You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by Krishnakumar B <ww...@gmail.com> on 2005/10/08 05:39:53 UTC
Login Module works for Jetty but not for Tomcat.
hi,
I am using a Login module configured for LDAP in my web app. THis
works for Jetty but the same plans and web app i have deployed for
Geronimo/Tomcat and it doesnt work.
Plans
Realm Plan :
<?xml version="1.0" encoding="UTF-8"?>
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
configId="org/apache/geronimo/ldap-secure"
parentId="org/apache/geronimo/Server"
>
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute
name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://localhost:389
connectionUsername=cn=root
connectionPassword=db2admin
connectionProtocol=
authentication=simple
userBase=ou=people,dc=ibm,dc=com
userSearchMatching=uid={0}
userSearchSubtree=false
roleBase=ou=groups,dc=ibm,dc=com
roleName=cn
roleSearchMatching=(uniqueMember={0})
roleSearchSubtree=false
userRoleName=
</attribute>
<attribute name="loginDomainName">ldap-realm</attribute>
</gbean>
<gbean name="ldap-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginModuleConfiguration">
<name>ldap-login</name>
</reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<reference name="LoginService"><module>org/apache/geronimo/Server</module><name>JaasLoginService</name></reference>
</gbean>
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>ldap-login</name>
</reference>
</gbean>
</configuration>
Geronimo-Web plan
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/web"
xmlns:sec="http://geronimo.apache.org/xml/ns/security"
configId="org/apache/geronimo/ldap-secure-demo"
parentId="org/apache/geronimo/ldap-secure">
<context-root>/ldap-demo</context-root>
<context-priority-classloader>false</context-priority-classloader>
<security-realm-name>ldap-realm</security-realm-name>
<security>
<default-principal realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system"/>
</default-principal>
<role-mappings>
<role role-name="admin">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system"/>
</realm>
</role>
<role role-name="users">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="users" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user1"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user2"/>
</realm>
</role>
<role role-name="guest">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="guest" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest1"/>
</realm>
</role>
</role-mappings>
</security>
</web-app>
For Tomcat i get the following error.
09:13:23,502 DEBUG [FormAuthenticator] Authenticating username 'system'
09:13:23,502 DEBUG [TomcatGeronimoRealm] JAASRealm login requested for
username "system" using LoginContext for application "ldap-realm"
09:13:23,512 ERROR [TomcatGeronimoRealm] Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured
for ldap-realm
at javax.security.auth.login.LoginContext.init(LoginContext.java:211)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:426)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:356)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:324)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:46)
at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:567)
Should i change the plans for TomCat?
Regards
Krishnakumar B
Login Module works for Jetty but not for Tomcat.
Posted by Krishnakumar B <ww...@gmail.com>.
hi,
I am using a Login module configured for LDAP in my web app. THis
works for Jetty but the same plans and web app i have deployed for
Geronimo/Tomcat and it doesnt work.
Plans
Realm Plan :
<?xml version="1.0" encoding="UTF-8"?>
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
configId="org/apache/geronimo/ldap-secure"
parentId="org/apache/geronimo/Server"
>
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute
name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://localhost:389
connectionUsername=cn=root
connectionPassword=db2admin
connectionProtocol=
authentication=simple
userBase=ou=people,dc=ibm,dc=com
userSearchMatching=uid={0}
userSearchSubtree=false
roleBase=ou=groups,dc=ibm,dc=com
roleName=cn
roleSearchMatching=(uniqueMember={0})
roleSearchSubtree=false
userRoleName=
</attribute>
<attribute name="loginDomainName">ldap-realm</attribute>
</gbean>
<gbean name="ldap-realm"
class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginModuleConfiguration">
<name>ldap-login</name>
</reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<reference name="LoginService"><module>org/apache/geronimo/Server</module><name>JaasLoginService</name></reference>
</gbean>
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>ldap-login</name>
</reference>
</gbean>
</configuration>
Geronimo-Web plan
<?xml version="1.0" encoding="UTF-8"?>
<web-app
xmlns="http://geronimo.apache.org/xml/ns/web"
xmlns:sec="http://geronimo.apache.org/xml/ns/security"
configId="org/apache/geronimo/ldap-secure-demo"
parentId="org/apache/geronimo/ldap-secure">
<context-root>/ldap-demo</context-root>
<context-priority-classloader>false</context-priority-classloader>
<security-realm-name>ldap-realm</security-realm-name>
<security>
<default-principal realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system"/>
</default-principal>
<role-mappings>
<role role-name="admin">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="admin" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="system"/>
</realm>
</role>
<role role-name="users">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="users" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user1"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="user2"/>
</realm>
</role>
<role role-name="guest">
<realm realm-name="ldap-realm">
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal"
name="guest" designated-run-as="true"/>
<principal
class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal"
name="guest1"/>
</realm>
</role>
</role-mappings>
</security>
</web-app>
For Tomcat i get the following error.
09:13:23,502 DEBUG [FormAuthenticator] Authenticating username 'system'
09:13:23,502 DEBUG [TomcatGeronimoRealm] JAASRealm login requested for
username "system" using LoginContext for application "ldap-realm"
09:13:23,512 ERROR [TomcatGeronimoRealm] Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured
for ldap-realm
at javax.security.auth.login.LoginContext.init(LoginContext.java:211)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:426)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:356)
at org.apache.geronimo.tomcat.realm.TomcatGeronimoRealm.authenticate(TomcatGeronimoRealm.java:324)
at org.apache.catalina.authenticator.FormAuthenticator.authenticate(FormAuthenticator.java:256)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:391)
at org.apache.geronimo.tomcat.valve.DefaultSubjectValve.invoke(DefaultSubjectValve.java:46)
at org.apache.geronimo.tomcat.valve.PolicyContextValve.invoke(PolicyContextValve.java:50)
at org.apache.geronimo.tomcat.valve.TransactionContextValve.invoke(TransactionContextValve.java:53)
at org.apache.geronimo.tomcat.valve.ComponentContextValve.invoke(ComponentContextValve.java:47)
at org.apache.geronimo.tomcat.valve.InstanceContextValve.invoke(InstanceContextValve.java:60)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:526)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:856)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.processConnection(Http11Protocol.java:744)
at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
at java.lang.Thread.run(Thread.java:567)
Should i change the plans for TomCat?
Regards
Krishnakumar B