[jboss-user] [Security & JAAS/JBoss] - JAAS not prompting for username pwd on Linux 3 with JBoss4.0
VAkuthota
do-not-reply at jboss.com
Thu Oct 12 18:03:43 EDT 2006
Hi,
JAAS is not working on Linux, I deployed the application in JBoss, but it is bypassing the security manager and directly going to welcome/home page. It never prompts for the username and password. and not throwing any error also.
But the same application war file, without changing anything, if i deploy on Windows system, it works fine.
Here is the system details :
Linux System Info :
RedHat Enterprise Linux 3 (Update 4)
Kernal Version : 2.4.21-27.0.2.ELsmp
JBoss Version
jboss-4.0.3-sp1.1.EL30.i386.rpm
JDK Version
ibm-java2-i386-sdk-5.0-0.0.i386.rpm
To test it, i even tested with sample jaas application.
In login-config.xml
<application-policy name = "jaasproject">
| <authentication>
| <login-module code = "org.jboss.security.ClientLoginModule"
| flag = "required">
| </login-module>
| <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
| flag = "required">
| <module-option name="usersProperties">users.properties</module-option>
| <module-option name="rolesProperties">roles.properties</module-option>
| </login-module>
| </authentication>
| </application-policy>
In JBOSS_HOME/client/auth.conf file
jaasproject
| {
| org.jboss.security.ClientLoginModule required;
| org.jboss.security.auth.spi.UsersRolesLoginModule required;
| };
In JBOSS_HOME/server/standard/conf/auth.conf file
jaasproject
| {
| org.jboss.security.ClientLoginModule required;
| org.jboss.security.auth.spi.UsersRolesLoginModule required;
| };
In jboss-web.xml file
<jboss-web>
| <security-domain>java:/jaas/jaasproject</security-domain>
| <context-root>/jaasproject</context-root>
| </jboss-web>
In jndi.properties
java.naming.factory.initial=org.jnp.interfaces.NamingContextFactory
| java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces
In web.xml
| <web-app >
| <display-name>jaasproject</display-name>
| <welcome-file-list>
| <welcome-file>home.jsp</welcome-file>
| </welcome-file-list>
|
| <security-constraint>
| <web-resource-collection>
| <web-resource-name>jsp</web-resource-name>
| <description>Declarative security tests</description>
| <url-pattern>*.jsp</url-pattern>
| <http-method>HEAD</http-method>
| <http-method>GET</http-method>
| <http-method>POST</http-method>
| <http-method>PUT</http-method>
| <http-method>DELETE</http-method>
| </web-resource-collection>
|
|
| <auth-constraint>
| <role-name>ReadOnly</role-name>
| </auth-constraint>
|
| <user-data-constraint>
| <description>no description</description>
| <transport-guarantee>NONE</transport-guarantee>
| </user-data-constraint>
|
| </security-constraint>
|
|
| <login-config>
| <auth-method>FORM</auth-method>
| <form-login-config>
| <form-login-page>/login.jsp</form-login-page>
| <form-error-page>/error.jsp</form-error-page>
| </form-login-config>
| </login-config>
|
| <security-role>
| <description>A user allowed to invoke echo methods</description>
| <role-name>ReadOnly</role-name>
| </security-role>
|
| <security-role>
| <description>A user allowed to invoke echo methods</description>
| <role-name>FullAccess</role-name>
| </security-role>
|
| </web-app>
and my login.jsp
| <%@ page contentType="text/html; charset=UTF-8" %>
| <%@ page language="java" %>
| <html >
| <HEAD>
| <TITLE></TITLE>
| <!-- To prevent caching -->
| <%
| response.setHeader("Cache-Control","no-cache"); // HTTP 1.1
| response.setHeader("Pragma","no-cache"); // HTTP 1.0
| response.setDateHeader ("Expires", -1); // Prevents caching at the proxy server
| %>
| <SCRIPT>
| function submitForm() {
| var frm = document. logonForm;
|
| // Check if all the required fields have been entered by the user before
| // submitting the form
| if( frm.j_username.value == "" ) {
| alert("Pls Enter user name");
| frm.j_username.focus();
| return ;
| }
|
| if( frm.j_password.value == "" ) {
| alert("Pls enter password");
| frm.j_password.focus();
| return ;
| }
| frm.submit();
| }
| </SCRIPT>
| </HEAD>
| <BODY>
| <!-- FORM name="logonForm" action="home.jsp" METHOD=POST -->
| <form method="POST" action='<%= response.encodeURL( "j_security_check" ) %>'>
| <TABLE width="100%" border="0" cellspacing="0" cellpadding=
| "1" bgcolor="white">
| <TABLE width="100%" border="0" cellspacing=
| "0" cellpadding="5">
| <TR align="center">
| <TD align="right" class="Prompt"></TD>
| <TD align="left">
| UserName : <INPUT type="text" name="j_username" maxlength=20>
| </TD>
| </TR>
| <TR align="center">
| <TD align="right" class="Prompt"> </TD>
| <TD align="left">
| Password : <INPUT type="password"
| name="j_password" maxlength=20 >
| <BR>
| <TR align="center">
| <TD align="right" class="Prompt"> </TD>
| <TD align="left">
| <input type="submit" onclick="javascript:submitForm();" value="Login">
| </TD>
| </TR>
| </TABLE>
| </FORM>
| </BODY>
| </html>
|
|
users.properties, This and roles properties files i placed in WEB-INF/classes folder and also in /standard/conf/props folder
venu=venu at 1234
| gopal=gopal at 1234
and roles.properties
venu=ReadOnly,FullAccess
| venu.Roles=ReadOnly,FullAccess
| gopal=ReadOnly
| gopal.Roles=ReadOnly
Above are the configurations, This works fine in Windows system with all versions of the JBosss.
But it is not working, and simply going to welcome page without prompting for username and password on Linux Server.
I even tried with other JBoss 4.0.1 rpm package also.
Do i need to do any extra configuration on Linux and JBoss ??
Can anybody please help ??
Apreciate your help
Thanks in advance....
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3978019#3978019
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3978019
More information about the jboss-user
mailing list