Hello,
I want to add security to my applications and I tried to configure JAAS.
For development I want to use files like it is described on the website
(http://tomee.apache.org/tomee-jaas.html). Later I want to replace this
by LDAP. What did I do?
* I added the <Realm> tag to the server.xml;
* I created the login.config in the conf directory;
* I added the -Djava parameter to the startup line;
* I created the files user.properties and groups.properties in the
same directory as the login.config file.
When I restart tomee (version 1.5.2) it starts with this command:
/usr/lib/jvm/default-java/bin/java
-Djava.util.logging.config.file=/opt/tomee/conf/logging.properties
-javaagent:/opt/tomee/lib/openejb-javaagent.jar -Djava.awt.headless=true
-XX:+DisableExplicitGC -Xmx640M -XX:MaxPermSize=384m
-Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
-Djava.security.auth.login.config=/opt/tomee/conf/login.config
-Djava.endorsed.dirs=/opt/tomee/endorsed -classpath
/opt/tomee/bin/bootstrap.jar:/opt/tomee/bin/tomcat-juli.jar
-Dcatalina.base=/opt/tomee -Dcatalina.home=/opt/tomee
-Djava.io.tmpdir=/tmp/tomee-tomee-tmp
org.apache.catalina.startup.Bootstrap start
When I try to connect to the Tomcat console
(http://localhost:8080/manager/html) I get, after trying to login, the
following error in the logfile:
jun 11, 2013 9:14:08 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for
PropertiesLoginModule
at
javax.security.auth.login.LoginContext.init(LoginContext.java:273)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:418)
at
org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
at
org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
at
org.apache.catalina.realm.CombinedRealm.authenticate(CombinedRealm.java:146)
at
org.apache.tomee.catalina.TomEERealm.authenticate(TomEERealm.java:43)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:936)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1004)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
What did I miss? I do not understand the line at the bottom of the page:
/Configure your login module specifically (users.properties for snippets
of this page for instance)/
During my search I came on the page
http://fusesource.com/docs/broker/5.3/security/Auth-JAAS-AuthentPlugin.html
with a similar config only there the login.config contains a class for
the users and groups properties.
Regards,
Marco
