Announcement Announcement Module
Collapse
No announcement yet.
Jboss, JAAS, Spring -- working example? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jboss, JAAS, Spring -- working example?

    Hi,

    I'm currently trying to configure, for prototyping purposes, the Acegi security system to work with a JBoss and JAAS deployment I currently have working. I'm just confused about several things at the moment:

    -- In configuring the authenticationProvider as a JaasAuthenticationProvider, the API documentation seems to imply that the properties "loginConfig" and "loginContextName" point to JBoss's "auth.conf" and the module defined in that file. Is this correct? If that's the case, what about everything that is defined in JBoss's "login-config.xml" file?

    -- If the loginConfig file really should be auth.conf, this leads me to another source of confusion. In my deployment, it doesn't really seem like auth.conf does anything. I can remove it entirely, and it doesn't affect anything so long as login-config.xml contains the correct security domain configuration information. In which case, what good does it do for me to have Acegi point to auth.conf when it seems to have no active role at all?

    If someone has experience with a working example integrating Acegi, JBoss, and JAAS, that'd be great...

    Thanks!

  • #2
    I think your blending JAAS and JBoss a bit too much. JAAS is a stand alone API for Authentication and Authorization. JBoss supports Jaas in their own way.

    If JBoss' auth.conf file is their JAAS configuration file, then yes, that is what the JaasAuthenticationProvider loginConfig property should be pointed at.

    The contents of that file should look something like..
    Code:
    ConfigurationName {
        login.module.class.name required;
    };
    Where ConfigurationName is the value you would pass to the loginContextName property.


    As for the auth.conf/login-config.xml thing...
    If you have the JaasAuthenticationProvider.loginConfig pointed at auth.conf and you remove auth.conf, it should blow up when you try to start the webapp, or when you login. If it isn't blowing up, it would seem that your Acegi configuration is incorrect and JBoss is doing all the authentication work.

    Also, it seems your using more JBoss than you are Jaas, you may want to look at the JBoss adapter. The JaasAuthenticationProvider is really designed for simple Jaas authentication, more-or-less alone.

    Comment


    • #3
      I'm having some trouble that might be related to this message.

      I'm working on using JaasAuthenticationProvider to have jaas(indeed SRP) login to a jboss application with Acegi. Looking at authenticate() in JaasAuthenticationProvider:

      Code:
       LoginContext loginContext = new LoginContext(loginContextName,
                              new InternalCallbackHandler(auth));
                      //Attempt to login the user, the LoginContext will call our InternalCallbackHandler at this point.
                      loginContext.login();
      loginContext.login() method in turns call Configuration.getConfiguration().
      Then jboss's XMLLoginConfigImpl which implements Configuration is the configuration that's returned. And as a result, login-config.xml is the file the application looks for configuration information. And regardless of what loginConfig property i set in the bean, login-config.xml is being used. Am I supposed to write my own version of configuration and override loadConfig() method if i don't want this default behavior?

      Thanks,
      Vincci

      Comment


      • #4
        Did you find a solution?

        I too am having trouble configuring Spring Security with JAAS. I get the following error at startup.

