nameadmin/role-name role-nameuser/role-name /auth-constraint /security-constraint login-config auth-methodFORM/auth-method realm-nameUser Auth/realm-name form-login-config form-login-pageindex.html/form-login-page form-error-pageloginError.html/form-error-page /form-login-config /login-config security-role role-nameadmin/role-name /security-role security-role role-nameuser/role-name /security-role ejb-ref ![CDATA[Reference to the DataBaseLogin EJB]] ejb-ref-nameejb/DataBaseLogin/ejb-ref-name ejb-ref-typeSession/ejb-ref-type login.interfaces.DataBaseLoginHome login.interfaces.DataBaseLogin /ejb-ref /web-app and this is the Error in the server: 11:26:40,046 ERROR [TomcatDeployer] Failed to setup clustering, clustering disabled 11:26:40,203 ERROR [Digester] End event threw exception java.lang.reflect.InvocationTargetException at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at org.apache.commons.beanutils.MethodUtils.invokeMethod(MethodUtils.java:252) at
[jboss-user] [Security JAAS/JBoss] - Error 403 when using DatabaseServerLoginModule
Hi all,
I am trying to configure JAAS in jboss 4.0.4.GA for a sample seam
application. Here's my configs:
JBoss 4.0.4.GA
Seam 1.0.1.GA
Hibernate 3.2.0 CR1
MySQL 4.1.9
My Principals and Roles Tables are as follows:
|
| --
| -- Table structure for table `principals`
| --
|
| CREATE TABLE `principals` (
| `PrincipalId` varchar(255) NOT NULL default '',
| `Password` varchar(255) NOT NULL default '',
| PRIMARY KEY (`PrincipalId`)
| ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
|
| --
| -- Dumping data for table `principals`
| --
|
| INSERT INTO `principals` VALUES ('Admin', 'admin');
| INSERT INTO `principals` VALUES ('user', 'user');
| INSERT INTO `principals` VALUES ('Yogesh', 'yogesh');
|
| --
| -- Table structure for table `roles`
| --
|
| CREATE TABLE `roles` (
| `PrincipalId` varchar(255) NOT NULL default '',
| `Role` varchar(255) NOT NULL default '',
| `RoleGroup` varchar(255) NOT NULL default '',
| PRIMARY KEY (`PrincipalId`)
| ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
|
| --
| -- Dumping data for table `roles`
| --
|
| INSERT INTO `roles` VALUES ('Admin', 'Admin', 'Admin');
| INSERT INTO `roles` VALUES ('user', 'User', 'User');
| INSERT INTO `roles` VALUES ('Yogesh', 'Admin', 'Admin');
|
|
|
|
Here's wats in my jboss-app.xml:
|
| jboss-app
| module
| servicejboss-service.xml/service
| /module
|
|
loader-repositoryseam.jboss.org:loader=seam-seamapp/loader-repository
| /jboss-app
|
|
|
and my jboss-service.xml:
|
| ?xml version=1.0 encoding=UTF-8?
| server
| mbean code=org.jboss.security.auth.login.DynamicLoginConfig
|name=JAASExample:service=DynamicLoginConfig
| attribute name=AuthConfiglogin-config.xml/attribute
| depends optional-attribute-name=LoginConfigService
| jboss.security:service=XMLLoginConfig
| /depends
| depends optional-attribute-name=SecurityManagerService
| jboss.security:service=JaasSecurityManager
| /depends
| /mbean
| /server
|
|
my login-config.xml:
|
| ?xml version='1.0'?
| !DOCTYPE policy PUBLIC
| -//JBoss//DTD JBOSS Security Config 3.0//EN
| http://www.jboss.org/j2ee/dtd/security_config.dtd;
|
| policy
| application-policy name = jaastest
| authentication
| login-module
| code =
org.jboss.security.auth.spi.DatabaseServerLoginModule
| flag = required
| module-option name =
dsJndiNamejava:/jaastestDatasource/module-option
| module-option
| name=usersProperties
| SELECT password for principals WHERE
principalId=?
| /module-option
| module-option
| name=rolesProperties
| SELECT role as Roles, roleGroup as RoleGroups
from roles where principalId=?
| /module-option
| /login-module
| /authentication
| /application-policy
| /policy
|
|
and my jboss-web.xml under the WEB-INF folder:
|
| ?xml version=1.0 encoding=UTF-8?
| !DOCTYPE jboss-web PUBLIC -//JBoss//DTD Web Application 2.3//EN
http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd;
| jboss-web
| security-domainjava:/jaas/jaastest/security-domain
| /jboss-web
|
|
|
and i added the following lines to my web.xml:
|
| !-- JAAS Security Configurations --
| security-constraint
| web-resource-collection
| web-resource-nameAll resources/web-resource-name
| descriptionProtects all resources/description
| url-pattern/*/url-pattern
| /web-resource-collection
| auth-constraint
| role-nameAdmin/role-name
| /auth-constraint
| /security-constraint
|
| security-role
| role-nameAdmin/role-name
| /security-role
|
| security-role
| role-nameUser/role-name
| /security-role
|
| login-config
| auth-methodBASIC/auth-method
| realm-nameJaasTestRealm/realm-name
| /login-config
|
|
My EAR file is as follows:
seamapp.ear:
- META-INF
- seamapp.war
- seamapp.ejb3
- login-config.xml
- jboss-service.xml
Though the Authentication works, i am redirected to the correct page but the
following error message is displayed:
| HTTP Status 403 - Access to the requested resource has been denied
|
|
