I have a simple war where I used spring-security to implement a BASIC login
using JAAS. It works fine on Tomcat but on JBoss I get the following
error. It seems to be ignoring my spring-security configuration because it
wants to load users/roles from local file.
13:54:02,128 ERROR [UsersRolesLoginModule] Failed to load
users/passwords/role f
iles
java.io.IOException: No properties file: users.properties or defaults:
defaultUs
ers.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)
at
org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRole
sLoginModule.java:186)
at
org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRo
lesLoginModule.java:200)
at
org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRol
esLoginModule.java:127)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.
java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
sorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:585)
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:756)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:1
86)
at
javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6
80)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at
org.springframework.security.providers.jaas.JaasAuthenticationProvide
r.authenticate(JaasAuthenticationProvider.java:190)
at
org.springframework.security.providers.ProviderManager.doAuthenticati
on(ProviderManager.java:188)
at
org.springframework.security.AbstractAuthenticationManager.authentica
te(AbstractAuthenticationManager.java:46)
at
org.springframework.security.ui.basicauth.BasicProcessingFilter.doFil
terHttp(BasicProcessingFilter.java:139)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringS
ecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain
.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.context.HttpSessionContextIntegrationFil
ter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235)
at
org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringS
ecurityFilter.java:53)
at
org.springframework.security.util.FilterChainProxy$VirtualFilterChain
.doFilter(FilterChainProxy.java:390)
at
org.springframework.security.util.FilterChainProxy.doFilter(FilterCha
inProxy.java:175)
at
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D
elegatingFilterProxy.java:236)
at
org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat
ingFilterProxy.java:167)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi
lter.java:96)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:235)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:206)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:230)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:175)
at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit
yAssociationValve.java:182)
at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv
e.java:84)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:127)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:102)
at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC
onnectionValve.java:157)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:109)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav
a:262)
at
org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcesso
r.java:856)
at
org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.pr
ocess(Http11AprProtocol.java:566)
at
org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:15
08)
Here are my configuration files:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http>
<intercept-url pattern="/**" access="ROLE_USER"/>
<http-basic/>
</http>
</beans:beans>
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-2.5.xsd">
<!-- ========================= JAAS Security using Spring
==================================== -->
<bean id="jaasAuthenticationProvider"
class="org.springframework.security.providers.jaas.JaasAuthenticationProvider">
<security:custom-authentication-provider />
<property name="loginConfig" value="/WEB-INF/jaas.conf"/>
<property name="loginContextName" value="JAAS_Config"/>
<property name="callbackHandlers">
<list>
<bean
class="org.springframework.security.providers.jaas.JaasNameCallbackHandler"/>
<bean
class="org.springframework.security.providers.jaas.JaasPasswordCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean
class="com.issinc.cdf.security.WebTASAuthorityGranter"/>
</list>
</property>
</bean>
</beans>
JAAS_Config {
ipt.tas.security.login.WebTASCommonLoginModule required;
};
Why isn't this portable to JBoss?
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer