Hello, i am having trouble configuring a custom realm and it seems the actual exception is being swallowed up by SJSAS 9.1
What i did was to configure the JDBCRealm, got it to work perfectly, and then took the classes out of the source code to turn them into a custom realm following the instructions here:
http://developers.sun.com/appserver/reference/techart/as8_authentication/index.html
The java classes are exactly the same as the com.sun.enterprise.security.auth.login.JDBCRealm and com.sun.enterprise.security.auth.login.JDBCLoginModule classes, just with their package names changed to match my own.
I then specified in login.conf
.....
jdbcRealm {
com.sun.enterprise.security.auth.login.JDBCLoginModule required;
};
pswRealm {
com.pstt.util.security.realm.JDBCLoginModule required;
};
Then put this entry in domain.xml (first one was the normal jdbcrealm)
....
<auth-realm classname="com.sun.enterprise.security.auth.realm.jdbc.JDBCRealm" name="pswJDBCRealm">
<property name="jaas-context" value="jdbcRealm"/>
<property name="datasource-jndi" value="pswDbJndiName"/>
<property name="user-table" value="user"/>
<property name="user-name-column" value="username"/>
<property name="password-column" value="password"/>
<property name="group-table" value="role_user"/>
<property name="group-name-column" value="rolename"/>
<property name="digest-algorithm" value="MD5"/>
</auth-realm>
<auth-realm classname="com.pstt.util.security.realm.JDBCRealm" name="pswCustomJDBCRealm">
<property name="digest-algorithm" value="MD5"/>
<property name="user-name-column" value="username"/>
<property name="password-column" value="password"/>
<property name="group-name-column" value="rolename"/>
<property name="jaas-context" value="pswRealm"/>
<property name="group-table" value="role_user"/>
<property name="user-table" value="user"/>
<property name="datasource-jndi" value="pswDbJndiName"/>
</auth-realm>
....
then added the jar to the app server so my custom realm was in the classpath
finally configured web xml with:
<security-constraint>
<display-name>Constraint1</display-name>
<web-resource-collection>
<web-resource-name>protected</web-resource-name>
<description/>
<url-pattern>/user/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
<http-method>HEAD</http-method>
<http-method>PUT</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
<http-method>DELETE</http-method>
</web-resource-collection>
<auth-constraint>
<description/>
<role-name>administrator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>pswCustomJDBCRealm</realm-name>
</login-config>
<security-role>
<description>basic admin privs</description>
<role-name>administrator</role-name>
</security-role>
however i get an error when submitting the BASIC authentication window. Here's the server log with security logging level set to finest
...
Initializing configured realms.
FileRealm : file=C:/Sun/SDK/domains/domain1/config/admin-keyfile
FileRealm : jaas-context=fileRealm
Reading file realm: C:/Sun/SDK/domains/domain1/config/admin-keyfile
Configured realm: admin-realm
FileRealm : file=C:/Sun/SDK/domains/domain1/config/keyfile
FileRealm : jaas-context=fileRealm
Reading file realm: C:/Sun/SDK/domains/domain1/config/keyfile
Configured realm: file
Configured realm: certificate
JDBCRealm : jaas-context= jdbcRealm, datasource-jndi = pswDbJndiName, db-user = null, digest-algorithm = MD5, encoding = hex, charset = null
Configured realm: pswJDBCRealm
in: public synchronized void init(Properties props) of JDBCRealm
JDBCRealm : jaas-context= pswRealm, datasource-jndi = pswDbJndiName, db-user = null, digest-algorithm = MD5, encoding = hex, charset = null
Configured realm: pswCustomJDBCRealm
Default realm is set to: file
....
Processing login with credentials of type: class com.sun.enterprise.security.auth.login.PasswordCredential
Logging in user [bob] into realm: pswCustomJDBCRealm using JAAS module: pswRealm
Login module initialized: class com.pstt.util.security.realm.JDBCLoginModule
JAAS authentication aborted.
SEC5046: Audit: Authentication refused for [bob].
doPasswordLogin fails
javax.security.auth.login.LoginException: Security Exception
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:856)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:295)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:170)
at com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:123)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:479)
at com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:419)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:161)
at com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1146)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:627)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:609)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:206)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:150)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:632)
at org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:577)
at org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:571)
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1080)
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:270)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:637)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:568)
at com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:813)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:339)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:261)
at com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:212)
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:265)
at com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
Caused by: java.lang.SecurityException
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:857)
... 35 more
Web login failed: Login failed: javax.security.auth.login.LoginException: Security Exception
a few things that ive noticed:
in LoginContext the call to get the configuration object is returning null. therefore invokePriv is being called instead of invokeCreatorPriv in the login method. is the configuration object equivalent to the properties in the xml file???
also i read somewhere there might be some issues with SJSAS 9.1 that might not be present in Glass fish nightly, i will try that and post back.
Thanks for your help!!!
[Message sent by forum member 'fedevela' (fedevela)]
http://forums.java.net/jive/thread.jspa?messageID=239757