I am trying to implement JAAS in a web application by using Tomcat's implementation of
JAAS (JAASRealm). I've been getting an exception (pls see below) by using the same
source code with different Tomcat configuration (server.xml ). I've used this code in
Weblogic 6.X without any problem. If this could be done in Weblogic, then there is NO
reason why we can't do it in Tomcat. I've included snippets of the server.xml, the
java source code ( ContainerAuthentication.java ) and the exception in the hope that
it might help.
Can anyone tell me what am I doing wrong? Or perhaps point me in the right direction.
// server.xml
<!--Realm className="org.apache.catalina.realm.JAASRealm" debug="99"
appName="JAASPolicy"
userClassNames="java.security.Principal"
roleClassNames="java.security.Principal"/-->
<Realm className="org.apache.catalina.realm.JAASRealm" debug="99"
loginContext="JAASPolicy"
callbackHandler="cdmanager.security.tomcat.JAASLoginCallbackHandler"/>
// ContainerAuthentication.java
// login method starts here
public void login(ServletRequest request)
throws LoginException
{
try
{
LoginContext loginContext = null;
PasswordLoginProperties plProperties =
PasswordLoginProperties.getPasswordLoginProperties();
Properties property = new Properties(System.getProperties());
property.put( "configPolicyFileName",
plProperties.getConfigPolicyFileName());
property.put("java.security.auth.login.config",
plProperties.getConfigPolicyFileName() );
System.setProperties(property);
// shorten here
JAASLoginCallbackHandler handler = new
cdmanager.security.tomcat.JAASLoginCallbackHandler(request);
loginContext = new LoginContext("JAASPolicy", handler );
loginContext.login(); // exception is thrown in this line
}
catch(ConfigException ce) {
throw new LoginException(ce.toString());
}
}
// login method ends here ( shorten version)
// And here is the exception
java.lang.SecurityException: unable to instantiate LoginConfiguration at
javax.security.auth.login.Configuration.getConfiguration(Configuration.java:212)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:166) at
java.security.AccessController.doPrivileged(Native Method) at
javax.security.auth.login.LoginContext.init(LoginContext.java:163) at
javax.security.auth.login.LoginContext.(LoginContext.java:319) at
cdmanager.security.tomcat.ContainerAuthentication.login(Unknown Source) at
cdmanager.actions.LogonAction.execute(Unknown Source) at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:266) at
org.apache.struts.action.ActionServlet.process(ActionServlet.java:1292) at
org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:760) at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853) at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:256)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2415) at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:171)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174) at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480) at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995) at
org.apache.coyote.tomcat4.CoyoteAdapter.service(CoyoteAdapter.java:223) at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:594) at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:392)
at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:565) at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:619)
at java.lang.Thread.run(Thread.java:479)
---------------------------------
Apache Tomcat/4.1.24
---------------------------------
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
