[ http://issues.apache.org/jira/browse/GERONIMO-1602?page=comments#action_12450348 ] Vamsavardhana Reddy commented on GERONIMO-1602: -----------------------------------------------
I have tested the following scenario in server built from branches\1.1. I have created a login module (MyOwnLoginModule) & a principal class (MyPrincipal) and placed the jar in WEB-INF\lib directory. I have added a security realm gbean to geronimo-web.xml and configured the application to authenticate against this realm. The application deploys and runs fine. If I use GeronimoUserPrincipal in the login-module class and in role-mapping the security part works fine. Problem is with using "MyPrincipal". The login is succeeding, but, the authorization is not working as expected. I guess the problem is due to classLoaders. Having the loginmodule and principal classess in WEB-INF\classes dir or in a jar under WEB-INF\lib did not make a difference. > Switching from Tomcat causes error in JAAS module: "Unable to instantiate > login module" > --------------------------------------------------------------------------------------- > > Key: GERONIMO-1602 > URL: http://issues.apache.org/jira/browse/GERONIMO-1602 > Project: Geronimo > Issue Type: Bug > Security Level: public(Regular issues) > Components: security, Tomcat > Affects Versions: 1.0 > Environment: Windows XP Prof, JDK 1.5.0_06, Geronimo 1.0 (Tomcat, > .zip) > Reporter: Karsten Voges > Fix For: 1.1.x > > Attachments: geronimo-JAAS-login-error.txt > > > I have a problem with porting a Tomcat application to Geronimo. The error > stacktrace is attached. > I deployed the war without any deployment plan and the app seams to be > working (JSPs work and the startup-servlet works as well) > But the JAASLoginModule was missing, so I could not log in. -> so far no > Problem! > Afterwards I configured a security realm with the console and after a restart > my app does not complain about a missing LoginModule but throws the attached > error stacktrace. > For Tomcat I do the following: > in catalina.properties I set > #######JAAS > java.security.auth.login.config=${catalina.base}/conf/login.config > and the login.config looks like this: > MyApp { > de.jato.security.auth.module.JatoServletLoginModule Sufficient > loginServlet="/login/login.jsp"; > }; > I tried to use a special geronimo-web.xml where I set the > <context-priority-classloader>true</context-priority-classloader> > But I still get the same error: > javax.security.auth.login.LoginException: > org.apache.geronimo.common.GeronimoSecurityException: Unable to instantiate > login module > Caused by: java.lang.ClassNotFoundException: > de.jato.security.auth.module.JatoServletLoginModule > Am I doing something wrong? The class is in the war I deployed, and > everything works fine in Tomcat. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira