[jboss-jira] [JBoss JIRA] (SECURITY-661) CertRolesLoginModule does not substitute variables in paths to property files
Martin Gencur (JIRA)
jira-events at lists.jboss.org
Thu Jun 7 10:14:18 EDT 2012
[ https://issues.jboss.org/browse/SECURITY-661?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Martin Gencur updated SECURITY-661:
-----------------------------------
Description:
When I use CertificateRoles module in AS7 configuration and specify a path to roles.properties like this:
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
,the server throws the following error:
{code:xml}
ERROR [org.jboss.security.auth.spi.CertRolesLoginModule] (http-/127.0.0.1:8443-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: ${jboss.server.config.dir}/roles.properties or defaults: defaultRoles.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:228) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.auth.spi.CertRolesLoginModule.loadRoles(CertRolesLoginModule.java:153) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.auth.spi.CertRolesLoginModule.initialize(CertRolesLoginModule.java:108) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_26]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_26]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_26]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_26]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:287) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:135) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.16.Final-redhat-1.jar:]
at com.jboss.datagrid.endpoint.RestSecurityContext.invoke(RestSecurityContext.java:143) [jboss-datagrid-server-integration-6.0.0.ER11-redhat-1.jar:6.0.0.ER11-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_26]
{code}
However, when I put the absolute path to that file, it is found. This is noticeable difference from UsersRoles module where it works as expected. The problem is in class picketbox/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
was:
When I use CertificateRoles module in AS7 configuration and specify a path to roles.properties like this:
<module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
,the server throws the following error:
{code}
ERROR [org.jboss.security.auth.spi.CertRolesLoginModule] (http-/127.0.0.1:8443-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: ${jboss.server.config.dir}/roles.properties or defaults: defaultRoles.properties found
at org.jboss.security.auth.spi.Util.loadProperties(Util.java:228) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.auth.spi.CertRolesLoginModule.loadRoles(CertRolesLoginModule.java:153) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.auth.spi.CertRolesLoginModule.initialize(CertRolesLoginModule.java:108) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_26]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_26]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_26]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_26]
at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_26]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:287) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:135) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.16.Final-redhat-1.jar:]
at com.jboss.datagrid.endpoint.RestSecurityContext.invoke(RestSecurityContext.java:143) [jboss-datagrid-server-integration-6.0.0.ER11-redhat-1.jar:6.0.0.ER11-redhat-1]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.16.Final-redhat-1.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:]
at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_26]
{code}
However, when I put the absolute path to that file, it is found. This is noticeable difference from UsersRoles module where it works as expected. The problem is in class picketbox/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
> CertRolesLoginModule does not substitute variables in paths to property files
> -----------------------------------------------------------------------------
>
> Key: SECURITY-661
> URL: https://issues.jboss.org/browse/SECURITY-661
> Project: PicketBox (JBoss Security and Identity Management)
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Affects Versions: PicketBox_v4_0_9.Final
> Reporter: Martin Gencur
> Assignee: Anil Saldhana
> Fix For: PicketBox_4_0_10.Final
>
>
> When I use CertificateRoles module in AS7 configuration and specify a path to roles.properties like this:
> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
> ,the server throws the following error:
> {code:xml}
> ERROR [org.jboss.security.auth.spi.CertRolesLoginModule] (http-/127.0.0.1:8443-1) Failed to load users/passwords/role files: java.io.IOException: No properties file: ${jboss.server.config.dir}/roles.properties or defaults: defaultRoles.properties found
> at org.jboss.security.auth.spi.Util.loadProperties(Util.java:228) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.security.auth.spi.CertRolesLoginModule.loadRoles(CertRolesLoginModule.java:153) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.security.auth.spi.CertRolesLoginModule.initialize(CertRolesLoginModule.java:108) [picketbox-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) [rt.jar:1.6.0_26]
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) [rt.jar:1.6.0_26]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) [rt.jar:1.6.0_26]
> at java.lang.reflect.Method.invoke(Method.java:597) [rt.jar:1.6.0_26]
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) [rt.jar:1.6.0_26]
> at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) [rt.jar:1.6.0_26]
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683) [rt.jar:1.6.0_26]
> at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.6.0_26]
> at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680) [rt.jar:1.6.0_26]
> at javax.security.auth.login.LoginContext.login(LoginContext.java:579) [rt.jar:1.6.0_26]
> at org.jboss.security.authentication.JBossCachedAuthenticationManager.defaultLogin(JBossCachedAuthenticationManager.java:449) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.security.authentication.JBossCachedAuthenticationManager.proceedWithJaasLogin(JBossCachedAuthenticationManager.java:383) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.security.authentication.JBossCachedAuthenticationManager.authenticate(JBossCachedAuthenticationManager.java:371) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.security.authentication.JBossCachedAuthenticationManager.isValid(JBossCachedAuthenticationManager.java:160) [picketbox-infinispan-4.0.9.Final-redhat-1.jar:4.0.9.Final-redhat-1]
> at org.jboss.as.web.security.JBossWebRealm.authenticate(JBossWebRealm.java:287) [jboss-as-web-7.1.2.Final-redhat-1.jar:7.1.2.Final-redhat-1]
> at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:135) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:455) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at com.jboss.datagrid.endpoint.RestSecurityContext.invoke(RestSecurityContext.java:143) [jboss-datagrid-server-integration-6.0.0.ER11-redhat-1.jar:6.0.0.ER11-redhat-1]
> at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:679) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:]
> at java.lang.Thread.run(Thread.java:662) [rt.jar:1.6.0_26]
> {code}
> However, when I put the absolute path to that file, it is found. This is noticeable difference from UsersRoles module where it works as expected. The problem is in class picketbox/security-jboss-sx/jbosssx/src/main/java/org/jboss/security/auth/spi/CertRolesLoginModule.java
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list