You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by MoleSon <sa...@t-online.de> on 2007/05/31 16:20:32 UTC
Login Module not found
Hello out there!
I have a problem with the login system of my enterprise application. I need
to install an application, that is meant to run on a Websphere App Server
5.1 on a Websphere CE (-> Geronimo).
Here is my problem:
Deploying works fine, but I am not able to log in to my application. For the
login process I use JAAS and the login modules developed by our company.
When I try to log in following exception occurs:
GeronimoSecurityException: Unable to instantiate login module
caused by
ClassNotFoundException: <MyLoginClassFile>
I have set the environment variables:
java.security.auth.login.config
java.security.policy
And I have created a security realm, which is referenced by my web.xml file.
I found a forum where somebody with a similar problem got suggested to
deploy the authentification files seperatly to the server, but this is not
possible, because they reference ejbs and classes from all over the project.
I am working on this for days now and have really searched every forum I
found about this topic.
Would be really happy if somebody could help me.
Regards, Sascha
--
View this message in context: http://www.nabble.com/Login-Module-not-found-tf3846639s134.html#a10894283
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Login Module not found
Posted by MoleSon <sa...@t-online.de>.
I managed to get it working:
I wrote a deployment deskriptor for the security realm to deploy it
server-wide. The trick to get it working was to add a dependency to my
EAR-application.
Thanks a lot!
djencks wrote:
>
>
> On Jun 4, 2007, at 12:42 AM, MoleSon wrote:
>
>>
>>> Don't set these environment variables.
>> Doesn't make any difference...
>>> Since you mention ejbs I assume that you are deploying an
>>> ear.
>> Yes, I am deploying an EAR
>>> If you could outline the structure of the project and indicate
>>> exactly where you've specified the security realm that would be
>>> helpful
>> It is hard to outline the structure of the porject, because it
>> contains
>> about 4000 classes and ca. 30 modules. Generally it is an EAR-file
>> containing the module .jars and only one .war archive.
>
> Where are the jar(s) containing the login module class and the
> classes it needs to work?
>
>> I tried to deploy a
>> server wide security realm via the administrative console, but this
>> did not
>> work. For now I'm trying to add my security realm configuration to my
>> geronimo-application.xml file, to deploy it wlith the application
>> but I am
>> not able to get it working because I have no idea where and how to
>> put it.
>> Here is one way I tried it, but geronimo did not like it:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <application application-name="app"
>> xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.1"
>> xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
>> xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.1">
>> <sys:environment>
>> ...
>> </sys:environment>
>> <module>
>> <web>Web.war</web>
>> ...
>> </module>
>> all the other modules
>> <gbean name="realm"
>> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
>> <attribute name="realmName">realm</attribute>
>> <reference name="ServerInfo">
>> <name>ServerInfo</name>
>> </reference>
>> <reference name="LoginService">
>> <name>JaasLoginService</name>
>> </reference>
>> <xml-reference name="LoginModuleConfiguration">
>> <log:login-config
>> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
>> <log:login-module control-flag="REQUIRED"
>> server-side="true" wrap-principals="false">
>> <log:login-domain-name>
>> realm
>> </log:login-domain-name>
>> <log:login-module-class>
>> ourLoginClass
>> </log:login-module-class>
>> </log:login-module>
>> </log:login-config>
>> </xml-reference>
>> </gbean>
>> </application>
>
> This should work. Along with telling us exactly where the missing
> classes actually are, and if they aren't in an ejb jar how they get
> into the classpath, please show the stack trace from the
> ClassNotFoundException.
>
>> I also tried to add the gbean to the web module part as well as to
>> create a
>> new module that just holds it. -> also did not work
> That should also work :-)
>
>> Could anybody tell me if trying to deploy the securtity realm
>> together with
>> the ear file could help me solve my problem and if yes: how do I do
>> that?
>
> What you are trying looks ok to me, so I hope your answers to my
> additional questions will let us see where the problem lies.
>
> thanks
> david jencks
>
>>
>> Thanks a lot so far, Sascha
>>
>>
>>
>> djencks wrote:
>>>
> <snip>
>
>
--
View this message in context: http://www.nabble.com/Login-Module-not-found-tf3846639s134.html#a10946849
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Login Module not found
Posted by David Jencks <da...@yahoo.com>.
On Jun 4, 2007, at 12:42 AM, MoleSon wrote:
>
>> Don't set these environment variables.
> Doesn't make any difference...