        14:09:25,549 INFO [STDOUT] ERROR - ContextLoader.initWebApplicationContext(214) | Context initialization failed
        org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_rememberMeFilter' while setting bean property 'filters' with key [6]; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_rememberMeFilter': Cannot resolve reference to bean '_rememberMeServices' while setting bean property 'rememberMeServices'; nested exception is org.springframework.beans.factory.BeanCreationExce ption: Error creating bean with name '_rememberMeServices': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfig urationException: No UserDetailsService registered.
        at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.doCreateBean(AbstractAu towireCapableBeanFactory.java:470)
        at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory$1.run(AbstractAutowireC apableBeanFactory.java:404)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.springframework.beans.factory.support.Abstract AutowireCapableBeanFactory.createBean(AbstractAuto wireCapableBeanFactory.java:375)
        at org.springframework.beans.factory.support.Abstract BeanFactory$1.getObject(AbstractBeanFactory.java:2 63)
        at org.springframework.beans.factory.support.DefaultS ingletonBeanRegistry.getSingleton(DefaultSingleton BeanRegistry.java:170)
        at org.springframework.beans.factory.support.Abstract BeanFactory.doGetBean(AbstractBeanFactory.java:260 )
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:184)
        at org.springframework.beans.factory.support.Abstract BeanFactory.getBean(AbstractBeanFactory.java:163)
        at org.springframework.beans.factory.support.DefaultL istableBeanFactory.preInstantiateSingletons(Defaul tListableBeanFactory.java:430)
        at org.springframework.context.support.AbstractApplic ationContext.finishBeanFactoryInitialization(Abstr actApplicationContext.java:729)
        at org.springframework.context.support.AbstractApplic ationContext.refresh(AbstractApplicationContext.ja va:381)
        at org.springframework.web.context.ContextLoader.crea teWebApplicationContext(ContextLoader.java:254)
        at org.springframework.web.context.ContextLoader.init WebApplicationContext(ContextLoader.java:198)
        at org.springframework.web.context.ContextLoaderListe ner.contextInitialized(ContextLoaderListener.java: 45)
        at org.apache.catalina.core.StandardContext.listenerS tart(StandardContext.java:3856)
        at org.apache.catalina.core.StandardContext.start(Sta ndardContext.java:4361)
        at org.apache.catalina.core.ContainerBase.addChildInt ernal(ContainerBase.java:790)
        at org.apache.catalina.core.ContainerBase.addChild(Co ntainerBase.java:770)
        at org.apache.catalina.core.StandardHost.addChild(Sta ndardHost.java:553)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.tomcat.util.modeler.BaseModelMBean.invo ke(BaseModelMBean.java:296)
        at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:164)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:659)
        at org.apache.catalina.core.StandardContext.init(Stan dardContext.java:5312)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.apache.tomcat.util.modeler.BaseModelMBean.invo ke(BaseModelMBean.java:296)
        at org.jboss.mx.server.RawDynamicInvoker.invoke(RawDy namicInvoker.java:164)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:659)
        at org.jboss.web.tomcat.service.TomcatDeployer.perfor mDeployInternal(TomcatDeployer.java:301)
        at org.jboss.web.tomcat.service.TomcatDeployer.perfor mDeploy(TomcatDeployer.java:104)
        at org.jboss.web.AbstractWebDeployer.start(AbstractWe bDeployer.java:375)
        at org.jboss.web.WebModule.startModule(WebModule.java :83)
        at org.jboss.web.WebModule.startService(WebModule.jav a:61)
        at org.jboss.system.ServiceMBeanSupport.jbossInternal Start(ServiceMBeanSupport.java:289)
        at org.jboss.system.ServiceMBeanSupport.jbossInternal Lifecycle(ServiceMBeanSupport.java:245)
        at sun.reflect.GeneratedMethodAccessor3.invoke(Unknow n Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invok e(ReflectedDispatcher.java:155)
        at org.jboss.mx.server.Invocation.dispatch(Invocation .java:94)
        at org.jboss.mx.server.Invocation.invoke(Invocation.j ava:86)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(Ab stractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:659)
        at org.jboss.system.ServiceController$ServiceProxy.in voke(ServiceController.java:978)
        at $Proxy0.start(Unknown Source)
        at org.jboss.system.ServiceController.start(ServiceCo ntroller.java:417)
        at sun.reflect.GeneratedMethodAccessor9.invoke(Unknow n Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invok e(ReflectedDispatcher.java:155)
        at org.jboss.mx.server.Invocation.dispatch(Invocation .java:94)
        at org.jboss.mx.server.Invocation.invoke(Invocation.j ava:86)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(Ab stractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:659)
        at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyE xt.java:210)
        at $Proxy44.start(Unknown Source)
        at org.jboss.web.AbstractWebContainer.start(AbstractW ebContainer.java:466)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:585)
        at org.jboss.mx.interceptor.ReflectedDispatcher.invok e(ReflectedDispatcher.java:155)
        at org.jboss.mx.server.Invocation.dispatch(Invocation .java:94)
        at org.jboss.mx.interceptor.AbstractInterceptor.invok e(AbstractInterceptor.java:133)
        at org.jboss.mx.server.Invocation.invoke(Invocation.j ava:88)
        at org.jboss.mx.interceptor.ModelMBeanOperationInterc eptor.invoke(ModelMBeanOperationInterceptor.java:1 42)
        at org.jboss.mx.interceptor.DynamicInterceptor.invoke (DynamicInterceptor.java:97)
        at org.jboss.system.InterceptorServiceMBeanSupport.in vokeNext(InterceptorServiceMBeanSupport.java:238)
        at org.jboss.wsf.container.jboss42.DeployerIntercepto r.start(DeployerInterceptor.java:87)
        at org.jboss.deployment.SubDeployerInterceptorSupport $XMBeanInterceptor.start(SubDeployerInterceptorSup port.java:188)
        at org.jboss.deployment.SubDeployerInterceptor.invoke (SubDeployerInterceptor.java:95)
        at org.jboss.mx.server.Invocation.invoke(Invocation.j ava:88)
        at org.jboss.mx.server.AbstractMBeanInvoker.invoke(Ab stractMBeanInvoker.java:264)
        at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanSe rverImpl.java:659)
        at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyE xt.java:210)
        at $Proxy45.start(Unknown Source)

