[jboss-user] [Security & JAAS/JBoss] - No LoginModules configured for jmx-console

ajbenson do-not-reply at jboss.com
Thu Feb 8 14:57:15 EST 2007 

I tried to secure the web-console as described in the Wiki (http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureTheJmxConsole) by uncommenting the security relevant elements in web.xml and jboss-web.xml. 

I am getting the following error in server.log:

  | 2007-02-08 13:31:55,011 DEBUG [http-0.0.0.0-8443-Processor4] [org.jboss.security.plugins.JaasSecurityManager.jmx-console] Login failure
  | javax.security.auth.login.LoginException: No LoginModules configured for jmx-console
  |         at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
  |         at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
  |         at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
  |         at org.jboss.security.plugins.SubjectActions$LoginContextAction.run(SubjectActions.java:91)
  |         at java.security.AccessController.doPrivileged(Native Method)
  |         at org.jboss.security.plugins.SubjectActions.createLoginContext(SubjectActions.java:129)
  |         at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:475)        at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:430)        at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:246)
  |         at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:221)
  |         at org.jboss.web.tomcat.security.JBossSecurityMgrRealm.authenticate(JBossSecurityMgrRealm.java:337)
  |         at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:129)
  |         at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:504)
  |         at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  |         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  |         at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:137)
  |         at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
  |         at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117)
  |         at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  |         at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:535)
  |         at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:102)
  |         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  |         at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  |         at org.apache.catalina.core.StandardValveContext.invokeNext(StandardValveContext.java:104)
  |         at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:520)
  |         at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:929)
  |         at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:160)
  |         at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:799)
  |         at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:705)
  |         at org.apache.tomcat.util.net.TcpWorkerThread.runIt(PoolTcpEndpoint.java:577)
  |         at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:683)
  |         at java.lang.Thread.run(Thread.java:534)
  | 

Here is the relevant section of my web.xml:

  |    <security-constraint>
  |      <web-resource-collection>
  |        <web-resource-name>HtmlAdaptor</web-resource-name>
  |        <description>An example security config that only allows users with the
  |          role JBossAdmin to access the HTML JMX console web application
  |        </description>
  |        <url-pattern>/*</url-pattern>
  |        <http-method>GET</http-method>
  |        <http-method>POST</http-method>
  |      </web-resource-collection>
  |      <auth-constraint>
  |        <role-name>JBossAdmin</role-name>
  |      </auth-constraint>
  |    </security-constraint>
  | 
  |    <login-config>
  |       <auth-method>BASIC</auth-method>
  |       <realm-name>JBoss JMX Console</realm-name>
  |    </login-config>
  | 
  |    <security-role>
  |       <role-name>JBossAdmin</role-name>
  |    </security-role>
  | 

In jboss-web.xml:

  | <security-domain>java:/jaas/jmx-console</security-domain>
  | 

In login-config.xml:

  | <application-policy name = "jmx-console">
  |        <authentication>
  |           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  |              flag = "required" />
  |              <module-option name="usersProperties">users.properties</module-option>
  |              <module-option name="rolesProperties">roles.properties</module-option>
  |           </login-module>
  |        </authentication>
  |     </application-policy>
  | 

I am running JBoss 3.2.5 on Solaris 9.

Thanks for any help anyone can provide.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4013246#4013246

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4013246

More information about the jboss-user mailing list