>> Since you mention ejbs I assume that you are deploying an
>> ear.
> Yes, I am deploying an EAR
>> If you could outline the structure of the project and indicate
>> exactly where you've specified the security realm that would be
>> helpful
> It is hard to outline the structure of the porject, because it
> contains
> about 4000 classes and ca. 30 modules. Generally it is an EAR-file
> containing the module .jars and only one .war archive.
Where are the jar(s) containing the login module class and the
classes it needs to work?
> I tried to deploy a
> server wide security realm via the administrative console, but this
> did not
> work. For now I'm trying to add my security realm configuration to my
> geronimo-application.xml file, to deploy it wlith the application
> but I am
> not able to get it working because I have no idea where and how to
> put it.
> Here is one way I tried it, but geronimo did not like it:
> <?xml version="1.0" encoding="UTF-8"?>
> <application application-name="app"
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.1"
> xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
> xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.1">
> <sys:environment>
> ...
> </sys:environment>
> <module>
> <web>Web.war</web>
> ...
> </module>
> all the other modules
> <gbean name="realm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">realm</attribute>
> <reference name="ServerInfo">
> <name>ServerInfo</name>
> </reference>
> <reference name="LoginService">
> <name>JaasLoginService</name>
> </reference>
> <xml-reference name="LoginModuleConfiguration">
> <log:login-config
> xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
> <log:login-module control-flag="REQUIRED"
> server-side="true" wrap-principals="false">
> <log:login-domain-name>
> realm
> </log:login-domain-name>
> <log:login-module-class>
> ourLoginClass
> </log:login-module-class>
> </log:login-module>
> </log:login-config>
> </xml-reference>
> </gbean>
> </application>
This should work. Along with telling us exactly where the missing
classes actually are, and if they aren't in an ejb jar how they get
into the classpath, please show the stack trace from the
ClassNotFoundException.
> I also tried to add the gbean to the web module part as well as to
> create a
> new module that just holds it. -> also did not work
That should also work :-)
> Could anybody tell me if trying to deploy the securtity realm
> together with
> the ear file could help me solve my problem and if yes: how do I do
> that?
What you are trying looks ok to me, so I hope your answers to my
additional questions will let us see where the problem lies.
thanks
david jencks
>
> Thanks a lot so far, Sascha
>
>
>
> djencks wrote:
>>
<snip>
Re: Login Module not found
Posted by MoleSon <sa...@t-online.de>.
> Don't set these environment variables.
Doesn't make any difference...
> Since you mention ejbs I assume that you are deploying an
> ear.
Yes, I am deploying an EAR
> If you could outline the structure of the project and indicate
> exactly where you've specified the security realm that would be
> helpful
It is hard to outline the structure of the porject, because it contains
about 4000 classes and ca. 30 modules. Generally it is an EAR-file
containing the module .jars and only one .war archive. I tried to deploy a
server wide security realm via the administrative console, but this did not
work. For now I'm trying to add my security realm configuration to my
geronimo-application.xml file, to deploy it wlith the application but I am
not able to get it working because I have no idea where and how to put it.
Here is one way I tried it, but geronimo did not like it:
<?xml version="1.0" encoding="UTF-8"?>
<application application-name="app"
xmlns="http://geronimo.apache.org/xml/ns/j2ee/application-1.1"
xmlns:sec="http://geronimo.apache.org/xml/ns/security-1.1"
xmlns:sys="http://geronimo.apache.org/xml/ns/deployment-1.1">
<sys:environment>
...
</sys:environment>
<module>
<web>Web.war</web>
...
</module>
all the other modules
<gbean name="realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<reference name="LoginService">
<name>JaasLoginService</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config
xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.1">
<log:login-module control-flag="REQUIRED"
server-side="true" wrap-principals="false">
<log:login-domain-name>
realm
</log:login-domain-name>
<log:login-module-class>
ourLoginClass
</log:login-module-class>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</application>
I also tried to add the gbean to the web module part as well as to create a
new module that just holds it. -> also did not work
Could anybody tell me if trying to deploy the securtity realm together with
the ear file could help me solve my problem and if yes: how do I do that?
Thanks a lot so far, Sascha
djencks wrote:
>
>
> On May 31, 2007, at 7:20 AM, MoleSon wrote:
>
>>
>> Hello out there!
>>
>> I have a problem with the login system of my enterprise
>> application. I need
>> to install an application, that is meant to run on a Websphere App
>> Server
>> 5.1 on a Websphere CE (-> Geronimo).
