You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by "Ivan S. Dubrov" <WF...@yandex.ru> on 2005/10/05 11:43:46 UTC
Custom login module
Hello,
I have a problem with custom login module - the Geronimo does not find it. I have the following in the geronimo-application.xml (irrelevant parts are omitted):
<?xml version="1.0" encoding="UTF-8"?>
<application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
configId="myapp"
parentId="org/apache/geronimo/Server">
<dependency>
<uri>myapp/jars/security.jar</uri> <!-- My login module is here -->
</dependency>
<security xmlns="http://geronimo.apache.org/xml/ns/security">
<!-- Omitted -->
</security>
<gbean name="myapp-custom-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">myapp.security.LoginModuleGeronimo</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="loginDomainName">myapp</attribute>
</gbean>
<gbean name="myapp-custom-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">myapp</attribute>
<reference name="LoginService">
<module>org/apache/geronimo/Server</module>
<name>JaasLoginService</name>
</reference>
<reference name="LoginModuleConfiguration">
<name>myapp-modules</name>
</reference>
</gbean>
<gbean name="myapp-modules" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>myapp-custom-login</name>
</reference>
</gbean>
</application>
But when I try to login, I get the following:
16:38:13,491 INFO [JAASJettyRealm] problem
javax.security.auth.login.LoginException: No LoginModules configured for myapp
at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
at org.apache.geronimo.jetty.JAASJettyRealm.authenticate(JAASJettyRealm.java:91)
at org.mortbay.jetty.servlet.FormAuthenticator$FormCredential.authenticate(FormAuthenticator.java:305)
at org.mortbay.jetty.servlet.FormAuthenticator.authenticate(FormAuthenticator.java:148)
at org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.obtainUser(SecurityContextBeforeAfter.java:282)
at org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.checkSecurityConstraints(SecurityContextBeforeAfter.java:190)
at org.apache.geronimo.jetty.JettyWebAppContext.checkSecurityConstraints(JettyWebAppContext.java:516)
at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(WebApplicationHandler.java:434)
at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:567)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1565)
at org.mortbay.jetty.servlet.WebApplicationContext.handle(WebApplicationContext.java:635)
at org.mortbay.http.HttpContext.handle(HttpContext.java:1517)
at org.mortbay.http.HttpServer.service(HttpServer.java:954)
at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:983)
at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
at org.mortbay.http.SocketListener.handleConnection(SocketListener.java:244)
at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
If I add my login module classes into the geronimo-security-1.0-M5.jar (very dirty hack, of course :) ), it works. So I have some misunderstanding with the class loading, I think.
WBR,
Ivan Dubrov.
Re: Custom login module
Posted by "Ivan S. Dubrov" <WF...@yandex.ru>.
>It is actually possible to rebuild the plans without the geronimo
>source. The original plans are supplied in doc/plans and you can edit
>them and redeploy.
Could you please show how I can to redeploy them?
I've tried this: java -jar bin/deployer.jar --user system --password manager redeploy j2ee-security-plan.xml org/apache/geronimo/Security
and get the following:
07.10.2005 9:36:52 ClientCommunicatorAdmin restart
WARNING: Failed to restart: java.io.IOException: Failed to get a RMI stub: javax.naming.NameNotFoundException: JMXConnector
Stopped org/apache/geronimo/Security
Error: Operation failed: no such object in table
WBR,
Ivan Dubrov
Re: Custom login module
Posted by David Jencks <da...@yahoo.com>.
On Oct 5, 2005, at 11:25 PM, Scott Anderson wrote:
> On 10/5/05, Ivan S. Dubrov <WF...@yandex.ru> wrote:
>> Hello,
>>
>>> My hack was a little cleaner. I was adding the jar containing my
>>> custom login modules as a dependancy to first j2ee-server-plan.xml
>>> but
>>> since the j2ee-security-plan.xml was established I have had to move
>>> the dependancy for my security jar up to the parent configuration of
>>> both the server and security plans; naming-server-plan.xml.
