You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Krishnakumar B <ww...@gmail.com> on 2005/10/10 13:38:04 UTC
realm not getting added.
Hi,
I have realm deployed to server and i get the following INFO
[GeronimoLoginConfiguration] Added Application Configuration Entry ldap-realm
In latest build for M5 i am unable to get the realms to work except
geronimo-properties.realm which is loaded by default.
[GeronimoLoginConfiguration] Added Application Configuration Entry
geronimo-properties-realm
The other realms like file-realm,ldap-realm though deployed
successfully i am unable to access.
I get following error messages for file and ldap realm.
12:14:19,658 DEBUG [TomcatGeronimoRealm] JAASRealm login requested for
username "system" using LoginContext for application "file-realm"
12:14:27,169 DEBUG [ManagerBase] Start expire sessions StandardManager
at 1128926667169 sessioncount 0
12:14:27,169 DEBUG [ManagerBase] End expire sessions StandardManager
processingTime 0 expired sessions: 0
12:14:34,510 ERROR [TomcatGeronimoRealm] Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured
for file-realm
at javax.security.auth.login.LoginContext.init(LoginContext.java:211)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:426)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:356)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:324)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:46)
at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:567)
and
the same message for LDAP realm.
I am not sure what i am missing here or wrong in the configuration.
<?xml version="1.0" encoding="UTF-8"?>
<configuration
xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"
configId="org/apache/geronimo/file"
parentId="org/apache/geronimo/Server"
>
<gbean name="file-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute
name="loginModuleClass">org.apache.geronimo.security.realm.providers.PropertiesFileLoginModule</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
usersURI=var/security/users.properties
groupsURI=var/security/groups.properties
</attribute>
<attribute name="loginDomainName">file-realm</attribute>
</gbean>
<gbean name="file-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">file-realm</attribute>
<reference name="LoginModuleConfiguration">
<name>file-login</name>
</reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<reference name="LoginService"><module>org/apache/geronimo/Server</module><name>JaasLoginService</name></reference>
</gbean>
<gbean name="file-login"
class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>file-login</name>
</reference>
</gbean>
</configuration>
I have a similar plan for LDAP.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"
xmlns:sec="http://geronimo.apache.org/xml/ns/security" configId="file"
parentId="org/apache/geronimo/file">
<context-root>/FileTomCatWeb</context-root>
<context-priority-classloader>false</context-priority-classloader>
<security-realm-name>file-realm</security-realm-name>
<security>
<default-principal realm-name="file-realm">
<principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system" />
</default-principal>
<role-mappings>
<role role-name="admin">
<realm realm-name="file-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system" />
</realm>
</role>
<role role-name="users">
<realm realm-name="file-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="users" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user1" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user2" />
</realm>
</role>
<role role-name="guest">
<realm realm-name="file-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="guest" designated-run-as="true" />
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest1" />
</realm>
</role>
</role-mappings>
</security>
</web-app>
I am unable to get both to work in latest geronimo-M5 i installed.
Regards
Krishnakumar
Re: realm not getting added.
Posted by David Jencks <da...@yahoo.com>.
On Oct 10, 2005, at 4:38 AM, Krishnakumar B wrote:
> Hi,
>
> I have realm deployed to server and i get the following INFO
>
> [GeronimoLoginConfiguration] Added Application Configuration Entry
> ldap-realm
>
> In latest build for M5 i am unable to get the realms to work except
> geronimo-properties.realm which is loaded by default.
>
> [GeronimoLoginConfiguration] Added Application Configuration Entry
> geronimo-properties-realm
>
> The other realms like file-realm,ldap-realm though deployed
> successfully i am unable to access.
>
> I get following error messages for file and ldap realm.
>
> 12:14:19,658 DEBUG [TomcatGeronimoRealm] JAASRealm login requested for
> username "system" using LoginContext for application "file-realm"
> 12:14:27,169 DEBUG [ManagerBase] Start expire sessions StandardManager
> at 1128926667169 sessioncount 0
> 12:14:27,169 DEBUG [ManagerBase] End expire sessions StandardManager
> processingTime 0 expired sessions: 0
> 12:14:34,510 ERROR [TomcatGeronimoRealm] Unexpected error
> javax.security.auth.login.LoginException: No LoginModules configured
> for file-realm
> at javax.security.auth.login.LoginContext.init(LoginContext.java:211)
> at
> javax.security.auth.login.LoginContext.<init>(LoginContext.java:426)
> at
> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(Tomca
> tGeronimoRealm.java:356)
> at
> org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(Tomca
> tGeronimoRealm.java:324)
> at
> org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAu
> thenticator.java:256)
> at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(Authenticato
> rBase.java:391)
> at
> org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubj
> ectValve.java:46)
> at
> org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContex
> tValve.java:50)
> at
> org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(Transac
> tionContextValve.java:53)
> at
> org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(Component
> ContextValve.java:47)
> at
> org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceCo
> ntextValve.java:60)
> at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.jav
> a:126)
> at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.jav
> a:105)
> at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve
> .java:107)
> at
> org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
> 526)
> at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:
> 148)
> at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:
> 856)
> at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process
> Connection(Http11Protocol.java:744)
> at
> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoin
> t.java:527)
> at
> org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollo
> werWorkerThread.java:80)
> at
> org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPoo
> l.java:684)
> at java.lang.Thread.run(Thread.java:567)
>
>
> and
>
> the same message for LDAP realm.
>
> I am not sure what i am missing here or wrong in the configuration.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <configuration
> xmlns="http://geronimo.apache.org/xml/ns/j2ee/web/jetty-1.0"
> configId="org/apache/geronimo/file"
> parentId="org/apache/geronimo/Server"
>>
>
> <gbean name="file-login"
> class="org.apache.geronimo.security.jaas.LoginModuleGBean">
> <attribute
> name="loginModuleClass">org.apache.geronimo.security.realm.providers.Pr
> opertiesFileLoginModule</attribute>
> <attribute name="serverSide">true</attribute>
> <attribute name="options">
> usersURI=var/security/users.properties
> groupsURI=var/security/groups.properties
> </attribute>
> <attribute name="loginDomainName">file-realm</attribute>
> </gbean>
>
> <gbean name="file-realm"
> class="org.apache.geronimo.security.realm.GenericSecurityRealm">
> <attribute name="realmName">file-realm</attribute>
> <reference name="LoginModuleConfiguration">
> <name>file-login</name>
> </reference>
> <reference name="ServerInfo">
> <module>org/apache/geronimo/System</module>
> <name>ServerInfo</name>
> </reference>
> <reference
> name="LoginService"><module>org/apache/geronimo/Server</
> module><name>JaasLoginService</name></reference>
> </gbean>
I think this should be
> <module>org/apache/geronimo/Security</module>
thanks
david jencks
> <big snip>