Hi, folks:
I'm trying to work out a variation of what appears to be a problem
previously encountered via JNDI/JMS and Tomcat. My specific
configuration has a little bit of a different slant, though. I'm
attempting to follow this route:
JSP->JAAS->EJB->database
Previously, I was able to use a JSP to retrieve data through an entity
EJB and it worked fine. When I started working with authentication via
JAAS, I bundled a .jar file with my security classes, including the
LoginModule-derived class that would be used to authenticate a user, and
included it in my webapp/WEB-INF/lib directory.
When I attempt to authenticate via the JSP, however, I get the following
exception:
Error: 500
Location: /scheduler/Login.jsp
Internal Servlet Error:
javax.servlet.ServletException: unable to find LoginModule class:
org.sofbex.security.login.SchedulerModule
at
org.apache.jasper.runtime.PageContextImpl.handlePageException(PageContextImpl.java:457)
at Login_1._jspService(Login_1.java:110)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java)
at
org.apache.tomcat.facade.ServletHandler.doService(ServletHandler.java:500)
at org.apache.tomcat.core.Handler.service(Handler.java:226)
at
org.apache.tomcat.facade.ServletHandler.service(ServletHandler.java:448)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:777)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:699)
at
org.apache.tomcat.modules.server.Http10Interceptor.processConnection(Http10Interceptor.java:142)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:426)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:497)
at java.lang.Thread.run(Thread.java:484)
Root cause:
javax.security.auth.login.LoginException: unable to find LoginModule
class: org.sofbex.security.login.SchedulerModule
at
javax.security.auth.login.LoginContext.invoke(LoginContext.java:649)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:124)
at
javax.security.auth.login.LoginContext$3.run(LoginContext.java:530)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokeModule(LoginContext.java:527)
at
javax.security.auth.login.LoginContext.login(LoginContext.java:448)
at Login_1._jspService(Login_1.java:81)
at
org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:119)
at javax.servlet.http.HttpServlet.service(HttpServlet.java)
at
org.apache.tomcat.facade.ServletHandler.doService(ServletHandler.java:500)
at org.apache.tomcat.core.Handler.service(Handler.java:226)
at
org.apache.tomcat.facade.ServletHandler.service(ServletHandler.java:448)
at
org.apache.tomcat.core.ContextManager.internalService(ContextManager.java:777)
at
org.apache.tomcat.core.ContextManager.service(ContextManager.java:699)
at
org.apache.tomcat.modules.server.Http10Interceptor.processConnection(Http10Interceptor.java:142)
at
org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:426)
at
org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:497)
at java.lang.Thread.run(Thread.java:484)
As I said, the org.sofbex.security.login.SchedulerModule class is
included in security.jar, which is in the webapp/WEB-INF/lib directory.
The jaas.jar and jaas_lm.jar files (supplied by the IBM JAAS for Linux
implementation) are also included in the lib directory.
I had written a main() method into the SchedulerModule class to test its
operation, and it worked fine, so I don't think it's a security issue. I
checked the supplied tomcat.policy file and added full security
permissions for the webapp directory and below, to no avail.
Was there a resolution found for this problem?
Thanks for your help.
Roby Gamboa
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]
