Hi
all,
I am trying to implement
a secured web application in Jboss. I first tried configuring with LDAP
..
but failed . Now i am trying
for a simple authentication based on UsersRolesLoginModule.
a)
I have created the users.properties and
roles.properties file and kept them in the conf
directory.
My roles.properties
looks like this
NimayaTesterGa=nShareSysAdminRole,nShareConfigAdminRole
NimayaTesterGa=itq
My login-config.xml looks
as below ,
<application-policy name =
"testSecurity">
<!-- A simple
server login module, which can be used when the
number
of users is relatively small. It
uses two properties files:
users.properties, which holds users (key) and their password
(value).
roles.properties, which holds
users (key) and a comma-separated list
of
their roles
(value).
The unauthenticatedIdentity
property defines the name of the
principal
that will be used when a null
username and password are presented as
is
the case for an unuathenticated web
client or MDB. If you want to
allow such
users to be authenticated add the property,
e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code =
"org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
<module-option
name="usersProperties">users.properties</module-option>
<module-option
name="rolesProperties">roles.properties</module-option>
<module-option
name="hashAlgorithm">MD5</module-option>
<module-option
name="hashEncoding">base64</module-option>
<module-option
name="unauthenticatedIdentity">nobody</module-option>
<module-option
name="password-stacking">useFirstPass</module-option>
</authentication>
</application-policy>
</policy>
I have changed the jboss.xml and jboss-web.xml to include the security-domain.
The application is getting deployed successfully but when i try to access the application it is giving the following exception,
java.lang.SecurityException: Authentication exception,
principal=null
at
org.jboss.ejb.plugins.SecurityInterceptor.checkSecurityAssociation(SecurityInterceptor.java:173)
at
org.jboss.ejb.plugins.SecurityInterceptor.invokeHome(SecurityInterceptor.java:94)
at
org.jboss.ejb.plugins.LogInterceptor.invokeHome(LogInterceptor.java:129)
at
org.jboss.ejb.StatelessSessionContainer.invokeHome(StatelessSessionContainer.java:300)
a t
org.jboss.ejb.Container.invoke(Container.java:730)
at
org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:517)
at
org.jboss.invocation.local.LocalInvoker.invoke(LocalInvoker.java:98)
at
org.jboss.invocation.InvokerInterceptor.invoke(InvokerInterceptor.java:102)
at
org.jboss.proxy.TransactionInterceptor.invoke(TransactionInterceptor.java:77)
at
org.jboss.proxy.SecurityInterceptor.invoke(SecurityInterceptor.java:80)
at
org.jboss.proxy.ejb.HomeInterceptor.invoke(HomeInterceptor.java:198)
at
org.jboss.proxy.ClientContainer.invoke(ClientContainer.java:76)
at
$Proxy72.create(Unknown
Source)
at
com.nimaya.nshare.nengine.nengineclient.configmanager.configservlet.ConfigServlet.getnEngineConfigServerObject(ConfigServlet.java:170)
at
com.
nimaya.nshare.nengine.nengineclient.configmanager.configservlet.ConfigServlet.doGet(ConfigServlet.java:258)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:740)
at
javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:260)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:527)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.CertificatesValve.invoke(CertificatesValve.java:246)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2396)
at
org.a
pache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:180)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:172)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:469)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:641)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:174)
at
org.apache.catalina.core.StandardPipeline$StandardPipelineValveContext.invokeNext(StandardPipeline.java:643)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:480)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:995)
at
org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1040)
at
org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1151)
at
java.lang.Thread.run(Thread.java:484)
I am getting the same exception in using Jetty also .
b) there is another probelm i am facing while deploying my application while deploying in Jboss with Jetty . I am using an applet in my application.
Jetty is throwing problems with regard to the applet. After authenticating it is throwing up another screen to enter the network password. If i don't give anything even if i give the correct username and password , it is saying principal= null .
Is it necessary that i need to have signed applet with regard to Jetty . I have tried modifying the Permisssions for the applet but am unable to get Jetty to read that.
Strangely TOMCAT is not giving a problem with regard to the applet.
Please help me with my problems.
Awaiting your replies ,
Thank You
Dhiraj Ramakrishnan