Re: Apache tomcat (7.0.27) is not loading the user and role class for JAASRealm

Mon, 18 Jun 2012 00:31:28 -0700 

Hi,

Thanks for the help so far.
Now my login implementation is working. I added a context.xml file in the
META-INF folder and now those two classes are being loaded. good so far.

Now I want to implement LOGOUT. For this I have a hyperlink named "logout"
on every page. By clicking on that I suppose logout of the LoginModule
should be called. But I do not have a handle to LoginModule class or the
LoginContext class as I am using Form Based Authentication.
below are the entry from my web.config file......

<security-constraint>
        <web-resource-collection>
            <web-resource-name>A Protected Page</web-resource-name>
            <url-pattern>/SMARTSUI.html</url-pattern>
             <url-pattern>/res/protected/img/*</url-pattern>
        </web-resource-collection>

        <auth-constraint>
            <role-name>tomcat</role-name>
        </auth-constraint>
    </security-constraint>
    <security-role>
        <role-name>tomcat</role-name>
    </security-role>

    <login-config>
        <auth-method>FORM</auth-method>
        <realm-name>SMARTSLoginModule</realm-name>
            <form-login-config>
                <form-login-page>/login.html</form-login-page>
                <form-error-page>/error.jsp</form-error-page>
            </form-login-config>
    </login-config>

Here j_securit_check is the owner and it routes the authentication and
authorization. It itself creates the LoginContext class and plugins into
our LoginModule class through jaas.config file.
So my question is how to call LoginModule.logout() and clear the subject
(user and role principals)?

Regards,
Javed

----- Original Message -----

> From: Daniel Mikusa <dmik...@vmware.com>
> To: Tomcat Users List <users@tomcat.apache.org>
> Cc:
> Sent: Wednesday, June 13, 2012 6:25 AM
> Subject: Re: Apache tomcat (7.0.27) is not loading the user and role
class for JAASRealm
>
> ----- Original Message -----
>>  I am creating a website and implement security. For this I am using
>>  Form
>>  based authentication and JAASRealm. I have implemented the login
>>  module and
>>  able to authenticate but while authorizing tomcat is not able to load
>>  the
>>  user and role classes once I start the tomcat server.
>>
>>  It gives the following error on startup (in the
>>  tomcat7-stderr.2012-06-13.log)
>>  Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.
JAASRealm
>>  parseClassNames
>>  SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSUserPrincipal
>>  not
>>  found! Class not added.
>>  Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm
>>  parseClassNames
>>  SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSRolePrincipal
>>  not
>>  found! Class not added.
>
> The classes mentioned above cannot be found.
>
> 1.) What are they classes?  They are not part of Tomcat.
>
> 2.) Have you placed the classes on the classpath somewhere?  If so, where?
>
> Dan
>
>
>
>>
>>  I have taken help from
>>  http://blog.frankel.ch/custom-loginmodule-in-tomcat
>>
>>  I tried even the sample one on the above website but gives the same
>>  error.
>>  Please let me know what am I missing.
>>  --
>>  Regards,
>>  Javed


WARNING
=======


The following is based on Tomcat's documentation. I have not written my own
JAAS Realm, so your mileage may vary.

WARNING
=======

The documentation that I'm basing this on can be found here:

http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm
http://tomcat.apache.org/tomcat-7.0-doc/config/realm.html

There are a few things to note from the blog post.

The place the blog tells you to put the Realm configuration is confusing at
best.

As mentioned in the blog post, you can place your Realm definition in the
Engine, Host, or Context elements. Unfortunately, the notes for the context
element is a bit misleading.

If you place your Realm definition in the Context element, it should be in
one of two places.

1. application's META-INF/context.xml
2. CATALINA_BASE/conf/Catalina/[hostname]/appname.xml.
   [hostname] is typically localhost
   appname.xml is the "name of your application".xml.

I suppose you could also place the Realm definition in
CATALINA_BASE/conf/Catalina/[hostname]/context.xml.default.

Placing your classes (LoginModule and Principal) within Tomcat combined
with the above information probably follows the logic below. Again, I've
not tried this. I'm just reading the documentation.

