Announcement Announcement Module
Collapse
No announcement yet.
Unable to login to Sun Server admin console Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Unable to login to Sun Server admin console

    I'm running an application (which uses Acegi security) on the Sun Java System Application Server 8.1.

    In applicationContext.xml I set up the loginConfig:

    Code:
    <property name="loginConfig">
        <value>/WEB-INF/kerberos.conf</value>
    </property>
    <property name="loginContextName">
        <value>kerberosRealm</value>
    </property>
    and here's the definition in kerberos.conf:
    Code:
    kerberosRealm &#123;
      com.sun.security.auth.module.Krb5LoginModule required 
    	client=true 
    	useTicketCache=false
    	debug=false  
    	doNotPrompt=false;
    &#125;;
    My application runs and I can successfully login through CAS, but then when I try to login on my admin console window for the Sun Server, that login fails.

    It seems that the JVM option for the Sun Server
    Code:
    java.security.auth.login.config=$&#123;com.sun.aas.instanceRoot&#125;/config/login.conf
    is overwritten by the kerberos.conf or kerberos.conf is taking precedence over login.conf. Just wondering if anyone else has run into this same problem and knows of a way to merge the two configs. Thanks.

  • #2
    Are you using 0.8.0 or something lesser?

    Comment


    • #3
      I'm using 0.70, Yale's CAS server 2.0.12 and CAS client 2.0.11

      Comment


      • #4
        I had the same problem and discovered a bug in Acegi's JaasAuthenticationProvider class.

        In the afterPropertiesSet method the bold code below over writes the Sun servers login.conf file location specified in the system property java.security.auth.login.config.

        boolean allowed = "true".equalsIgnoreCase(Security.getProperty(
        "policy.allowSystemProperty"));

        if (allowed) {
        System.setProperty(SYSPROP, loginConfigStr);
        } else {
        setPropertyUsingLoop(loginConfigStr);
        }

        The problem is this code always overwrites the property even if something is already set there. I changed the code to the following and it solved the problem.

        boolean allowed = "true".equalsIgnoreCase(Security.getProperty(
        "policy.allowSystemProperty"));

        String prop = System.getProperty(SYSPROP);
        if ((allowed) && (prop == null)) {

        System.setProperty(SYSPROP, loginConfigStr);
        } else {
        setPropertyUsingLoop(loginConfigStr);
        }

        Comment


        • #5
          This fix has been applied in CVS.

          Comment

          Working...
          X