Hi. I am trying to do the same as you. I have updated
.../server/all/deploy/jbossweb-tomcat55.sar/server.xml with:
| <Context
| path="/photos"
| docBase="l:/photos"
| override="true"
| />
|
Yes it works, but how to secure it?
What I've found is that if you create <external-path>/WEB-INF/web.xml
with just this in it:
| <web-app>
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>Share Guests</web-resource-name>
| <url-pattern>/*</url-pattern>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| </web-resource-collection>
| <auth-constraint>
| <role-name>McbShareRoles</role-name>
| </auth-constraint>
| </security-constraint>
|
| <login-config>
| <auth-method>BASIC</auth-method>
| <realm-name>This is the title</realm-name>
| </login-config>
|
| <security-role>
| <role-name>McbShareRoles</role-name>
| </security-role>
| </web-app>
|
and if you create "users.properties" and "roles.properties" in the
.../server/all/conf directory (see the .../conf/props/jmx*.properties
files for the syntax)
and if you check that the "other" JAAS thing is in place in
server/all/conf/login-config.xml (I think the names of the property
files are defaulted but I altered my version to be explicit):
| ...
| <application-policy name="other">
| <authentication>
| <login-module
| code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag="required"
| >
| <module-option
name="usersProperties">users.properties</module-option>
| <module-option
name="rolesProperties">roles.properties</module-option>
| <module-option
name="unauthenticatedIdentity">anonymous</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
and if you check that the "other" thing is the default thing for Tomcat, in
.../server/all/deploy/jbossweb-tomcat55.sar/META-INF/jboss-service.xml:
| ...
| <attribute name="DefaultSecurityDomain">java:/jaas/other</attribute>
| ...
|
and if you want to be really pedantic and sure, you create
<external-directory>/WEB-INF/jboss-web.xml:
| <jboss-web>
| <security-domain>java:/jaas/other</security-domain>
| </jboss-web>
|
If you do all the above, you will find that the browser prompts you for
credentials. Unfortunately, nothing you enter will allow access as the
authentication always fails, with the following in the log:
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResources(jndi.properties)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jnp.interfaces.NamingContextFactory, false)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jnp.interfaces.NamingContextFactory)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
url=file:/E:/java-common/jboss-4.0.4.CR2-from-zipfile/server/all/deploy/jbossweb-tomcat55.sar/
,addedOrder=11}
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.naming.java.javaURLContextFactory, false)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.naming.java.javaURLContextFactory)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
url=file:/E:/java-common/jboss-4.0.4.CR2-from-zipfile/server/all/deploy/jbossweb-tomcat55.sar/
,addedOrder=11}
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.naming.ENCFactory, false)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.naming.ENCFactory)
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
url=file:/E:/java-common/jboss-4.0.4.CR2-from-zipfile/server/all/deploy/jbossweb-tomcat55.sar/
,addedOrder=11}
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 21:24:12,203 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Failed authenticate()
test
|
So... Then I tried putting the WEB-INF tree into a new directory (hoping
that the "context.xml" described at the end of this rant would work):
.../server/all/deploy/name-of-my-external-directory.war
Well, lo and behold, the authentication bit works no worries.
Unfortunately, there is nothing to see because the "context.xml" is not
picked up and there are no files in
.../server/all/deploy/name-of-my-external-directory.war (only the
WEB-INF directory).
Here is what comes out in the log when the authentication works:
| 2006-04-12 20:34:36,781 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Calling authenticate()
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResources(jndi.properties)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jnp.interfaces.NamingContextFactory, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jnp.interfaces.NamingContextFactory)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.naming.java.javaURLContextFactory, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.naming.java.javaURLContextFactory)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.naming.ENCFactory, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.naming.ENCFactory)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.security.plugins.JaasSecurityManagerService$SecurityDomainObjectFactory)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| Lo and behold it starts working here!
