File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes JAAS migration from JBoss to BEA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS migration from JBoss to BEA" Watch "JAAS migration from JBoss to BEA" New topic

JAAS migration from JBoss to BEA

Ben Hagadorn

Joined: Mar 28, 2006
Posts: 25
We are in the process of migrating an application that uses JAAS from JBoss to BEA. I am having trouble getting the BEA deployment set up so that my custom login module is created and used correctly. I believe that I have done something wrong in the way I have set up permissions in my weblogic.policy file. Here's what I see:

To begin with, I am starting the weblogic server using a -D command that points to my login.config file:${JAVA_HOME}/jre/lib/security/weblogic-login.config

I can then see that the server knows to use this file (and the custom loign module defined by that file) because the server echoes this out when it starts: = /opt/bea/jdk142_08/jre/lib/security/weblogic-login.config = /opt/bea/weblogic81/server/lib/weblogic.policy

So far, so good (I think). Now, when I open the security wide open in my weblogic.config file, my custom login module DOES get created and used by the application. However, I don't want the security as broad as this (I like to narrow it down to what I really need):

grant {

So now I have begun to attempt to grant only those permissions that I really want:

grant {
permission java.lang.RuntimePermission "*";
permission "${/}opt${/}bea${/}weblogic81${/}-", "read,write,delete";
permission "${/}opt${/}bea${/}user_projects${/}domains${/}-", "read,write,delete";
permission "${/}opt${/}bea${/}-", "read,write,delete";
permission "${/}tmp${/}-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
permission "*", "connect";
permission "*";
permission "*";

However, I now get this error when I attempt to create my custom login module:

ERROR [] No LoginModules configured for EelsLogin No LoginModules configured for EelsLogin
at org.apache.struts.action.RequestProcessor.processActionPerform(
at org.apache.struts.action.RequestProcessor.process(
at org.apache.struts.action.ActionServlet.process(
at org.apache.struts.action.ActionServlet.doPost(
at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at weblogic.servlet.internal.ServletStubImpl$
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(
at weblogic.servlet.internal.WebAppServletContext$
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(
at weblogic.servlet.internal.ServletRequestImpl.execute(
at weblogic.kernel.ExecuteThread.execute(

Any ideas?

- Ben
I agree. Here's the link:
subject: JAAS migration from JBoss to BEA
It's not a secret anymore!