tomcat - javax.security.auth.login.LoginException: No LoginModules configured for PropertiesLoginModule -
i having troubles while starting jaas configured tomee session (see log @ bottom of page). configure tomee using jaas, used this guide. here configuration:
server.xml
<?xml version='1.0' encoding='utf-8'?> <!-- licensed apache software foundation (asf) under 1 or more contributor license agreements. see notice file distributed work additional information regarding copyright ownership. asf licenses file under apache license, version 2.0 (the "license"); may not use file except in compliance license. may obtain copy of license @ http://www.apache.org/licenses/license-2.0 unless required applicable law or agreed in writing, software distributed under license distributed on "as is" basis, without warranties or conditions of kind, either express or implied. see license specific language governing permissions , limitations under license. --> <!-- note: "server" not "container", may not define subcomponents such "valves" @ level. documentation @ /docs/config/server.html --> <server port="8005" shutdown="shutdown"> <!-- tomee plugin tomcat --> <listener classname="org.apache.tomee.catalina.serverlistener" /> <!-- security listener. documentation @ /docs/config/listeners.html <listener classname="org.apache.catalina.security.securitylistener" /> --> <!--apr library loader. documentation @ /docs/apr.html --> <listener classname="org.apache.catalina.core.aprlifecyclelistener" sslengine="on" /> <!--initialize jasper prior webapps loaded. documentation @ /docs/jasper-howto.html --> <listener classname="org.apache.catalina.core.jasperlistener" /> <!-- prevent memory leaks due use of particular java/javax apis--> <listener classname="org.apache.catalina.core.jrememoryleakpreventionlistener" /> <listener classname="org.apache.catalina.mbeans.globalresourceslifecyclelistener" /> <listener classname="org.apache.catalina.core.threadlocalleakpreventionlistener" /> <!-- global jndi resources documentation @ /docs/jndi-resources-howto.html --> <globalnamingresources> <!-- editable user database can used userdatabaserealm authenticate users --> <resource name="userdatabase" auth="container" type="org.apache.catalina.userdatabase" description="user database can updated , saved" factory="org.apache.catalina.users.memoryuserdatabasefactory" pathname="conf/tomcat-users.xml" /> </globalnamingresources> <!-- "service" collection of 1 or more "connectors" share single "container" note: "service" not "container", may not define subcomponents such "valves" @ level. documentation @ /docs/config/service.html --> <service name="catalina"> <!--the connectors can use shared executor, can define 1 or more named thread pools--> <!-- <executor name="tomcatthreadpool" nameprefix="catalina-exec-" maxthreads="150" minsparethreads="4"/> --> <!-- "connector" represents endpoint requests received , responses returned. documentation @ : java http connector: /docs/config/http.html (blocking & non-blocking) java ajp connector: /docs/config/ajp.html apr (http/ajp) connector: /docs/apr.html define non-ssl http/1.1 connector on port 8080 --> <connector port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> <!-- "connector" using shared thread pool--> <!-- <connector executor="tomcatthreadpool" port="8080" protocol="http/1.1" connectiontimeout="20000" redirectport="8443" /> --> <!-- define ssl http/1.1 connector on port 8443 connector uses jsse configuration, when using apr, connector should using openssl style configuration described in apr documentation --> <!-- <connector port="8443" protocol="http/1.1" sslenabled="true" maxthreads="150" scheme="https" secure="true" clientauth="false" sslprotocol="tls" /> --> <!-- define ajp 1.3 connector on port 8009 --> <connector port="8009" protocol="ajp/1.3" redirectport="8443" /> <!-- engine represents entry point (within catalina) processes every request. engine implementation tomcat stand alone analyzes http headers included request, , passes them on appropriate host (virtual host). documentation @ /docs/config/engine.html --> <!-- should set jvmroute support load-balancing via ajp ie : <engine name="catalina" defaulthost="localhost" jvmroute="jvm1"> --> <engine name="catalina" defaulthost="localhost"> <!--for clustering, please take @ documentation at: /docs/cluster-howto.html (simple how to) /docs/config/cluster.html (reference documentation) --> <!-- <cluster classname="org.apache.catalina.ha.tcp.simpletcpcluster"/> --> <!-- use lockoutrealm prevent attempts guess user passwords via brute-force attack --> <realm classname="org.apache.catalina.realm.lockoutrealm"> <!-- realm uses userdatabase configured in global jndi resources under key "userdatabase". edits performed against userdatabase available use realm. --> <realm classname="org.apache.catalina.realm.userdatabaserealm" resourcename="userdatabase"/> <realm classname="org.apache.catalina.realm.jaasrealm" appname="propertiesloginmodule" userclassnames="org.apache.openejb.core.security.abstractsecurityservice$user" roleclassnames="org.apache.openejb.core.security.abstractsecurityservice$group"/> </realm> <host name="localhost" appbase="webapps" unpackwars="true" autodeploy="true"> <!-- singlesignon valve, share authentication between web applications documentation at: /docs/config/valve.html --> <!-- <valve classname="org.apache.catalina.authenticator.singlesignon" /> --> <!-- access log processes example. documentation at: /docs/config/valve.html note: pattern used equivalent using pattern="common" --> <valve classname="org.apache.catalina.valves.accesslogvalve" directory="logs" prefix="localhost_access_log." suffix=".txt" pattern="%h %l %u %t "%r" %s %b" /> </host> </engine> </service> </server>
login.conf
propertieslogin { org.apache.openejb.core.security.jaas.propertiesloginmodule required debug=false usersfile="users.properties" groupsfile="groups.properties"; };
and string use start tomee:
sh startup.sh -djava.security.auth.login.config=$catalina_base/conf/login.config
you should make sure <realm>
enclosed under <engine>
tag of server descriptor. should following:
<engine name="catalina" defaulthost="localhost"> ... <realm classname="org.apache.catalina.realm.jaasrealm" appname="propertiesloginmodule" userclassnames="org.apache.openejb.core.security.abstractsecurityservice$user" roleclassnames="org.apache.openejb.core.security.abstractsecurityservice$group"> </realm> ... </engine>
then make sure securitylistener
, openejblistenre
registered following statements:
<server port="8005" shutdown="shutdown"> ... <listener classname="org.apache.catalina.security.securitylistener" /> <listener classname="org.apache.tomee.loader.openejblistener" /> ... </server>
Comments
Post a Comment