geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Mulder" <ammul...@alumni.princeton.edu>
Subject Re: Location of JAAS config file
Date Sun, 11 Jun 2006 13:30:33 GMT
Oh -- Geronimo calls your login module twice -- the first time it's
just "exploring" and it throws this exception and you should ignore
it.

Thanks,
     Aaron

On 6/11/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
> I created the gbean and the loginmodules can now be found. :)
>
> But now I get the following error:
> javax.security.auth.callback.UnsupportedCallbackException: DO NOT
> PROCEED WITH THIS LOGIN
>         at
> org.apache.geronimo.security.jaas.server.DecouplingCallbackHandler.handl
> e(DecouplingCallbackHandler.java:43)
>
> ...
>
>         at java.lang.Thread.run(Thread.java:534)
> javax.security.auth.login.LoginException: Error filling callback list
>         at
> org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(ServerLo
> ginProxy.java:78)
>         at
> org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performLog
> in(JaasLoginCoordinator.java:189)
>
> ...
>
>         at java.lang.Thread.run(Thread.java:534)
> Caused by: java.lang.NullPointerException
>         at java.lang.String.<init>(String.java:166)
> ...
>
>
> -----Original Message-----
> From: Sunny Saxena [mailto:Sunny_Saxena@infosys.com]
> Sent: Sunday, June 11, 2006 12:15 PM
> To: user@geronimo.apache.org
> Subject: RE: Location of JAAS config file
>
>
> Sorry, if I am getting this wrong.
> The scenario that I have is something like this:
>
> I have an ear deployed under geronimo.
> The ear contains a web-app which at one point of time, asks a user for a
> username and password.
> This username/password are authenticated using JAAS. The Loginmodules
> defined for this JAAS authentication are placed in the JAAS config file.
>
> The problem is not with authenticating with geronimo, but with my
> internal authentication. The file needed for my authentication, needs to
> be set as the java system property. If I add that to my geronimo.bat
> file, then I can see the property getting set. (in Console > JVM
> Information).
>
> But when the code tries to get it, its failing, and saying that no login
> modules are defined.
>
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Sunday, June 11, 2006 10:59 AM
> To: user@geronimo.apache.org
> Subject: Re: Location of JAAS config file
>
>
> On Jun 10, 2006, at 10:01 PM, Sunny Saxena wrote:
>
> > What if I don't want to use geronimo's security realms. My application
>
> > internally challenges the user for authentication and for that it uses
>
> > JAAS. Now jaas uses its config file to pick up login module
> > definitions... I need to specify the location of the config file. On
> > other app servers like weblogic, I used to add the system property
> > -Djava.security.auth.login.config=etc\example.conf in the server
> > startup file, in the java execution path.
> >
> > But in geronimo, doing that is not working.
>
> correct.  We don't use that style of jaas configuration.
> > I hope I got my point through. :)
> >
> > Thanks
> > PS: the application is already built. We don't want to make major
> > changes in its working structure.
>
> You should be able to do this without changing your packaged j2ee
> application at all.   You will need a geronimo deployment plan.  What
> you need to do is write gbean configurations that set up the equivalent
> login module configuration to your example.conf and include these in
> your geronimo plan.  When you deploy the app with this plan, the login
> modules will be properly configured.  Aaron provided some gbean
> configuration example below although he used a different realm name than
> you, something closer to your example would be
>
>     <gbean name="ExampleRealm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name="realmName">example</attribute>
>         <reference name="ServerInfo">
>             <name>ServerInfo</name>
>         </reference>
>         <reference name="LoginService">
>             <name>JaasLoginService</name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <login-config
> xmlns="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
>                 <login-module control-flag="REQUIRED"
> server-side="true" wrap-principals="false">
>                     <login-domain-name>example</login-domain-name>
>                     <login-module-class>com.test.DBLoginModule</login-
> module-class>
>                 </login-module>
>             </login-config>
>         </xml-reference>
>     </gbean>
>
>
> This would go as the last element in your geronimo plan.  Since I don't
> know what kind of app you are deploying (ejb, web, ear, app-
> client) I'm not going to guess at what the rest of the plan might look
> like.
>
> thanks
> david jencks
>
>
>
> >
> > -----Original Message-----
