JAAS inside Servlet (Specific Tomcat 4.0.1)
Hi there,
I'm trying to run the simple authentication inside a Servlet and I'm getting a security exception:
"unable to instantiate LoginConfiguration".
I have the same code working from a stand-alone application.
I read on that there is a problem with jdk 1.3 and JAAS 1.0, so I did what they recommend to put the jaas.jar and login module jar on the classpath, I did and didn't work.
I found also that the jdk 1.4 would fix this problem, installed and I still have the problem.
Any help would be very appreciate.
Thanks in advance,
Marcio Adriano
PS.: The following is the full exception message:
java.lang.SecurityException: unable to instantiate LoginConfiguration
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:212)
at javax.security.auth.login.LoginContext$1.run(LoginContext.java:166)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.init(LoginContext.java:163)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:319)
at com.truecontext.wasabi.presentation.control.web.handlers.LoginHandler.doStart(LoginHandler.java:75)
at com.truecontext.wasabi.presentation.control.web.RequestProcessor.processRequest(RequestProcessor.java:86)
at com.truecontext.wasabi.presentation.control.web.MainServlet.doProcess(MainServlet.java:191)
at com.truecontext.wasabi.presentation.control.web.MainServlet.doGet(MainServlet.java:140)
at com.truecontext.wasabi.presentation.control.web.MainServlet.doPost(MainServlet.java:78)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatcherValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcessor.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.java:1106)
at java.lang.Thread.run(Thread.java:484)
Your java.security file doesn't have an apropriate entry.
Make sure you have a java.security
file in
your JRE lib/security folder in c:\program files
.
This file should contain an entry that looks something like
login.config.url.1=file:${java.home}/lib/security/[urLoginConfigFileName].login
With this entry in place if you still get an EXCEPTION
let me know.
Thanks for the reply but didn't work.
That entry is the same thing as using this run-time option:
-Djava.security.auth.login.config
Thus I was already specifying the location of the file but still not working from inside Tomcat.
I have a stand-alone application that uses the same code and options and works great.,
For what I understood is a problem with the Servlet ClassLoader.
Any further help greatly appreciated.
Thanks,
Marcio
Hi,It will work fine with the JDK 1.4.
Hi,
do you start your tomcat with security manager? ./catalina run -security
Your jaas.policy is also available? And do you set the "java.security.auth.login.config" in your servlet? That entry is needed to get the configuration about the login modules.
Example:
System.setProperty("java.security.auth.login.config", (String)data.get("jaaspolicy"));
LoginContext lc = null;
try {
cat.info("calling LoginCallbackHandler");
lc = new LoginContext("NTLogin", new LoginCallbackHandler(name,pwd,domain,group));
} catch (LoginException le) {
cat.error("error while calling LoginCallbackHandler " +le);
}
If you start your tomcat with the security manager, you need some entries in the conf/tomcat.policy e.g. CreateLoginContextPermission .....
Juraj
I have found that almost all the security exceptions go away when I load the PAMs from the base class loader. Move the PAMs to be part of the classpath and assign the correct permissions. Do NOT let Tomcat or your Servlet load the PAMs (don't put the PAM classes in the Tomcat directory structure).
It has a lot to do with the security of the classloader which loads the PAM (which is not obvious when a custom loader is involved). When the PAM is loaded by Tomcat, you have to assign all the appropriate JAAS priviledges to the Servlet and Tomcat code since this code calls the JAAS code and is part of the context stack in the security. This sounds like a dangerous amount of security to assign, so don't do it. PAMs loaded by a custom class loader may create security loop holes, so you probably don't want to have a PAM loaded anywhere but the base loader.
Bad situation:
A custom classloader is loaded by Tomcat. Due to a small configuration error, this custom class loader pulls a PAM from another location. This PAM assigns AllPermissions to anyone who attempts to login. Bye-bye security.
Solution:
Use the base class loader for ALL PAMs and do not allow code downloaded from other sites to operate as a PAM.
I have started a FAQ related to Servlets and JAAS on my company's web site. Please visit http://www.loadedanswers.com and look under the documents section. Send any questions or comments to admin@loadedanswers.com and I will add the new question or comment to the FAQ.
Also, I have previously posted some working JAAS/Servlet code and will duplicate that code for download at the same site.
Will
Dear axe_fx
I did whatever you have suggested to me, but still the following problem persist.
Login::main::Caught Exception java.lang.SecurityException: unable to instantiate
LoginConfiguration
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Sorry
Exception is null
Please let me know if something else is to be done,I have set up the jass.jar in my classpath.
In addition to this i did the same steps on the WEblogic also, but got the same problem
Regards
Rajesh
Dear axe_fx
I did whatever you have suggested to me, but still the following problem persist.