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.Context,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.reflect.Proxy, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Object,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Throwable,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(javax.naming.NamingException, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.RuntimeException, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Error, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.reflect.UndeclaredThrowableException, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.ClassNotFoundException, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.NoSuchMethodException, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.NoSuchMethodError, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.NoClassDefFoundError, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(java.lang.reflect.InvocationHandler, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.Class, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(javax.naming.Name,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] loadClass(java.lang.String,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.jboss.security.plugins.JaasSecurityManager.other] CallbackHandler: [EMAIL
PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Created [EMAIL
PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory,
false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.security.plugins.JaasSecurityManagerService$DefaultCacheObjectFactory)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 20:34:36,797 DEBUG
[org.jboss.security.plugins.JaasSecurityManager.other] CachePolicy set to:
[EMAIL PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, [EMAIL
PROTECTED]
| 2006-04-12 20:34:36,797 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Added other, [EMAIL
PROTECTED] to map
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
loadClass(org.jboss.security.auth.spi.UsersRolesLoginModule, false)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Searching local repositories
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findClass(org.jboss.security.auth.spi.UsersRolesLoginModule)
| 2006-04-12 20:34:36,797 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Delegating to parent
classloader at end: [EMAIL PROTECTED]
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] Loading class from parent
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(defaultUsers.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(users.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
getResource(defaultUsers.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(defaultUsers.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] getResource(users.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(users.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Returning
'file:/E:/java-common/jboss-4.0.4.CR2-from-zipfile/server/all/conf/users.properties'
| 2006-04-12 20:34:36,812 DEBUG
[org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties,
users=[admin, myuser1, anonymous, myuser2]
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(defaultRoles.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(roles.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
getResource(defaultRoles.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(defaultRoles.properties)
| 2006-04-12 20:34:36,812 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,828 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,828 DEBUG
[org.apache.catalina.loader.WebappClassLoader] getResource(roles.properties)
| 2006-04-12 20:34:36,828 DEBUG
[org.apache.catalina.loader.WebappClassLoader]
findResource(roles.properties)
| 2006-04-12 20:34:36,828 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Resource not found,
returning null
| 2006-04-12 20:34:36,828 DEBUG
[org.apache.catalina.loader.WebappClassLoader] --> Returning
'file:/E:/java-common/jboss-4.0.4.CR2-from-zipfile/server/all/conf/roles.properties'
| 2006-04-12 20:34:36,828 DEBUG
[org.jboss.security.auth.spi.UsersRolesLoginModule] Loaded properties,
users=[admin, myuser1, anonymous, myuser2]
| 2006-04-12 20:34:36,844 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Authenticated 'myuser1'
with type 'BASIC'
| 2006-04-12 20:34:36,844 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Calling accessControl()
| 2006-04-12 20:34:36,844 DEBUG [org.apache.catalina.realm.RealmBase]
Username myuser1 has role McbShareRoles
| 2006-04-12 20:34:36,844 DEBUG
[org.apache.catalina.authenticator.AuthenticatorBase] Successfully passed all
security constraints
|
So the authentication stuff in WEB.XML only works if the unpacked WAR
(or external directory in our case) is located in the
.../server/all/deploy directory.
Well it all looks a bit like class-loading issues to me, so maybe some
egg-head could tell us perhaps we have to add a "" element to
the entry in .../server/all/deploy/jbossweb-tomcat55.sar/server.xml?
The only clue here appears to be that in the FAILURE case, the loading
is delegated to "[EMAIL PROTECTED]",
whereas in the SUCCESS case, the loading is being delegated to
"[EMAIL PROTECTED]".
P.S.
I have found that JBoss-Tomcat doesn't seem to take any notice of any
<external-dir>/WEB-INF/context.xml, so probably don't bother
experimenting with this technique (instead of editing
.../server/all/deploy/jbossweb-tomcat55.sar/server.xml), but PLEASE let
me know if you have any luck with this because it's better to drop in
"context.xml" files somewhere than go fiddling with Tomcat server.xml
'cos that probably is not reloadable and you have to keep restarting
JBoss:
| <Context
| path="/music"
| docBase="l:/music"
| override="true"
| debug="99"
| />
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3937119#3937119
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3937119
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