>>
>> I've tried to redeploy these plans, but no luck. Did you redeployed
>> them or built server from sources with modified plans?
>>
>> Anyway, I think this is bug, since I've done things exactly (I think
>> so) as they described here:
>> http://chariotsolutions.com/geronimo/geronimo-html-one-
>> page.html#security-custom
>>
>
> I was following the same script and also could not get it to work as
> advertised. As far as I know to deploy updated geronimo plans you do
> need the geronimo source. I have found that you are required to
> re-build the assembly module to get any changes to the plans in the
> modules/assembly/src/plan directory deployed.
>
I find Aaron's book a little unclear as to whether you are intended to
amend the standard geronimo plans or include your login module/security
realm configuration in a separate plan, so I'm not quite as clear that
the procedure he describes doesn't work.
I was worried that this situation with login module classloaders would
occur, and sure enough it has: the inability to use custom login
modules in other configurations is definitely a bug. I've entered a
bug
http://issues.apache.org/jira/browse/GERONIMO-1044
to make sure we remember to fix this.
It is actually possible to rebuild the plans without the geronimo
source. The original plans are supplied in doc/plans and you can edit
them and redeploy.
thanks
david jencks
Re: Custom login module
Posted by Scott Anderson <po...@gmail.com>.
On 10/5/05, Ivan S. Dubrov <WF...@yandex.ru> wrote:
> Hello,
>
> >My hack was a little cleaner. I was adding the jar containing my
> >custom login modules as a dependancy to first j2ee-server-plan.xml but
> >since the j2ee-security-plan.xml was established I have had to move
> >the dependancy for my security jar up to the parent configuration of
> >both the server and security plans; naming-server-plan.xml.
>
> I've tried to redeploy these plans, but no luck. Did you redeployed them or built server from sources with modified plans?
>
> Anyway, I think this is bug, since I've done things exactly (I think so) as they described here: http://chariotsolutions.com/geronimo/geronimo-html-one-page.html#security-custom
>
I was following the same script and also could not get it to work as
advertised. As far as I know to deploy updated geronimo plans you do
need the geronimo source. I have found that you are required to
re-build the assembly module to get any changes to the plans in the
modules/assembly/src/plan directory deployed.
Re: Custom login module
Posted by "Ivan S. Dubrov" <WF...@yandex.ru>.
Hello,
>My hack was a little cleaner. I was adding the jar containing my
>custom login modules as a dependancy to first j2ee-server-plan.xml but
>since the j2ee-security-plan.xml was established I have had to move
>the dependancy for my security jar up to the parent configuration of
>both the server and security plans; naming-server-plan.xml.
I've tried to redeploy these plans, but no luck. Did you redeployed them or built server from sources with modified plans?
Anyway, I think this is bug, since I've done things exactly (I think so) as they described here: http://chariotsolutions.com/geronimo/geronimo-html-one-page.html#security-custom
I will look at the JIRA, maybe someone have already reported bug...
WBR,
Ivan Dubrov.
Re: Custom login module
Posted by Scott Anderson <po...@gmail.com>.
> > If I add my login module classes into the geronimo-security-1.0-M5.jar
> (very dirty hack, of course :) ), it works. So I have some misunderstanding
> with the class loading, I think.
My hack was a little cleaner. I was adding the jar containing my
custom login modules as a dependancy to first j2ee-server-plan.xml but
since the j2ee-security-plan.xml was established I have had to move
the dependancy for my security jar up to the parent configuration of
both the server and security plans; naming-server-plan.xml.
Re: Custom login module
Posted by Kevan Miller <ke...@gmail.com>.
Hi Ivan,
What's the context-priority-classloader setting for your web app? If
defaulting or false, can you set to true? Also, anything in your
geronimo.log?
I've never setup a custom login module. If the above doesn't help resolve,
if you can make your app available, I'll have a look at it...
