You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomee.apache.org by Petras Petkus <pe...@mitsoft.lt> on 2016/05/16 11:20:00 UTC
JAAS PropertiesLoginModule configuration
Hello,
While configuring JAASRealm with TomEE using PropertiesLoginModule, as
described in http://tomee.apache.org/tomee-jaas.html, I noticed that I
cannot specify different file names for "UsersFile" and "GroupsFile" entries
in login.config file. Configuration works only with fixed "users.properties"
and "groups.properties" file names respectively. Otherwise those files
cannot be found when placed in $CATALINA_BASE/conf/ folder and I get NPE in
PropertiesLoginModule class.
The only workaround that allows to use different names is to place those
files in $CATALINA_BASE/lib/ folder.
Is it made by design? If so http://tomee.apache.org/tomee-jaas.html probably
should indicate that.
Please, could that page also be edited to indicate the correct values of
Realm element's "appName", "userClassNames" and "roleClassNames" attributes?
Instead of the following snippet in the page:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PropertiesLoginModule"
userClassNames="org.apache.openejb.core.security.AbstractSecurityService$Use
r"
roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Gro
up">
</Realm>
There should be this:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="PropertiesLogin"
userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
</Realm>
The issues with those attributes have already been discussed previously:
. incorrect "appName" causes "No LoginModules configured for
PropertiesLoginModule" exception
(http://tomee-openejb.979440.n4.nabble.com/JAAS-and-TomEE-td4663678.html)
. incorrect "userClassNames" and "roleClassNames" values cause 403
errors
(http://stackoverflow.com/questions/16463950/tomee-jaas-sqlloginmodule-and-4
03)
Petras
Re: JAAS PropertiesLoginModule configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
2016-05-16 13:44 GMT+02:00 Petras <pe...@mitsoft.lt>:
> Yes, I noticed the way ConfUtils loads resources - discovers only those
> located in $CATALINA_BASE/lib and $CATALINA_BASE/lib/*.jar. As
> users.properties and groups.properties are present in openejb-core, it
> helps
> to locate them in /conf folder when resource is installed.
>
>
surely cause originally designed for tests
You can add a ${tomee}/jaas/ folder and if you add it in common.loader in
conf/catalina.properties you can put the config there.
> Not quite intuitive, I must admit. Submitted suggested edit for "JAAS and
> TomEE" page for now.
>
>
Promoted it. Thanks for the update! Really appreciated.
>
>
> --
> View this message in context:
> http://tomee-openejb.979440.n4.nabble.com/JAAS-PropertiesLoginModule-configuration-tp4678446p4678449.html
> Sent from the TomEE Users mailing list archive at Nabble.com.
>
Re: JAAS PropertiesLoginModule configuration
Posted by Petras <pe...@mitsoft.lt>.
Yes, I noticed the way ConfUtils loads resources - discovers only those
located in $CATALINA_BASE/lib and $CATALINA_BASE/lib/*.jar. As
users.properties and groups.properties are present in openejb-core, it helps
to locate them in /conf folder when resource is installed.
Not quite intuitive, I must admit. Submitted suggested edit for "JAAS and
TomEE" page for now.
--
View this message in context: http://tomee-openejb.979440.n4.nabble.com/JAAS-PropertiesLoginModule-configuration-tp4678446p4678449.html
Sent from the TomEE Users mailing list archive at Nabble.com.
Re: JAAS PropertiesLoginModule configuration
Posted by Romain Manni-Bucau <rm...@gmail.com>.
Hi
Yes it is by design:
https://github.com/apache/tomee/blob/master/container/openejb-core/src/main/java/org/apache/openejb/util/ConfUtils.java#L36
Nothing preventing to enhance it to add a flag to have the behavior you
expect - and even add caching. Just do a PR on github.
Feel free to edit the website with the blue peen icon to fix the config.
Think it was the old names or parent classes at some point.
Le 16 mai 2016 13:20, "Petras Petkus" <pe...@mitsoft.lt> a écrit :
> Hello,
>
>
>
> While configuring JAASRealm with TomEE using PropertiesLoginModule, as
> described in http://tomee.apache.org/tomee-jaas.html, I noticed that I
> cannot specify different file names for "UsersFile" and "GroupsFile"
> entries
> in login.config file. Configuration works only with fixed
> "users.properties"
> and "groups.properties" file names respectively. Otherwise those files
> cannot be found when placed in $CATALINA_BASE/conf/ folder and I get NPE in
> PropertiesLoginModule class.
>
>
>
> The only workaround that allows to use different names is to place those
> files in $CATALINA_BASE/lib/ folder.
>
>
>
> Is it made by design? If so http://tomee.apache.org/tomee-jaas.html
> probably
> should indicate that.
>
>
>
> Please, could that page also be edited to indicate the correct values of
> Realm element's "appName", "userClassNames" and "roleClassNames"
> attributes?
>
> Instead of the following snippet in the page:
>
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="PropertiesLoginModule"
>
>
>
> userClassNames="org.apache.openejb.core.security.AbstractSecurityService$Use
> r"
>
>
>
> roleClassNames="org.apache.openejb.core.security.AbstractSecurityService$Gro
> up">
>
> </Realm>
>
>
>
> There should be this:
>
> <Realm className="org.apache.catalina.realm.JAASRealm"
> appName="PropertiesLogin"
>
>
> userClassNames="org.apache.openejb.core.security.jaas.UserPrincipal"
>
>
> roleClassNames="org.apache.openejb.core.security.jaas.GroupPrincipal">
>
> </Realm>
>
>
>
> The issues with those attributes have already been discussed previously:
>
> . incorrect "appName" causes "No LoginModules configured for
> PropertiesLoginModule" exception
> (http://tomee-openejb.979440.n4.nabble.com/JAAS-and-TomEE-td4663678.html)
>
> . incorrect "userClassNames" and "roleClassNames" values cause 403
> errors
> (
> http://stackoverflow.com/questions/16463950/tomee-jaas-sqlloginmodule-and-4
> 03)
>
>
>
> Petras
>
>
>
>