[jboss-user] [Security & JAAS/JBoss] - Basic auth apache fronting JBoss!

java123 do-not-reply at jboss.com
Tue Jan 8 13:17:12 EST 2008 

Our webapp is deployed in JBoss which is fronted by apache web server. 
I have configured Basic authorization in my webapp and JBoss. When I do try to access the protected pages from http://localhost:8080/protected/testpage.jsp I get promoted to enter user name and password. Once everything is entered correctly I proceed to the page.

   Now the problem occurs when I try to access the same page from my web server URL(http://myserver.bfm.com/protected/testpage.jsp). Now I am prompted by web server realm to enter user name and password (I set my user name and password to be the same both on JBoss and apache). Once the I enter my credentials I am never prompted by JBoss to enter my credentials again. That can be understandable since the request already had my Basic auth but I get a NullpointerException on the JBoss with following stack trace:

[08-01-2008 12:23:12.904] [3774275] [org.apache.catalina.connector.CoyoteAdapter] [ERROR] [TP-Processor3] An exception or error occurred in the container du
ring the request processing
java.lang.NullPointerException
        at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.hasRole(JBossSecurityMgrRealm.java:286)
        at org.apache.catalina.realm.RealmBase.hasResourcePermission(RealmBase.java:763)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:464)
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:59)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
        at org.apache.jk.server.JkCoyoteHandler.invoke(JkCoyoteHandler.java:307)
        at org.apache.jk.common.HandlerRequest.invoke(HandlerRequest.java:385)
        at org.apache.jk.common.ChannelSocket.invoke(ChannelSocket.java:748)
        at org.apache.jk.common.ChannelSocket.processConnection(ChannelSocket.java:678)
        at org.apache.jk.common.SocketConnection.runIt(ChannelSocket.java:871)
        at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
        at java.lang.Thread.run(Thread.java:595)


Any ideas to why I am getting this exception everytime I try to access the protected page from my web server. I need to do this to protect access from both localhost or web server.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4118019#4118019

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4118019

More information about the jboss-user mailing list