Meaningless Drivel is fun!
The moose likes Security and the fly likes JAAS migration from JBoss to BEA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS migration from JBoss to BEA" Watch "JAAS migration from JBoss to BEA" New topic

JAAS migration from JBoss to BEA

Ben Hagadorn

Joined: Mar 28, 2006
Posts: 25
We are in the process of migrating an application that uses JAAS from JBoss to BEA. I am having trouble getting the BEA deployment set up so that my custom login module is created and used correctly. I believe that I have done something wrong in the way I have set up permissions in my weblogic.policy file. Here's what I see:

To begin with, I am starting the weblogic server using a -D command that points to my login.config file:${JAVA_HOME}/jre/lib/security/weblogic-login.config

I can then see that the server knows to use this file (and the custom loign module defined by that file) because the server echoes this out when it starts: = /opt/bea/jdk142_08/jre/lib/security/weblogic-login.config = /opt/bea/weblogic81/server/lib/weblogic.policy

So far, so good (I think). Now, when I open the security wide open in my weblogic.config file, my custom login module DOES get created and used by the application. However, I don't want the security as broad as this (I like to narrow it down to what I really need):

grant {

So now I have begun to attempt to grant only those permissions that I really want:

grant {
permission java.lang.RuntimePermission "*";
permission "${/}opt${/}bea${/}weblogic81${/}-", "read,write,delete";
permission "${/}opt${/}bea${/}user_projects${/}domains${/}-", "read,write,delete";
permission "${/}opt${/}bea${/}-", "read,write,delete";
permission "${/}tmp${/}-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
permission "*", "connect";
permission "*";
permission "*";

However, I now get this error when I attempt to create my custom login module:

ERROR [] No LoginModules configured for EelsLogin No LoginModules configured for EelsLogin
at org.apache.struts.action.RequestProcessor.processActionPerform(
at org.apache.struts.action.RequestProcessor.process(
at org.apache.struts.action.ActionServlet.process(
at org.apache.struts.action.ActionServlet.doPost(
at javax.servlet.http.HttpServlet.service(
at javax.servlet.http.HttpServlet.service(
at weblogic.servlet.internal.ServletStubImpl$
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(
at weblogic.servlet.internal.WebAppServletContext$
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(
at weblogic.servlet.internal.ServletRequestImpl.execute(
at weblogic.kernel.ExecuteThread.execute(

Any ideas?

- Ben
I agree. Here's the link:
subject: JAAS migration from JBoss to BEA
It's not a secret anymore!