        Comment


        • #5
          I have gotten much further, Spring Security with JAAS works in Tomcat so I think my configuration is right. But it still doesn't work in JBoss.

          Here are the details:

          13:54:02,128 ERROR [UsersRolesLoginModule] Failed to load users/passwords/role f
          iles
          java.io.IOException: No properties file: users.properties or defaults: defaultUs
          ers.properties found
          at org.jboss.security.auth.spi.Util.loadProperties(Ut il.java:315)
          at org.jboss.security.auth.spi.UsersRolesLoginModule. loadUsers(UsersRole
          sLoginModule.java:186)
          at org.jboss.security.auth.spi.UsersRolesLoginModule. createUsers(UsersRo
          lesLoginModule.java:200)
          at org.jboss.security.auth.spi.UsersRolesLoginModule. initialize(UsersRol
          esLoginModule.java:127)
          at sun.reflect.NativeMethodAccessorImpl.invoke0(Nativ e Method)
          at sun.reflect.NativeMethodAccessorImpl.invoke(Native MethodAccessorImpl.
          java:39)
          at sun.reflect.DelegatingMethodAccessorImpl.invoke(De legatingMethodAcces
          sorImpl.java:25)
          at java.lang.reflect.Method.invoke(Method.java:585)
          at javax.security.auth.login.LoginContext.invoke(Logi nContext.java:756)
          at javax.security.auth.login.LoginContext.access$000( LoginContext.java:1
          86)
          at javax.security.auth.login.LoginContext$4.run(Login Context.java:683)
          at java.security.AccessController.doPrivileged(Native Method)
          at javax.security.auth.login.LoginContext.invokePriv( LoginContext.java:6
          80)
          at javax.security.auth.login.LoginContext.login(Login Context.java:579)
          at org.springframework.security.providers.jaas.JaasAu thenticationProvide
          r.authenticate(JaasAuthenticationProvider.java:190 )
          at org.springframework.security.providers.ProviderMan ager.doAuthenticati
          on(ProviderManager.java:188)
          at org.springframework.security.AbstractAuthenticatio nManager.authentica
          te(AbstractAuthenticationManager.java:46)
          at org.springframework.security.ui.basicauth.BasicPro cessingFilter.doFil
          terHttp(BasicProcessingFilter.java:139)
          at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringS
          ecurityFilter.java:53)
          at org.springframework.security.util.FilterChainProxy $VirtualFilterChain
          .doFilter(FilterChainProxy.java:390)
          at org.springframework.security.context.HttpSessionCo ntextIntegrationFil
          ter.doFilterHttp(HttpSessionContextIntegrationFilt er.java:235)
          at org.springframework.security.ui.SpringSecurityFilt er.doFilter(SpringS
          ecurityFilter.java:53)
          at org.springframework.security.util.FilterChainProxy $VirtualFilterChain
          .doFilter(FilterChainProxy.java:390)
          at org.springframework.security.util.FilterChainProxy .doFilter(FilterCha
          inProxy.java:175)
          at org.springframework.web.filter.DelegatingFilterPro xy.invokeDelegate(D
          elegatingFilterProxy.java:236)
          at org.springframework.web.filter.DelegatingFilterPro xy.doFilter(Delegat
          ingFilterProxy.java:167)
          at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(Appl
          icationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationF
          ilterChain.java:206)
          at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doF ilter(ReplyHeaderFi
          lter.java:96)
          at org.apache.catalina.core.ApplicationFilterChain.in ternalDoFilter(Appl
          icationFilterChain.java:235)
          at org.apache.catalina.core.ApplicationFilterChain.do Filter(ApplicationF
          ilterChain.java:206)
          at org.apache.catalina.core.StandardWrapperValve.invo ke(StandardWrapperV
          alve.java:230)
          at org.apache.catalina.core.StandardContextValve.invo ke(StandardContextV
          alve.java:175)
          at org.jboss.web.tomcat.security.SecurityAssociationV alve.invoke(Securit
          yAssociationValve.java:182)
          at org.jboss.web.tomcat.security.JaccContextValve.inv oke(JaccContextValv
          e.java:84)
          at org.apache.catalina.core.StandardHostValve.invoke( StandardHostValve.j
          ava:127)
          at org.apache.catalina.valves.ErrorReportValve.invoke (ErrorReportValve.j
          ava:102)
          at org.jboss.web.tomcat.service.jca.CachedConnectionV alve.invoke(CachedC
          onnectionValve.java:157)
          at org.apache.catalina.core.StandardEngineValve.invok e(StandardEngineVal
          ve.java:109)
          at org.apache.catalina.connector.CoyoteAdapter.servic e(CoyoteAdapter.jav
          a:262)
          at org.apache.coyote.http11.Http11AprProcessor.proces s(Http11AprProcesso
          r.java:856)
          at org.apache.coyote.http11.Http11AprProtocol$Http11C onnectionHandler.pr
          ocess(Http11AprProtocol.java:566)
          at org.apache.tomcat.util.net.AprEndpoint$Worker.run( AprEndpoint.java:15
          08)

