I'm looking into using JAAS/Jboss security for the first time. I thoguht I would try to get the hang of it by securing the web-console and jmx-console with the generic password file method. I looked into the following rescources and followed the directions they contain.
http://docs.jboss.org/jbossas/admindevel326/html/ch8.chapter.html http://www.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole After making the changes suggested, my configuration looks like: /usr/local/jboss/server/default/conf/login-config | *SNIPPED* | <application-policy name = "web-console"> | <authentication> | <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" | flag = "required"> | <module-option name="usersProperties">web-console-users.properties</module-option> | <module-option name="rolesProperties">web-console-roles.properties</module-option> | </login-module> | </authentication> | </application-policy> | *SNIPPED* | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/jboss-web.xml | <?xml version='1.0' encoding='UTF-8' ?> | | <!DOCTYPE jboss-web | PUBLIC "-//JBoss//DTD Web Application 2.3V2//EN" | "http://www.jboss.org/j2ee/dtd/jboss-web_3_2.dtd";> | | <jboss-web> | <!-- Isolate the console mgr classes from other deployments --> | <class-loading> | <loader-repository> | jboss.console:sar=console-mgr.sar | <loader-repository-config> | java2ParentDelegation=true | </loader-repository-config> | </loader-repository> | </class-loading> | <security-domain>java:/jaas/web-console</security-domain> | </jboss-web> | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/web.xml | *SNIPPED* | <security-constraint> | <web-resource-collection> | <web-resource-name>HtmlAdaptor</web-resource-name> | <description>An example security config that only allows users with the | role JBossAdmin to access the HTML JMX console web application | </description> | <url-pattern>/*</url-pattern> | <http-method>GET</http-method> | <http-method>POST</http-method> | </web-resource-collection> | <auth-constraint> | <role-name>JBossAdmin</role-name> | </auth-constraint> | </security-constraint> | | | <login-config> | <auth-method>BASIC</auth-method> | <realm-name>JBoss WEB Console</realm-name> | </login-config> | | <security-role> | <role-name>JBossAdmin</role-name> | </security-role> | *SNIPPED* | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-users.properties | admin=blerg | /usr/local/jboss/server/default/deploy/management/web-console.war/WEB-INF/classes/web-console-roles.properties | admin=JBossAdmin | When I go to http://localhost:8080/web-console/ I am greeted with a login prompt, however, an exception is thrown before I ever even submit the login info. The exception follows: | 14:06:05,419 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files | java.io.IOException: Properties file users.properties not found | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadProperties(UsersRolesLoginModule.java:217) | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:234) | at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:100) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:662) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) | at javax.security.auth.login.LoginContext.login(LoginContext.java:534) | at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316) | at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) | at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) | at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) | at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) | at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) | at java.lang.Thread.run(Thread.java:534) | 14:06:05,423 WARN [JAASRealm] Login exception authenticating username | javax.security.auth.login.LoginException: Missing users.properties file. | at org.jboss.security.auth.spi.UsersRolesLoginModule.login(UsersRolesLoginModule.java:120) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:324) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:675) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:129) | at javax.security.auth.login.LoginContext$4.run(LoginContext.java:610) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:607) | at javax.security.auth.login.LoginContext.login(LoginContext.java:534) | at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:316) | at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129) | at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:54) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:118) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) | at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104) | at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520) | at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929) | at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160) | at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799) | at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705) | at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577) | at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683) | at java.lang.Thread.run(Thread.java:534) | Why is the UsersRolesLoginModules still attempting to open a file named "users.properties" when login-config.xml is passing in the filename of "web-console-users.properties"? View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3865613#3865613 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3865613 ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ JBoss-user mailing list JBoss-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/jboss-user