--kevan
On 10/5/05, Ivan S. Dubrov <WF...@yandex.ru> wrote:
>
> Hello,
>
> I have a problem with custom login module - the Geronimo does not find it.
> I have the following in the geronimo-application.xml (irrelevant parts are
> omitted):
>
> <?xml version="1.0" encoding="UTF-8"?>
> <application xmlns="http://geronimo.apache.org/xml/ns/j2ee/application"
> configId="myapp"
> parentId="org/apache/geronimo/Server">
>
> <dependency>
> <uri>myapp/jars/security.jar</uri> <!-- My login module is here -->
> </dependency>
>
> <security xmlns="http://geronimo.apache.org/xml/ns/security">
> <!-- Omitted -->
> </security>
>
> <gbean name="myapp-custom-login"
> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
> <attribute name="loginModuleClass">myapp.security.LoginModuleGeronimo
> </attribute>
> <attribute name="serverSide">true</attribute>
> <attribute name="loginDomainName">myapp</attribute>
> </gbean>
>
> <gbean name="myapp-custom-realm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">myapp</attribute>
> <reference name="LoginService">
> <module>org/apache/geronimo/Server</module>
> <name>JaasLoginService</name>
> </reference>
> <reference name="LoginModuleConfiguration">
> <name>myapp-modules</name>
> </reference>
> </gbean>
>
> <gbean name="myapp-modules" class="
> org.apache.geronimo.security.jaas.JaasLoginModuleUse">
> <attribute name="controlFlag">REQUIRED</attribute>
> <reference name="LoginModule">
> <name>myapp-custom-login</name>
> </reference>
> </gbean>
> </application>
>
> But when I try to login, I get the following:
>
> 16:38:13,491 INFO [JAASJettyRealm] problem
> javax.security.auth.login.LoginException: No LoginModules configured for
> myapp
> at javax.security.auth.login.LoginContext.init(LoginContext.java:256)
> at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
> at org.apache.geronimo.jetty.JAASJettyRealm.authenticate(
> JAASJettyRealm.java:91)
> at org.mortbay.jetty.servlet.FormAuthenticator$FormCredential.authenticate
> (FormAuthenticator.java:305)
> at org.mortbay.jetty.servlet.FormAuthenticator.authenticate(
> FormAuthenticator.java:148)
> at
> org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.obtainUser
> (SecurityContextBeforeAfter.java:282)
> at
> org.apache.geronimo.jetty.interceptor.SecurityContextBeforeAfter.checkSecurityConstraints
> (SecurityContextBeforeAfter.java:190)
> at org.apache.geronimo.jetty.JettyWebAppContext.checkSecurityConstraints(
> JettyWebAppContext.java:516)
> at org.mortbay.jetty.servlet.WebApplicationHandler.dispatch(
> WebApplicationHandler.java:434)
> at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java
> :567)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1565)
> at org.mortbay.jetty.servlet.WebApplicationContext.handle(
> WebApplicationContext.java:635)
> at org.mortbay.http.HttpContext.handle(HttpContext.java:1517)
> at org.mortbay.http.HttpServer.service(HttpServer.java:954)
> at org.mortbay.http.HttpConnection.service(HttpConnection.java:816)
> at org.mortbay.http.HttpConnection.handleNext(HttpConnection.java:983)
> at org.mortbay.http.HttpConnection.handle(HttpConnection.java:833)
> at org.mortbay.http.SocketListener.handleConnection(SocketListener.java
> :244)
> at org.mortbay.util.ThreadedServer.handle(ThreadedServer.java:357)
> at org.mortbay.util.ThreadPool$PoolThread.run(ThreadPool.java:534)
>
> If I add my login module classes into the geronimo-security-1.0-M5.jar(very dirty hack, of course :) ), it works. So I have some misunderstanding
> with the class loading, I think.
>
> WBR,
> Ivan Dubrov.
>