wood burning stoves
The moose likes Security and the fly likes JAAS migration from JBoss to BEA Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS migration from JBoss to BEA" Watch "JAAS migration from JBoss to BEA" New topic

JAAS migration from JBoss to BEA

Ben Hagadorn

Joined: Mar 28, 2006
Posts: 25
We are in the process of migrating an application that uses JAAS from JBoss to BEA. I am having trouble getting the BEA deployment set up so that my custom login module is created and used correctly. I believe that I have done something wrong in the way I have set up permissions in my weblogic.policy file. Here's what I see:

To begin with, I am starting the weblogic server using a -D command that points to my login.config file:


I can then see that the server knows to use this file (and the custom loign module defined by that file) because the server echoes this out when it starts:

java.security.auth.login.config = /opt/bea/jdk142_08/jre/lib/security/weblogic-login.config
java.security.policy = /opt/bea/weblogic81/server/lib/weblogic.policy

So far, so good (I think). Now, when I open the security wide open in my weblogic.config file, my custom login module DOES get created and used by the application. However, I don't want the security as broad as this (I like to narrow it down to what I really need):

grant {
permission java.security.AllPermission;

So now I have begun to attempt to grant only those permissions that I really want:

grant {
permission java.lang.RuntimePermission "*";
permission java.io.FilePermission "${/}opt${/}bea${/}weblogic81${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}user_projects${/}domains${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}-", "read,write,delete";
permission java.io.FilePermission "${/}tmp${/}-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
permission java.net.SocketPermission "*", "connect";
permission javax.security.auth.AuthPermission "*";
permission java.security.auth.AuthPermission "*";

However, I now get this error when I attempt to create my custom login module:

ERROR [gov.va.med.logservice] No LoginModules configured for EelsLogin
javax.security.auth.login.LoginException: No LoginModules configured for EelsLogin
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
at gov.va.med.logService.struts.action.EelsLoginAction.execute(EelsLoginAction.java:87)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6981)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)

Any ideas?

- Ben
I agree. Here's the link: http://aspose.com/file-tools
subject: JAAS migration from JBoss to BEA
It's not a secret anymore!