Unfortunately JBoss is causing this issue. Which means the answer is
buried deep in one of many cryptic xml files.
By default JBoss does come with some amount of JAAS configuration
pre-established. If you go to Jboss.org and get a hold of the
administrator docs you can look over how JBoss Security is configured.
I'm going to blindly recommend you take a look at your
conf/jboss-services.xml and see if there is some security service
enabled there. Comment that out and see if it helps.
On 7/20/06, Benjamin Brown <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm new to Acegi but I understand the basic concepts well enough to
> configure it with our Spring based webapp.
>
> I'm having a particular problem with JAAS and Kerberos integration - it
> appears our JBoss application server is possibly hijacking
> authentication calls by JAAS but I'm unsure why. Its looking for a
> users/passwords/role file despite being configured to use Kerberos, not
> a dao setup. It seems to work fine in Tomcat 5 standalone.
>
> Does anyone know how to prevent this?
>
> Any pointers would be greatly appreciated,
>
> Benjamin
>
> Here's the relevant part of the log:
>
> 17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load
> users/passwords/role files
> java.io.IOException: Properties file users.properties not found
> at
> org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
> at
> org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
> at
> org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:324)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
> at
> org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(JaasAuthenticationProvider.java:162)
>
> Here's the JAAS config:
>
> JAASTest {
> com.sun.security.auth.module.Krb5LoginModule required debug=true;
> };
>
> Here's the relevant parts of the applicationContext-acegi-security.xml
> (kerberos bean is an initializing bean to simply set the relevant
> java.security properties for kerberos on startup) :
>
> <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager">
> <property name="providers">
> <list>
> <ref bean="jaasAuthenticationProvider"/>
> </list>
> </property>
> </bean>
>
> <bean id="jaasAuthenticationProvider"
> class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
> <property
> name="loginConfig"><value>/WEB-INF/login.conf</value></property>
> <property name="loginContextName"><value>JAASTest</value></property>
> <property name="callbackHandlers">
> <list>
> <bean
> class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
> <bean
> class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
> </list>
> </property>
> <property name="authorityGranters">
> <list>
> <!-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE
> EXAMPLE -->
> <bean
> class="OURPACKAGE.security.PrincipalRoleAuthorityGranter"/>
> </list>
> </property>
> </bean>
>
> <!-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE
> EXAMPLE -->
> <bean id="kerberosBean" class="OURPACKAGE.security.KerberosBean">
> <property name="realm" value="OURREALM.COM"/>
> <property name="kdc" value="OURKDC"/>
> <property name="debug" value="false"/>
> </bean>
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
