You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2016/05/03 12:45:39 UTC
[Bug 59423] New: amend "No LoginModules configured for ..."
https://bz.apache.org/bugzilla/show_bug.cgi?id=59423
Bug ID: 59423
Summary: amend "No LoginModules configured for ..."
Product: Tomcat 8
Version: 8.5.x-trunk
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P2
Component: Catalina
Assignee: dev@tomcat.apache.org
Reporter: hauser@acm.org
After migrating to tomcat8, could no longer do client certificate login with
the following error
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for
*yourServiceName*
at javax.security.auth.login.LoginContext.init(LoginContext.java:264)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:512)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:395)
at org.apache.catalina.realm.JAASRealm.getPrincipal(JAASRealm.java:491)
at
org.apache.catalina.realm.RealmBase.getPrincipal(RealmBase.java:1252)
at org.apache.catalina.realm.RealmBase.authenticate(RealmBase.java:450)
at
org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:110)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:581)
It turns out that while the entire service has
clientAuth="true"
in the web.xml the url-pattern-based
<security-constraint>
... <auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>CLIENT-CERT</auth-method>
</login-config>
...
war ignored in tomcat 7, with tomcat 8, it produced the above error.
==> suggestion: amend the LoginException with a hint on web.xml and
"login-config" element
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59423] amend "No LoginModules configured for ..." with hints
what happened from a tomcat point of view
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59423
Ralf Hauser <ha...@acm.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|amend "No LoginModules |amend "No LoginModules
|configured for ..." |configured for ..." with
| |hints what happened from a
| |tomcat point of view
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org
[Bug 59423] amend "No LoginModules configured for ..." with hints
what happened from a tomcat point of view
Posted by bu...@apache.org.
https://bz.apache.org/bugzilla/show_bug.cgi?id=59423
Mark Thomas <ma...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
--- Comment #1 from Mark Thomas <ma...@apache.org> ---
This happened because the JAASRealm was used as the default if no other Realm
was identified. The reference to LoginModules would make sense to a user who
had explicitly configured the JAASRealm but in this instance it was more of a
hindrance than a help.
All currently supported versions of Tomcat use the NullRealm rather than the
JAASRealm as the default Realm (and have done for a number of years) so this
issue should no longer occur.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org