          Here are my configuration files:

          <beans:beans xmlns="http://www.springframework.org/schema/security"
          xmlns:beans="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">

          <http>
          <intercept-url pattern="/**" access="ROLE_USER"/>
          <http-basic/>
          </http>
          </beans:beans>

          <?xml version="1.0" encoding="UTF-8"?>
          <beans xmlns="http://www.springframework.org/schema/beans"
          xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
          xmlns="http://www.springframework.org/schema/p"
          xmlns:context="http://www.springframework.org/schema/context"
          xmlns:aop="http://www.springframework.org/schema/aop"
          xmlns:tx="http://www.springframework.org/schema/tx"
          xmlns:jee="http://www.springframework.org/schema/jee"
          xmlns:security="http://www.springframework.org/schema/security"
          xsi:schemaLocation="
          http://www.springframework.org/schema/security
          http://www.springframework.org/schem...rity-2.0.4.xsd
          http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.5.xsd
          http://www.springframework.org/schema/context http://www.springframework.org/schem...ontext-2.5.xsd
          http://www.springframework.org/schema/aop http://www.springframework.org/schem...ng-aop-2.5.xsd
          http://www.springframework.org/schema/tx http://www.springframework.org/schem...ing-tx-2.5.xsd
          http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.5.xsd">

          <!-- ========================= JAAS Security using Spring ==================================== -->
          <bean id="jaasAuthenticationProvider"
          class="org.springframework.security.providers.jaas .JaasAuthenticationProvider">
          <security:custom-authentication-provider />

          <property name="loginConfig" value="/WEB-INF/jaas.conf"/>
          <property name="loginContextName" value="JAAS_Config"/>
          <property name="callbackHandlers">
          <list>
          <bean class="org.springframework.security.providers.jaas .JaasNameCallbackHandler"/>
          <bean class="org.springframework.security.providers.jaas .JaasPasswordCallbackHandler"/>
          </list>
          </property>
          <property name="authorityGranters">
          <list>
          <bean class="com.issinc.cdf.security.WebTASAuthorityGran ter"/>
          </list>
          </property>
          </bean>
          </beans>

          JAAS_Config {
          ipt.tas.security.login.WebTASCommonLoginModule required;
          };


          Why isn't this portable to JBoss?

          Comment

          Working...
          X