[Acegisecurity-developer] Spring Security is not portable
I have a simple war where I used spring-security to implement a BASIC login using JAAS. It works fine on Tomcat but on JBoss I get the following error. It seems to be ignoring my spring-security configuration because it wants to load users/roles from local file. 13:54:02,128 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role f iles java.io.IOException: No properties file: users.properties or defaults: defaultUs ers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRole sLoginModule.java:186) at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRo lesLoginModule.java:200) at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRol esLoginModule.java:127) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl. java:39) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces sorImpl.java:25) at java.lang.reflect.Method.invoke(Method.java:585) at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 86) at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:6 80) at javax.security.auth.login.LoginContext.login(LoginContext.java:579) at org.springframework.security.providers.jaas.JaasAuthenticationProvide r.authenticate(JaasAuthenticationProvider.java:190) at org.springframework.security.providers.ProviderManager.doAuthenticati on(ProviderManager.java:188) at org.springframework.security.AbstractAuthenticationManager.authentica te(AbstractAuthenticationManager.java:46) at org.springframework.security.ui.basicauth.BasicProcessingFilter.doFil terHttp(BasicProcessingFilter.java:139) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringS ecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain .doFilter(FilterChainProxy.java:390) at org.springframework.security.context.HttpSessionContextIntegrationFil ter.doFilterHttp(HttpSessionContextIntegrationFilter.java:235) at org.springframework.security.ui.SpringSecurityFilter.doFilter(SpringS ecurityFilter.java:53) at org.springframework.security.util.FilterChainProxy$VirtualFilterChain .doFilter(FilterChainProxy.java:390) at org.springframework.security.util.FilterChainProxy.doFilter(FilterCha inProxy.java:175) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(D elegatingFilterProxy.java:236) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(Delegat ingFilterProxy.java:167) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFi lter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl icationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF ilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV alve.java:230) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV alve.java:175) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Securit yAssociationValve.java:182) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValv e.java:84) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j ava:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j ava:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedC onnectionValve.java:157) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal ve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.jav a:262) at org.apache.coyote.http11.Http11AprProcessor.process(Http11AprProcesso r.java:856) at org.apache.coyote.http11.Http11AprProtocol$Http11ConnectionHandler.pr ocess(Http11AprProtocol.java:566) at org.apache.tomcat.util.net.AprEndpoint$Worker.run(AprEndpoint.java:15 08) Here are my configuration files: beans:beans xmlns=http://www.springframework.org/schema/security; xmlns:beans=http://www.springframework.org/schema/beans; xmlns:xsi=http://www.w3.org/2001/XMLSchema-instance;
Re: [Acegisecurity-developer] Spring Security is not portable
I don't understand. I see the link explains the UsersRolesLoginModule, the property files it uses, and how to subclass it, etc. What I don't understand is what in JBoss needs to be 'fixed' so that spring-security is portable. I'm using JAAS in spring-security so I can't add also add users to UsersRolesLoginModule's property files, etc. Please explain. -Dave On Thu, May 14, 2009 at 6:08 PM, Ray Krueger raykrue...@gmail.com wrote: I have a simple war where I used spring-security to implement a BASIC login using JAAS. It works fine on Tomcat but on JBoss I get the following error. It seems to be ignoring my spring-security configuration because it wants to load users/roles from local file. 13:54:02,128 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role f iles java.io.IOException: No properties file: users.properties or defaults: defaultUs ers.properties found at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRole sLoginModule.java:186) Why isn't this portable to JBoss? It is all portable to JBoss. What you have is a JBoss problem, not an Acegi problem. This might help... http://www.jboss.org/community/wiki/UsersRolesLoginModule -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects ___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer -- Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer
[Acegisecurity-developer] Spring-Security JAAS Configuration
I am trying to create a simple webapp (war) that uses an internal custom JAAS LoginModule to authenticate users, this solution has to work in Tomcat/JBoss/WebSphere. I thought Spring might be a natural fit to provide a generic solution. I have been reading the Spring docs ( http://static.springframework.org/sp...html/jaas.htmlhttp://static.springframework.org/spring-security/site/reference/html/jaas.html) to learn how to use spring security and to begin all was going well. However when I get to chapter 15 which explains JAAS things are not working for me anymore. I suspect the problem is that in this chapter the examples are too brief and leave a lot implied. What I am looking for is basic info on how to configure my applicationContext.xml to use Spring/JAAS. Here is what I have so far: beans xmlns=http://www.springframework.org/schema/beans; ... bean id=jaasAuthenticationProvider class=org.springframework.security.providers.jaas.JaasAuthenticationProvider security:custom-authentication-provider / property name=loginConfig value=/WEB-INF/login.conf/ property name=loginContextName value=WebTAS_JAAS/ property name=callbackHandlers list bean class=org.springframework.security.providers.jaas.JaasNameCallbackHandler/ bean class=org.springframework.security.providers.jaas.JaasPasswordCallbackHandler/ /list /property property name=authorityGranters list bean class=com.issinc.cdf.servlet.TestAuthorityGranter/ /list /property /bean security:http auto-config='true' security:intercept-url pattern=/** access=ROLE_USER/ security:http-basic/ /security:http security:authentication-provider !--What goes here???-- /security:authentication-provider where the file at WEB-INF/login.conf specifies what custom LoginModule to use. This code fails upon JBoss loading this file. I think the problem is that the jaasAuthenticationProvider bean is not tied to the authentication-provider but don't know for sure. Any help is greatly appreciated. -Dave P.S. Also, I'm not sure what code should be in TestAuthorityGranter, I took my best guess but this is not the cause of the current failure. -- The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your production scanning environment may not be a perfect world - but thanks to Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700 Series Scanner you'll get full speed at 300 dpi even with all image processing features enabled. http://p.sf.net/sfu/kodak-com___ Home: http://acegisecurity.org Acegisecurity-developer mailing list Acegisecurity-developer@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/acegisecurity-developer