geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Sunny Saxena" <Sunny_Sax...@infosys.com>
Subject RE: Location of JAAS config file
Date Mon, 12 Jun 2006 03:02:11 GMT
Hey Aaron,

OK that is fine. But I also get the "Error filling callback list"....


  at java.lang.Thread.run(Thread.java:534)
> javax.security.auth.login.LoginException: Error filling callback list
>         at
> org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(Server
> Lo
> ginProxy.java:78)
>         at
> org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performL
> og
> in(JaasLoginCoordinator.java:189)
>
> ...
>
>         at java.lang.Thread.run(Thread.java:534)
> Caused by: java.lang.NullPointerException
>         at java.lang.String.<init>(String.java:166)
> ...
>



-----Original Message-----
From: ammulder@gmail.com [mailto:ammulder@gmail.com] On Behalf Of Aaron
Mulder
Sent: Sunday, June 11, 2006 7:01 PM
To: user@geronimo.apache.org
Subject: Re: Location of JAAS config file

Oh -- Geronimo calls your login module twice -- the first time it's just
"exploring" and it throws this exception and you should ignore it.

Thanks,
     Aaron

On 6/11/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
> I created the gbean and the loginmodules can now be found. :)
>
> But now I get the following error:
> javax.security.auth.callback.UnsupportedCallbackException: DO NOT 
> PROCEED WITH THIS LOGIN
>         at
> org.apache.geronimo.security.jaas.server.DecouplingCallbackHandler.han
> dl
> e(DecouplingCallbackHandler.java:43)
>
> ...
>
>         at java.lang.Thread.run(Thread.java:534)
> javax.security.auth.login.LoginException: Error filling callback list
>         at
> org.apache.geronimo.security.jaas.client.ServerLoginProxy.login(Server
> Lo
> ginProxy.java:78)
>         at
> org.apache.geronimo.security.jaas.client.JaasLoginCoordinator.performL
> og
> in(JaasLoginCoordinator.java:189)
>
> ...
>
>         at java.lang.Thread.run(Thread.java:534)
> Caused by: java.lang.NullPointerException
>         at java.lang.String.<init>(String.java:166)
> ...
>
>
> -----Original Message-----
> From: Sunny Saxena [mailto:Sunny_Saxena@infosys.com]
> Sent: Sunday, June 11, 2006 12:15 PM
> To: user@geronimo.apache.org
> Subject: RE: Location of JAAS config file
>
>
> Sorry, if I am getting this wrong.
> The scenario that I have is something like this:
>
> I have an ear deployed under geronimo.
> The ear contains a web-app which at one point of time, asks a user for

> a username and password.
> This username/password are authenticated using JAAS. The Loginmodules 
> defined for this JAAS authentication are placed in the JAAS config
file.
>
> The problem is not with authenticating with geronimo, but with my 
> internal authentication. The file needed for my authentication, needs 
> to be set as the java system property. If I add that to my 
> geronimo.bat file, then I can see the property getting set. (in 
> Console > JVM Information).
>
> But when the code tries to get it, its failing, and saying that no 
> login modules are defined.
>
>
> -----Original Message-----
> From: David Jencks [mailto:david_jencks@yahoo.com]
> Sent: Sunday, June 11, 2006 10:59 AM
> To: user@geronimo.apache.org
> Subject: Re: Location of JAAS config file
>
>
> On Jun 10, 2006, at 10:01 PM, Sunny Saxena wrote:
>
> > What if I don't want to use geronimo's security realms. My 
> > application
>
> > internally challenges the user for authentication and for that it 
> > uses
>
> > JAAS. Now jaas uses its config file to pick up login module 
> > definitions... I need to specify the location of the config file. On

> > other app servers like weblogic, I used to add the system property 
> > -Djava.security.auth.login.config=etc\example.conf in the server 
> > startup file, in the java execution path.
> >
> > But in geronimo, doing that is not working.
>
> correct.  We don't use that style of jaas configuration.
> > I hope I got my point through. :)
> >
> > Thanks
> > PS: the application is already built. We don't want to make major 
> > changes in its working structure.
>
> You should be able to do this without changing your packaged j2ee
> application at all.   You will need a geronimo deployment plan.  What
> you need to do is write gbean configurations that set up the 
> equivalent login module configuration to your example.conf and include

> these in your geronimo plan.  When you deploy the app with this plan, 
> the login modules will be properly configured.  Aaron provided some 
> gbean configuration example below although he used a different realm 
> name than you, something closer to your example would be
>
>     <gbean name="ExampleRealm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>         <attribute name="realmName">example</attribute>
>         <reference name="ServerInfo">
>             <name>ServerInfo</name>
>         </reference>
>         <reference name="LoginService">
>             <name>JaasLoginService</name>
>         </reference>
>         <xml-reference name="LoginModuleConfiguration">
>             <login-config
> xmlns="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
>                 <login-module control-flag="REQUIRED"
> server-side="true" wrap-principals="false">
>                     <login-domain-name>example</login-domain-name>
>                     <login-module-class>com.test.DBLoginModule</login-
> module-class>
>                 </login-module>
>             </login-config>
>         </xml-reference>
>     </gbean>
>
>
> This would go as the last element in your geronimo plan.  Since I 
> don't know what kind of app you are deploying (ejb, web, ear, app-
> client) I'm not going to guess at what the rest of the plan might look

> like.
>
> thanks
> david jencks
>
>
>
> >
> > -----Original Message-----
> > From: Alan D. Cabrera [mailto:list@toolazydogs.com]
> > Sent: Saturday, June 10, 2006 9:36 PM
> > To: user@geronimo.apache.org
> > Subject: Re: Location of JAAS config file
> >
> > I would change that statement to:
> >
> > In Geronimo, we don't have use a JAAS conf file.  You could instead 
> > declare and deploy security realms using a Geronimo deployment plan,

> > like many other components.
> >
> >
> > Regards,
> > Alan
> >
> >
> > Aaron Mulder wrote:
> >> In Geronimo, we don't use a JAAS conf file, but instead let you 
> >> declare and deploy security realms using a Geronimo deployment 
> >> plan, like many other components.  There is some special syntax for

> >> security
> >
> >> realms, though.
> >>
> >> Basically, to create a realm called DatabaseRealm using the JAAS 
> >> login
> >
> >> module DBLoginModule and the flag required, you could use a plan 
> >> like
>
> >> the one below.  Either you can deploy this plan with a JAR 
> >> containing
>
> >> the DBLoginModule class, or you could put the login module class in

> >> a
>
> >> JAR in the Geronimo repository and then add a dependency on that 
> >> JAR to the environment element in the plan and deploy the plan on 
> >> its own.
> >>
> >> Another option is to add your security realm (the "gbean" element 
> >> in the plan below) directly to the Geronimo plan for a WAR or EAR 
> >> or something, and add the login module classes to that component 
> >> (in WEB-INF/lib or in an EJB JAR, etc.).  That way the realm would 
> >> always
>
> >> be deployed and undeployed with that module.
> >>
> >> Thanks,
> >>    Aaron
> >>
> >> <module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.1">
> >>    <environment>
> >>        <moduleId>
> >>            <artifactId>DatabaseRealm</artifactId>
> >>        </moduleId>
> >>        <dependencies>
> >>            <dependency>
> >>                <groupId>geronimo</groupId>
> >>                <artifactId>j2ee-security</artifactId>
> >>                <type>car</type>
> >>            </dependency>
> >>        </dependencies>
> >>    </environment>
> >>    <gbean name="DatabaseRealm"
> >> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> >>        <attribute name="realmName">DatabaseRealm</attribute>
> >>        <reference name="ServerInfo">
> >>            <name>ServerInfo</name>
> >>        </reference>
> >>        <reference name="LoginService">
> >>            <name>JaasLoginService</name>
> >>        </reference>
> >>        <xml-reference name="LoginModuleConfiguration">
> >>            <login-config
> >> xmlns="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
> >>                <login-module control-flag="REQUIRED"
> >> server-side="true" wrap-principals="false">
> >>
> >> <login-domain-name>DatabaseRealm</login-domain-name>
> >>
> >> <login-module-class>com.test.DBLoginModule</login-module-class>
> >>                    <option name="...">..</option>
> >>                    <option name="...">...</option>
> >>                </login-module>
> >>            </login-config>
> >>        </xml-reference>
> >>    </gbean>
> >> </module>
> >>
> >> On 6/10/06, Sunny Saxena <Sunny_Saxena@infosys.com> wrote:
> >>>
> >>>
> >>> My application deployed under gerenimo, uses JAAS for 
> >>> authentication.
> >
> >>> The
> >>> login modules are picked up from a config file, example.conf.
> >>> Generally in other app servers, I just add the system property,
> >>>
> >>> -Djava.security.auth.login.config=etc\example.conf
> >>>
> >>> in the java execution path, and it works. But in gerenimo, it is 
> >>> unable to locate any login modules.
> >>>
> >>> The Error:
> >>> javax.security.auth.login.LoginException: No LoginModules 
> >>> configured
>
> >>> for example
> >>>
> >>> File:
> >>> example.conf:::
> >>>
> >>> example {
> >>> com.test.DBLoginModule required;
> >>> }
> >>>
> >>> Thanks
> >>> **************** CAUTION - Disclaimer *****************  This 
> >>> e-mail
>
> >>> contains PRIVILEGED AND CONFIDENTIAL INFORMATION intended solely 
> >>> for
>
> >>> the use of the addressee(s). If you are not the intended 
> >>> recipient, please notify the sender by e-mail and delete the
original message.
> >>> Further, you are not to copy, disclose, or distribute this e-mail 
> >>> or
>
> >>> its contents to any other person and any such actions are
unlawful.
> >>> This e-mail may contain viruses. Infosys has taken every 
> >>> reasonable precaution to minimize this risk, but is not liable for

> >>> any damage you may sustain as a result of any virus in this 
> >>> e-mail. You should carry out your own virus checks before opening 
> >>> the e-mail or attachment. Infosys reserves the right to monitor 
> >>> and review the content of all messages sent to or from this e-mail
address.
> >>> Messages
> >
> >>> sent to or from this e-mail address may be stored on the Infosys 
> >>> e-mail system.
> >>>  ***INFOSYS******** End of Disclaimer ********INFOSYS***
> >>>
> >
>
>

Mime
View raw message