Hi Christopher, This is no issue with loading jaas.config. The file is loaded fine. I've set the java options as below. -Djava.security.auth.login.config=C:\Program Files\Apache Software Foundation\Tomcat 9.0\conf\jaas.config
The above path is correct. Just to verify if the file is loaded, I changed the path to that do not exist and I go the file not exception. This proves that the value I've for jaas.config is right. Did you look at code below that I pointed out? This code output that warning message https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r ealm/JAASMemoryLoginModule.java#L384 Thanks, PJ On Sat, Jan 5, 2019 at 7:04 AM Christopher Schultz < [email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > PJ, > > On 1/3/19 12:09, PJ Pillai wrote: > > Hi Christopher, > > > > This is no an issue with locating jaas.config. I've set it in java > > options as -Djava.security.auth.login.config=C:\Program > > Files\Apache Software Foundation\Tomcat 9.0\conf\jaas.config I also > > tested changing a file that do not exist and I got the FileNotFound > > exception so it is not the issue with jaas.config. > > > > From the code what I read is that JAASMemoryLoginModule pathname > > still using the default value (conf/tomcat-users.xml), Tomcat is > > running on Windows so not sure why pathname is > > conf/tomcat-users.xml). > > > > See the line below in the code that log this warning message. > > https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/r > ealm/JAASMemoryLoginModule.java#L384 > <https://github.com/apache/tomcat/blob/trunk/java/org/apache/catalina/realm/JAASMemoryLoginModule.java#L384> > > > > see attached log file. All the JVM arguments in the log are > > correct. > > Your attachment was stripped from the mailing list. > > conf/tomcat-users.xml is never used as a JAAS configuration file. That > is a user database. > > The slashes are "backward" for you because \ is a metacharacter in > almost every OS and programming language. Java translates / to \ on > Windows as necessary. > > - -chris > > > On Thu, Jan 3, 2019 at 6:55 AM Christopher Schultz > > <[email protected] > > <mailto:[email protected]>> wrote: > > > > PJ, > > > > On 1/2/19 22:15, PJ Pillai wrote: > >> Here is additional information. 1. Tomcat is running on Windows > >> 2016 server. 2. Tomcat is started as windows service. > > > >> I tried Tomcat 8.5 as well and still get the same warning > >> message and user is not authenticated. > > > > Did you copy all your system properties from your Tomcat 6 service > > to your Tomcat 9 service? Look in thew "JVM Parameters" (or > > whatever) section of the Tomcat service manager (tomcat9w.exe). > > > > Tomcat needs to know where the JAAS config file is, and that's > > done through a system property. If that property wasn't copied from > > the old service, it probably won't work. > > > > -chris > > > >> On Wed, Jan 2, 2019 at 5:00 PM PJ Pillai <[email protected] > > <mailto:[email protected]>> > >> wrote: > > > >>> Hi, > >>> > >>> > >>> I'm using JAASMemoryLoginModule to authenticate users stored > >>> in tomcat-users.xml. The authentication fails on Tomcat 9 with > >>> following warning message in catalina.xx.log. > >>> > >>> org.apache.catalina.realm.JAASMemoryLoginModule.load Unable to > >>> determine Catalina base to load file [conf/tomcat-users.xml] > >>> > >>> > >>> Here is a stack trace from the web application: > >>> > >>> javax.security.auth.login.FailedLoginException: User name or > >>> password is incorrect at > >>> org.apache.catalina.realm.JAASMemoryLoginModule.login(JAASMemoryLogi > n > > > >>> > Module.java:350) > >>> > >>> > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > >>> at > >>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl > . > > > >>> > java:62) > >>> > >>> > > at > >>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce > s > > > >>> > sorImpl.java:43) > >>> > >>> > > at java.lang.reflect.Method.invoke(Method.java:483) > >>> at > >>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:755) > >>> > >>> > > > >>> > at javax.security.auth.login.LoginContext.access$000(LoginContext.java:1 > > 95) > >>> at > >>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:682) > >>> > >>> > > > >>> > at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680) > >>> at java.security.AccessController.doPrivileged(Native Method) > >>> at > >>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java: > 6 > > > >>> > 80) > >>> > >>> > > at > > javax.security.auth.login.LoginContext.login(LoginContext.java:587) > >>> > >>> > >>> > > > Now the same jaas config and same JVM args, it works fine on > >>> Tomcat 6. > >>> > >>> -Djava.security.auth.login.config=C:\Program Files\Apache > >>> Software Foundation\Tomcat 9.0\conf\jaas.config > >>> > >>> > >>> > >>> > >>> Please help. > >>> > >>> Thanks, PJ > >>> > >>> > >>> > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [email protected] > > <mailto:[email protected]> For additional > > commands, e-mail: [email protected] > > <mailto:[email protected]> > > > > > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ > > iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAlwwx38ACgkQHPApP6U8 > pFhzig//TWFCMfJQT0a5A79jRNz5S9bKCQlFWtq0j6lCSNbnUJ12dywdYGQsIaAR > 6ySX7IIKHiosgLZIUtrU1wwe+GZ31FvpoKe+VAhJVhY/d0ikDJlcwit4bXHqUruh > Nb+ik0yMYV8nmp+OD6ZIXMyrfZjZRokifruZ7AgCqIBwS4nnvR/Wl3GIpXn8ylyX > lVFFzzDJjproM1rqdUeZtrX77GYDXWTMwxM0xzTIPO/RUgtMsgByM57ff4lAT6Jw > BLydBEGhuQYpbJPSxhv8nTY5tT2GRfNik2/E33FWHP0j/nzQWYaxhLCsHBy2wrmZ > ad8K0rT9UycVs9YaRHi7XXwa786vkgl/54s3isPZzWes+8S5gkdVgFqxjMUxAYrU > Hsyfx4o3ITc8ZxWPU6YR8m5/kA8BAjWNVQkHDIDmVsnclQN0fSjv9biJ+kw3otc1 > uA9moeWyUcrv+K1qjtSrxE+0zMHC0xQSNjpnFWiXdrcHJ7hi17vwRw12XzdMt9pg > 7bJ7UPnwS3VgAoz60I3gIugEyhsL7TeETJVd7yhnHfQUM1xLHDJvekszUQdXhscm > 0s8bi6TteWUYdIx60HVADMVRVH2Ilj5qPrKzHyJyqGR/yNRCbGPRIqXjW3OGqqAF > 6mFH4jvcb7w8FJtmkZCuJxebbnadxlf44+sKIUEsEPbJtE5C0W8= > =aRAr > -----END PGP SIGNATURE----- > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