> > From: Alan D. Cabrera [mailto:list@toolazydogs.com]
> > Sent: Saturday, June 10, 2006 9:36 PM
> > To: user@geronimo.apache.org
> > Subject: Re: Location of JAAS config file
> >
> > I would change that statement to:
> >
> > In Geronimo, we don't have use a JAAS conf file.  You could instead
> > declare and deploy security realms using a Geronimo deployment plan,
> > like many other components.
> >
> >
> > Regards,
> > Alan
> >
> >
> > Aaron Mulder wrote:
> >> In Geronimo, we don't use a JAAS conf file, but instead let you
> >> declare and deploy security realms using a Geronimo deployment plan,
> >> like many other components.  There is some special syntax for
> >> security
> >
> >> realms, though.
> >>
> >> Basically, to create a realm called DatabaseRealm using the JAAS
> >> login
> >
> >> module DBLoginModule and the flag required, you could use a plan like
>
> >> the one below.  Either you can deploy this plan with a JAR containing
>
> >> the DBLoginModule class, or you could put the login module class in a
>
> >> JAR in the Geronimo repository and then add a dependency on that JAR
> >> to the environment element in the plan and deploy the plan on its
> >> own.
> >>
> >> Another option is to add your security realm (the "gbean" element in
> >> the plan below) directly to the Geronimo plan for a WAR or EAR or
> >> something, and add the login module classes to that component (in
> >> WEB-INF/lib or in an EJB JAR, etc.).  That way the realm would always
>
> >> be deployed and undeployed with that module.
> >>
> >> Thanks,
> >>    Aaron
> >>
> >> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
> >>    <environment>
> >>        <moduleId>
> >>            <artifactId>DatabaseRealm</artifactId>
> >>        </moduleId>
> >>        <dependencies>
> >>            <dependency>
> >>                <groupId>geronimo</groupId>
> >>                <artifactId>j2ee-security</artifactId>
> >>                <type>car</type>
> >>            </dependency>
> >>        </dependencies>
> >>    </environment>
> >>    <gbean name="DatabaseRealm"
> >> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> >>        <attribute name="realmName">DatabaseRealm</attribute>
> >>        <reference name="ServerInfo">
> >>            <name>ServerInfo</name>
> >>        </reference>
> >>        <reference name="LoginService">
> >>            <name>JaasLoginService</name>
> >>        </reference>
> >>        <xml-reference name="LoginModuleConfiguration">
> >>            <login-config
> >> xmlns="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
> >>                <login-module control-flag="REQUIRED"
> >> server-side="true" wrap-principals="false">
> >>
> >> <login-domain-name>DatabaseRealm</login-domain-name>
> >>
> >> <login-module-class>com.test.DBLoginModule</login-module-class>
> >>                    <option name="...">..</option>
> >>                    <option name="...">...</option>
> >>                </login-module>
> >>            </login-config>
> >>        </xml-reference>
> >>    </gbean>
> >> </module>
> >>
> >> On 6/10/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
> >>>
> >>>
> >>> My application deployed under gerenimo, uses JAAS for
> >>> authentication.
> >
> >>> The
> >>> login modules are picked up from a config file, example.conf.
> >>> Generally in other app servers, I just add the system property,
> >>>
> >>> -Djava.security.auth.login.config=etc\example.conf
> >>>
> >>> in the java execution path, and it works. But in gerenimo, it is
> >>> unable to locate any login modules.
> >>>
> >>> The Error:
> >>> javax.security.auth.login.LoginException: No LoginModules configured
>
> >>> for example
> >>>
> >>> File:
> >>> example.conf:::
> >>>
> >>> example {
> >>> com.test.DBLoginModule required;
> >>> }
> >>>
> >>> Thanks
> >>> **************** CAUTION - Disclaimer *****************  This e-mail
>
> >>> contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely for
>
> >>> the use of the addressee(s). If you are not the intended recipient,
> >>> please notify the sender by e-mail and delete the original message.
> >>> Further, you are not to copy, disclose, or distribute this e-mail or
>
> >>> its contents to any other person and any such actions are unlawful.
> >>> This e-mail may contain viruses. Infosys has taken every reasonable
> >>> precaution to minimize this risk, but is not liable for any damage
> >>> you may sustain as a result of any virus in this e-mail. You should
> >>> carry out your own virus checks before opening the e-mail or
> >>> attachment. Infosys reserves the right to monitor and review the
> >>> content of all messages sent to or from this e-mail address.
> >>> Messages
> >
> >>> sent to or from this e-mail address may be stored on the Infosys
> >>> e-mail system.
> >>>  ***INFOSYS******** End of Disclaimer ********INFOSYS***
> >>>
> >
>
>

Mime
View raw message