Login::main::Caught Exception java.lang.SecurityException: unable to instantiate
LoginConfiguration
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Login::main::Before calling login method of LoginContext.
Unexpected Exception occured- unable to continue
java.lang.NullPointerException
at com.javapro.struts.Login.<init>(Login.java:71)
at com.javapro.struts.LoginAction.execute(LoginAction.java:29)
at org.apache.struts.action.RequestProcessor.processActionPerform(Reques
tProcessor.java:446)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.ja
va:266)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:129
2)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:510)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(Appl
icationFilterChain.java:247)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationF
ilterChain.java:193)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperV
alve.java:243)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextV
alve.java:201)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardContext.invoke(StandardContext.java:
2344)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.j
ava:164)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.valves.ErrorDispatcherValve.invoke(ErrorDispatche
rValve.java:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.j
ava:170)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:
462)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:564)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineVal
ve.java:163)
at org.apache.catalina.core.StandardPipeline.invokeNext(StandardPipeline
.java:566)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.jav
a:472)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:943)
at org.apache.catalina.connector.http.HttpProcessor.process(HttpProcesso
r.java:1011)
at org.apache.catalina.connector.http.HttpProcessor.run(HttpProcessor.ja
va:1106)
at java.lang.Thread.run(Thread.java:484)
Sorry
Exception is null
Please let me know if something else is to be done,I have set up the jass.jar in my classpath.
In addition to this i did the same steps on the WEblogic also, but got the same problem
Regards
Rajesh
HI ...
I experienced the same exception in Tomcat 4.0.6.
Added these lines to Catalina.policy file:
/** Java 2 Access Control Policy for the JAAS Sample Application **/
/* grant the sample LoginModule permissions */
grant codebase "file:${catalina.home}/common/lib/-" {
permission javax.security.auth.AuthPermission "modifyPrincipals";
};
grant {
permission javax.security.auth.AuthPermission "createLoginContext";
permission javax.security.auth.AuthPermission "createLoginContext.Sample";
permission javax.security.auth.AuthPermission "doAs";
permission javax.security.auth.AuthPermission "doAsPrivileged";
permission javax.security.auth.AuthPermission "modifyPrincipals";
permission javax.security.auth.AuthPermission "getSubject";
};
Assume the word "Sample" is for the login file:
Sample {
org.jaas.PasswordLoginModule required debug=true;
};
Anybody has successfully implement JAAS in Tomcat 4 ?
Thanks in advance.
BAM
Hi all,
now we have JDK1.4.1 and TOMCAT 4.1.24 and things same to be still the same. I tried JAAS and got java.lang.SecurityException: unable to instantiate LoginConfiguration
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:xxx) as expected.
Is there really no solution (that works!) to integrate JAAS into TOMCAT?
Klaus
Hi all,
now we have JDK1.4.1 and TOMCAT 4.1.24 and things same to be still the same. I tried JAAS and got java.lang.SecurityException: unable to instantiate LoginConfiguration
at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:xxx) as expected.
Is there really no solution (that works!) to integrate JAAS into TOMCAT?
Klaus
The LoginModule I tryied can't find the configation file. I keep getting this error: "java.lang.SecurityException: Unable to locate a login configuration".
I think the sample example that I have would work, if it was able to find the login configation file. I added this text-
set CATALINA_OPTS="-Djava.security.auth.login.config=%CATALINA_HOME%\conf\jaas.config"
to catalina.bat file like suggested, but I still get the error message mentioned above. I am runnig Tomcat 4.1.24 and JDK 1.4.1 on Windows 2000.
If I figure it out before you do, I will let you know.
I got it.
This is what I did...
1) I set the JAVA_HOME environment on Windows to point to where I have installed the JDK (e.g. C:\j2sdk1_4\jre).
2) I modified the java.security file to use the configation file.
--
#
# Default login configuration file
#
#login.config.url.1=file:${user.home}/.java.login.config
login.config.url.1=file:${java.home}/lib/security/myjaas.config
By doing the above, I don't have to use this command to locate the config file
-Djava.security.auth.login.config==$JAVA_HOME/jre/lib/security/myjaas.login
3) In the config file, I specified the location of my RdbmsLoginModule.class file. I have moved the example in "auth" package so I changed the config file to reflect that.
Example {
auth.RdbmsLoginModule required debug="true" url="jdbc:odbc:jaasTestDB" driver="sun.jdbc.odbc.JdbcOdbcDriver";
};
This fixed my problem.
The example code is located at -- http://www.javaworld.com/javaworld/jw-09-2002/jw-0913-jaas.html
More ref @ http://www.theserverside.com/resources/article.jsp?l=JAAS
