Hi
I have this weird problem with a web application that uses file
authentication. I can log into the application immediately after restarting
a node in the cluster, but shortly (like 5 minutes) later I can not login.
This application works correctly on a different cluster. So I am sure I
have the config settings correct.
a) I have confirmed that the keyfile on the nodes contains the users.
b) Both clusters are running the same JVM
c) Aside from security the application works correctly.
d) What environmental aspects could affect this?
Anyone got any bright ideas about where to look?
Cheers
Jonathan
Here is the web.xml section:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="
http://java.sun.com/xml/ns/javaee"
xmlns:xsi="
http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>japedashboard</display-name>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-constraint>
<display-name>DashboardConstraint</display-name>
<web-resource-collection>
<web-resource-name>Dashboard</web-resource-name>
<description>Dashboard File</description>
<url-pattern>/secure/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<description>Roles that can access the dashboard</description>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>file</realm-name>
</login-config>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
</web-app>
Here is the sun-web.xml section:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Application
Server 9.0 Servlet 2.5//EN"
"
http://www.sun.com/software/appserver/dtds/sun-web-app_2_5-0.dtd">
<sun-web-app error-url="">
<context-root>/japedashboard</context-root>
<security-role-mapping>
<role-name>user</role-name>
<group-name>user</group-name>
</security-role-mapping>
<class-loader delegate="true"/>
<jsp-config>
<property name="keepgenerated" value="true">
<description>Keep a copy of the generated servlet class java
code.</description>
</property>
</jsp-config>
</sun-web-app>
Here is a stack trace.
[#|2010-10-29T01:55:50.032+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=setPolicyContext;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
Policy Context ID was: japedashboard/japedashboard|#]
[#|2010-10-29T01:55:50.032+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=hasUserDataPermission;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
hasUserDataPermission perm: (javax.security.jacc.WebUserDataPermission
/secure/secure.jsp GET)|#]
[#|2010-10-29T01:55:50.033+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=hasUserDataPermission;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
hasUserDataPermission isGranted: true|#]
[#|2010-10-29T01:55:50.033+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=setPolicyContext;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
Policy Context ID was: japedashboard/japedashboard|#]
[#|2010-10-29T01:55:50.034+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=checkPermissionWithoutCache;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
Codesource with Web URL: file:/japedashboard/japedashboard|#]
[#|2010-10-29T01:55:50.034+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=checkPermissionWithoutCache;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
Checking Web Permission with Principals : null|#]
[#|2010-10-29T01:55:50.034+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=checkPermissionWithoutCache;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
Web Permission = (javax.security.jacc.WebResourcePermission
/secure/secure.jsp GET)|#]
[#|2010-10-29T01:55:50.035+0000|FINEST|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.enterprise.security.provider.BasePolicyWrapper;MethodName=doImplies;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|JACC
Policy Provider: PolicyWrapper.implies, context
(japedashboard/japedashboard)- result was(false) permission
((javax.security.jacc.WebResourcePermission /secure/secure.jsp GET))|#]
[#|2010-10-29T01:55:50.035+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=hasResourcePermission;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
hasResource isGranted: false|#]
[#|2010-10-29T01:55:50.036+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.web.security.WebSecurityManager;MethodName=hasResourcePermission;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|[Web-Security]
hasResource perm: (javax.security.jacc.WebResourcePermission
/secure/secure.jsp GET)|#]
[#|2010-10-29T01:55:50.036+0000|FINEST|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=login;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|Processing
login with credentials of type: class
com.sun.enterprise.security.auth.login.PasswordCredential|#]
[#|2010-10-29T01:55:50.036+0000|FINE|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|Logging
in user [user1] into realm: file using JAAS module: fileRealm|#]
[#|2010-10-29T01:55:50.037+0000|INFO|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;user1;|SEC5046:
Audit: Authentication refused for [user1].|#]
[#|2010-10-29T01:55:50.037+0000|FINEST|sun-appserver2.1|javax.enterprise.system.core.security|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;ClassName=com.sun.enterprise.security.auth.LoginContextDriver;MethodName=doPasswordLogin;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|doPasswordLogin
fails
javax.security.auth.login.LoginException: No LoginModules configured for
fileRealm
at
javax.security.auth.login.LoginContext.init(LoginContext.java:273)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:382)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:459)
at
com.sun.enterprise.security.auth.LoginContextDriver.doPasswordLogin(LoginContextDriver.java:318)
at
com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:177)
at
com.sun.enterprise.security.auth.LoginContextDriver.login(LoginContextDriver.java:130)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:522)
at
com.sun.web.security.RealmAdapter.authenticate(RealmAdapter.java:462)
at
org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:177)
at
com.sun.web.security.RealmAdapter.invokeAuthenticateDelegate(RealmAdapter.java:1216)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:643)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:625)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
at
org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
at
org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:263)
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.doTask(DefaultReadTask.java:214)
at
com.sun.enterprise.web.portunif.PortUnificationPipeline$PUTask.doTask(PortUnificationPipeline.java:382)
at
com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
|#]
[#|2010-10-29T01:55:50.039+0000|WARNING|sun-appserver2.1|javax.enterprise.system.container.web|_ThreadID=37;_ThreadName=httpSSLWorkerThread-38080-0;_RequestID=74fd0222-ec6c-41f6-91d1-a76175eff729;|Web
login failed: Login failed: javax.security.auth.login.LoginException: No
LoginModules configured for fileRealm|#]
[#|2010-10-29T01:55:50.499+0000|INFO|sun-appserver2.1|com.slisystems.ape.utilities.ScpHelper|_ThreadID=23;_ThreadName=p:
thread-pool-1; w: 3;|Closing session to b1-2.sli-spark.net|#]
[#|2010-10-29T01:55:50.500+0000|INFO|sun-appserver2.1|com.slisystems.ape.utilities.ScpHelper|_ThreadID=23;_ThreadName=p:
thread-pool-1; w: 3;|Closing connection to b1-2.sli-spark.net|#]
[#|2010-10-29T01:55:50.501+0000|WARNING|sun-appserver2.1|javax.enterprise.system.stream.err|_ThreadID=23;_ThreadName=p:
thread-pool-1; w:
3;_RequestID=967a325b-ed61-4d41-b153-86eeec130720;|10/10/29 01:55:50 INFO
workers.QueueLoader: Created this file
/tmp/ape/rawlogs/b1-2/access_log.1288314000
|#]
--
View this message in context: http://old.nabble.com/Glassfish-v2.1.1-Cluster-File-Authentication-not-working-tp30082273p30082273.html
Sent from the java.net - glassfish users mailing list archive at Nabble.com.