>> Here is my problem:
>> Deploying works fine, but I am not able to log in to my
>> application. For the
>> login process I use JAAS and the login modules developed by our
>> company.
>> When I try to log in following exception occurs:
>> GeronimoSecurityException: Unable to instantiate login module
>> caused by
>> ClassNotFoundException: <MyLoginClassFile>
>> I have set the environment variables:
>> java.security.auth.login.config
>> java.security.policy
>
> Don't set these environment variables. They won't help and might
> break the geronimo login configuration mechanism. At best they will
> be confusing. If you have specific needs for them, that might
> require another discussion.
>
>> And I have created a security realm, which is referenced by my
>> web.xml file.
>> I found a forum where somebody with a similar problem got suggested to
>> deploy the authentification files seperatly to the server, but this
>> is not
>> possible, because they reference ejbs and classes from all over the
>> project.
>> I am working on this for days now and have really searched every
>> forum I
>> found about this topic.
>> Would be really happy if somebody could help me.
>
> If you could outline the structure of the project and indicate
> exactly where you've specified the security realm that would be
> helpful. Since you mention ejbs I assume that you are deploying an
> ear. In geronimo, for an ear, there is one "ear" classloader that
> includes all the ejb jar and rar classes, together with the stuff
> pointed to by manifest class-paths, and then each web app gets
> another, child, classloader. So, if the security realm definition is
> in the geronimo-application.xml or an openejb-jar.xml plan, all the
> classes it needs need to be in ejb jars, rars, or jars in the
> manifest classpath of these. If the security realm definition is in
> the geronimo-web.xml then it can use classes from that war and the
> ejb jars and wars and manifest classpaths, but not other wars.
>
> Hope this helps
> david jencks
>
>
>>
>> Regards, Sascha
>>
>> --
>> View this message in context: http://www.nabble.com/Login-Module-
>> not-found-tf3846639s134.html#a10894283
>> Sent from the Apache Geronimo - Users mailing list archive at
>> Nabble.com.
>>
>
>
>
--
View this message in context: http://www.nabble.com/Login-Module-not-found-tf3846639s134.html#a10945123
Sent from the Apache Geronimo - Users mailing list archive at Nabble.com.
Re: Login Module not found
Posted by David Jencks <da...@yahoo.com>.
On May 31, 2007, at 7:20 AM, MoleSon wrote:
>
> Hello out there!
>
> I have a problem with the login system of my enterprise
> application. I need
> to install an application, that is meant to run on a Websphere App
> Server
> 5.1 on a Websphere CE (-> Geronimo).
> Here is my problem:
> Deploying works fine, but I am not able to log in to my
> application. For the
> login process I use JAAS and the login modules developed by our
> company.
> When I try to log in following exception occurs:
> GeronimoSecurityException: Unable to instantiate login module
> caused by
> ClassNotFoundException: <MyLoginClassFile>
> I have set the environment variables:
> java.security.auth.login.config
> java.security.policy
Don't set these environment variables. They won't help and might
break the geronimo login configuration mechanism. At best they will
be confusing. If you have specific needs for them, that might
require another discussion.
> And I have created a security realm, which is referenced by my
> web.xml file.
> I found a forum where somebody with a similar problem got suggested to
> deploy the authentification files seperatly to the server, but this
> is not
> possible, because they reference ejbs and classes from all over the
> project.
> I am working on this for days now and have really searched every
> forum I
> found about this topic.
> Would be really happy if somebody could help me.
If you could outline the structure of the project and indicate
exactly where you've specified the security realm that would be
helpful. Since you mention ejbs I assume that you are deploying an
ear. In geronimo, for an ear, there is one "ear" classloader that
includes all the ejb jar and rar classes, together with the stuff
pointed to by manifest class-paths, and then each web app gets
another, child, classloader. So, if the security realm definition is
in the geronimo-application.xml or an openejb-jar.xml plan, all the
classes it needs need to be in ejb jars, rars, or jars in the
manifest classpath of these. If the security realm definition is in
the geronimo-web.xml then it can use classes from that war and the
ejb jars and wars and manifest classpaths, but not other wars.
Hope this helps
david jencks
>
> Regards, Sascha
>
> --
> View this message in context: http://www.nabble.com/Login-Module-
> not-found-tf3846639s134.html#a10894283
> Sent from the Apache Geronimo - Users mailing list archive at
> Nabble.com.
>