Re: [Acegisecurity-developer] JAAS Integration - JBoss hijacking?

Sat, 22 Jul 2006 17:05:22 -0700 

Benjamin, you posted this thread once already. Myself and some others
already replied.
Please read the replies to your previous post.

On 7/20/06, Benjamin Brown <[EMAIL PROTECTED]> wrote:
> Hi,
>
> I'm new to Acegi but I understand the basic concepts well enough to
> configure it with our Spring based webapp.
>
> I'm having a particular problem with JAAS and Kerberos integration - it
> appears our JBoss application server is possibly hijacking
> authentication calls by JAAS but I'm unsure why. Its looking for a
> users/passwords/role file despite being configured to use Kerberos, not
> a dao setup. Does anyone know how to prevent this?
>
> Any pointers would be greatly appreciated,
>
> Benjamin
>
> Here's the relevant part of the log:
>
> 17:28:40,625 ERROR [UsersRolesLoginModule] Failed to load
> users/passwords/role files
> java.io.IOException: Properties file users.properties not found
>     at
> org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217)
>     at
> org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234)
>     at
> org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100)
>     at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>     at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>     at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>     at java.lang.reflect.Method.invoke(Method.java:324)
>     at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662)
>     at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:129)
>     at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610)
>     at java.security.AccessController.doPrivileged(Native Method)
>     at
> javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607)
>     at javax.security.auth.login.LoginContext.login(LoginContext.java:534)
>     at
> org.acegisecurity.providers.jaas.JaasAuthenticationProvider.authenticate(JaasAuthenticationProvider.java:162)
>
> Here's the JAAS config:
>
> JAASTest {
>       com.sun.security.auth.module.Krb5LoginModule required debug=true;
> };
>
> Here's the relevant parts of the applicationContext-acegi-security.xml
> (kerberos bean is an initializing bean to simply set the relevant
> java.security properties for kerberos on startup) :
>
>     <bean id="authenticationManager"
> class="org.acegisecurity.providers.ProviderManager">
>         <property name="providers">
>             <list>
>                 <ref bean="jaasAuthenticationProvider"/>
>             </list>
>         </property>
>     </bean>
>
> <bean id="jaasAuthenticationProvider"
> class="org.acegisecurity.providers.jaas.JaasAuthenticationProvider">
>         <property
> name="loginConfig"><value>/WEB-INF/login.conf</value></property>
>         <property name="loginContextName"><value>JAASTest</value></property>
>         <property name="callbackHandlers">
>             <list>
>                 <bean
> class="org.acegisecurity.providers.jaas.JaasNameCallbackHandler"/>
>                 <bean
> class="org.acegisecurity.providers.jaas.JaasPasswordCallbackHandler"/>
>               </list>
>           </property>
>           <property name="authorityGranters">
>               <list>
>                 <!-- NOTE OUR ACTUAL PACKAGE NAMES REMOVED FROM THE
> EXAMPLE -->
>                   <bean
> class="OURPACKAGE.security.PrincipalRoleAuthorityGranter"/>
>               </list>
>           </property>
>     </bean>
>
>     <!-- NOTE OUR ACTUAL REALM, PACAKAGE AND KDC REMOVED FROM THE
> EXAMPLE -->
>     <bean id="kerberosBean" class="OURPACKAGE.security.KerberosBean">
>         <property name="realm" value="OURREALM.COM"/>
>         <property name="kdc" value="OURKDC"/>
>            <property name="debug" value="false"/>
>     </bean>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys -- and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Home: http://acegisecurity.org
> Acegisecurity-developer mailing list
> Acegisecurity-developer@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
>

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Home: http://acegisecurity.org
Acegisecurity-developer mailing list
Acegisecurity-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer

Reply via email to