1. If you define your JAASRealm in your application's context.xml

a. Place the LoginModule and Principle classes in WEB-INF/classes or
   WEB-INF/lib of your application
b. No special attribute needs to be set

2. If you define your JAASRealm in Engine or Host (server.xml)

a. Place the LoginModule and Principle classes in CATALINA_HOME/lib as a
jar file
b. Add the following attribute to the JAASRealm definition

   useContextClassLoader="true"

This tells Tomcat to use the container classloader rather than the
application's classloader to find the classes.

An advantage of doing things the first way is that you can easily change
your JAAS implementation and just reload the web application.

An advantage of doing things the second way is that you only have to define
the resource once for the entire Engine or Host. However changes to the
implementation would then require a Tomcat restart.

In any event, you'll need to indicate where your jaas.config file lives.
The easiest way to do this is by setting a JAVA_OPTS environment variable.

1. Create a setenv.sh (or setenv.bat if you're on Windows)
2. Add the information to JAVA_OPTS. In a setenv.sh file, it would look
like:

JAVA_OPTS="-Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config"
export JAVA_OPTS

Note that the examples for doing this in both the Tomcat documentation and
the JAAS documentation have a double equals ( == ) sign for the assignment.
I'm not sure why this is the case.

Again, this is just my reading of the documentation. Your mileage may vary.

. . . only one cent, since I've no experience
/mde/



Hi,

Those two classes are created by myself. They implement
"java.security.Principal" interface in order to hookup JAASRealm in tomcat.
I have attached the classes. Please rename the smarts_zip to smarts.zip
after downloading.

Following are the entries in red color for this in the server.xml file of
the tomcat.

<Realm className="org.apache.catalina.realm.LockOutRealm">-->
            <Realm className="org.apache.catalina.realm.JAASRealm"
               appName="SMARTSLoginModule"
               userClassNames="com.cogent3M.SMARTS.Core.General.
SMARTSUserPrincipal"

roleClassNames="com.cogent3M.SMARTS.Core.General.SMARTSRolePrincipal"/>

      </Realm>

I created a jar file of the two classes and kept everywhere like

C:\Apache\Tomcat7.0\lib
C:\Apache\Tomcat7.0\webapps\MyApp\WEB-INF\lib

I even added that in the Tomcat confirmation window



Please let me know if you need more info or provide any suggestion.
----- Original Message -----
> I am creating a website and implement security. For this I am using
> Form
> based authentication and JAASRealm. I have implemented the login
> module and
> able to authenticate but while authorizing tomcat is not able to load
> the
> user and role classes once I start the tomcat server.
>
> It gives the following error on startup (in the
> tomcat7-stderr.2012-06-13.log)
> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.
JAASRealm
> parseClassNames
> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSUserPrincipal
> not
> found! Class not added.
> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm
> parseClassNames
> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSRolePrincipal
> not
> found! Class not added.

The classes mentioned above cannot be found.

1.) What are they classes?  They are not part of Tomcat.

2.) Have you placed the classes on the classpath somewhere?  If so, where?

Dan



>
> I have taken help from
> http://blog.frankel.ch/custom-loginmodule-in-tomcat
>
> I tried even the sample one on the above website but gives the same
> error.
> Please let me know what am I missing.
> --
> Regards,
> Javed
> ====================================================================
> Even a big pot full of water will be emptied by a small hole.
> Similarly just a little anger or ego will burn the nobility of good
> heart.
> ====================================================================
>


On Wed, Jun 13, 2012 at 5:10 PM, javed ansari <javed....@gmail.com> wrote:

> I am creating a website and implement security. For this I am using Form
> based authentication and JAASRealm. I have implemented the login module and
> able to authenticate but while authorizing tomcat is not able to load the
> user and role classes once I start the tomcat server.
>
> It gives the following error on startup (in the
> tomcat7-stderr.2012-06-13.log)
> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm
> parseClassNames
> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSUserPrincipal not
> found! Class not added.
> Jun 13, 2012 4:11:47 PM org.apache.catalina.realm.JAASRealm
> parseClassNames
> SEVERE: Class com.cogent3M.SMARTS.Core.General.SMARTSRolePrincipal not
> found! Class not added.
>
> I have taken help from
> http://blog.frankel.ch/custom-loginmodule-in-tomcat
>
> I tried even the sample one on the above website but gives the same error.
> Please let me know what am I missing.
>


-- 
Regards,
Javed
====================================================================
Even a big pot full of water will be emptied by a small hole.
Similarly just a little anger or ego will burn the nobility of good heart.
====================================================================

Reply via email to