tomcat - javax.security.auth.login.LoginException: No LoginModules configured for PropertiesLoginModule -

i having troubles while starting jaas configured tomee session (see log @ bottom of page). configure tomee using jaas, used this guide. here configuration:

server.xml

<?xml version='1.0' encoding='utf-8'?> <!--   licensed apache software foundation (asf) under 1 or more   contributor license agreements.  see notice file distributed   work additional information regarding copyright ownership.   asf licenses file under apache license, version 2.0   (the "license"); may not use file except in compliance   license.  may obtain copy of license @        http://www.apache.org/licenses/license-2.0    unless required applicable law or agreed in writing, software   distributed under license distributed on "as is" basis,   without warranties or conditions of kind, either express or implied.   see license specific language governing permissions ,   limitations under license. --> <!-- note:  "server" not "container", may not      define subcomponents such "valves" @ level.      documentation @ /docs/config/server.html  --> <server port="8005" shutdown="shutdown">   <!-- tomee plugin tomcat -->   <listener classname="org.apache.tomee.catalina.serverlistener" />   <!-- security listener. documentation @ /docs/config/listeners.html   <listener classname="org.apache.catalina.security.securitylistener" />   -->   <!--apr library loader. documentation @ /docs/apr.html -->   <listener classname="org.apache.catalina.core.aprlifecyclelistener" sslengine="on" />   <!--initialize jasper prior webapps loaded. documentation @ /docs/jasper-howto.html -->   <listener classname="org.apache.catalina.core.jasperlistener" />   <!-- prevent memory leaks due use of particular java/javax apis-->   <listener classname="org.apache.catalina.core.jrememoryleakpreventionlistener" />   <listener classname="org.apache.catalina.mbeans.globalresourceslifecyclelistener" />   <listener classname="org.apache.catalina.core.threadlocalleakpreventionlistener" />    <!-- global jndi resources        documentation @ /docs/jndi-resources-howto.html   -->   <globalnamingresources>     <!-- editable user database can used          userdatabaserealm authenticate users     -->     <resource name="userdatabase" auth="container"               type="org.apache.catalina.userdatabase"               description="user database can updated , saved"               factory="org.apache.catalina.users.memoryuserdatabasefactory"               pathname="conf/tomcat-users.xml" />   </globalnamingresources>    <!-- "service" collection of 1 or more "connectors" share        single "container" note:  "service" not "container",        may not define subcomponents such "valves" @ level.        documentation @ /docs/config/service.html    -->   <service name="catalina">      <!--the connectors can use shared executor, can define 1 or more named thread pools-->     <!--     <executor name="tomcatthreadpool" nameprefix="catalina-exec-"         maxthreads="150" minsparethreads="4"/>     -->       <!-- "connector" represents endpoint requests received          , responses returned. documentation @ :          java http connector: /docs/config/http.html (blocking & non-blocking)          java ajp  connector: /docs/config/ajp.html          apr (http/ajp) connector: /docs/apr.html          define non-ssl http/1.1 connector on port 8080     -->     <connector port="8080" protocol="http/1.1"                connectiontimeout="20000"                redirectport="8443" />     <!-- "connector" using shared thread pool-->     <!--     <connector executor="tomcatthreadpool"                port="8080" protocol="http/1.1"                connectiontimeout="20000"                redirectport="8443" />     -->     <!-- define ssl http/1.1 connector on port 8443          connector uses jsse configuration, when using apr,          connector should using openssl style configuration          described in apr documentation -->     <!--     <connector port="8443" protocol="http/1.1" sslenabled="true"                maxthreads="150" scheme="https" secure="true"                clientauth="false" sslprotocol="tls" />     -->      <!-- define ajp 1.3 connector on port 8009 -->     <connector port="8009" protocol="ajp/1.3" redirectport="8443" />       <!-- engine represents entry point (within catalina) processes          every request.  engine implementation tomcat stand alone          analyzes http headers included request, , passes them          on appropriate host (virtual host).          documentation @ /docs/config/engine.html -->      <!-- should set jvmroute support load-balancing via ajp ie :     <engine name="catalina" defaulthost="localhost" jvmroute="jvm1">     -->     <engine name="catalina" defaulthost="localhost">        <!--for clustering, please take @ documentation at:           /docs/cluster-howto.html  (simple how to)           /docs/config/cluster.html (reference documentation) -->       <!--       <cluster classname="org.apache.catalina.ha.tcp.simpletcpcluster"/>       -->        <!-- use lockoutrealm prevent attempts guess user passwords            via brute-force attack -->       <realm classname="org.apache.catalina.realm.lockoutrealm">         <!-- realm uses userdatabase configured in global jndi              resources under key "userdatabase".  edits              performed against userdatabase              available use realm.  -->         <realm classname="org.apache.catalina.realm.userdatabaserealm"                resourcename="userdatabase"/>           <realm classname="org.apache.catalina.realm.jaasrealm" appname="propertiesloginmodule"           userclassnames="org.apache.openejb.core.security.abstractsecurityservice$user"           roleclassnames="org.apache.openejb.core.security.abstractsecurityservice$group"/>       </realm>        <host name="localhost"  appbase="webapps"             unpackwars="true" autodeploy="true">          <!-- singlesignon valve, share authentication between web applications              documentation at: /docs/config/valve.html -->         <!--         <valve classname="org.apache.catalina.authenticator.singlesignon" />         -->          <!-- access log processes example.              documentation at: /docs/config/valve.html              note: pattern used equivalent using pattern="common" -->         <valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs"                prefix="localhost_access_log." suffix=".txt"                pattern="%h %l %u %t &quot;%r&quot; %s %b" />        </host>     </engine>   </service> </server> 

login.conf

propertieslogin {     org.apache.openejb.core.security.jaas.propertiesloginmodule required     debug=false     usersfile="users.properties"     groupsfile="groups.properties"; }; 

and string use start tomee:

sh startup.sh -djava.security.auth.login.config=$catalina_base/conf/login.config 

here catalina log

you should make sure <realm> enclosed under <engine> tag of server descriptor. should following:

<engine name="catalina" defaulthost="localhost">   ...   <realm classname="org.apache.catalina.realm.jaasrealm" appname="propertiesloginmodule"      userclassnames="org.apache.openejb.core.security.abstractsecurityservice$user"      roleclassnames="org.apache.openejb.core.security.abstractsecurityservice$group">   </realm>   ... </engine> 

then make sure securitylistener , openejblistenre registered following statements:

<server port="8005" shutdown="shutdown">   ...   <listener classname="org.apache.catalina.security.securitylistener" />   <listener classname="org.apache.tomee.loader.openejblistener" />   ... </server>