wood burning stoves 2.0*
The moose likes Security and the fly likes JAAS Realm-Error Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "JAAS Realm-Error" Watch "JAAS Realm-Error" New topic
Author

JAAS Realm-Error

Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Hi all,

I configured a LoginModule using JAAS, JAASRealm, coded LoginModule java file, added in server.xml,web.xml,added login.config file and I am using Tomcat as the server- and while testing getting the folling exception, please suggest why this exception is occuring:

I havenot done any changes in java.policy file and java.security files. Do I need to do that ?

Exception Occured
Error: access denied (java.lang.RuntimePermission loadLibrary.ocijdbc9)

Thanks.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
How have you configured the loginmodule.


Rahul Bhattacharjee
LinkedIn - Blog
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Rahul,

HI- Wrote a class and configured the filess in a jar file. Then put the jar file in Tomcat's class path..

Is that what you were asking ?

Atul
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Atul Mishra:
Rahul,

HI- Wrote a class and configured the filess in a jar file. Then put the jar file in Tomcat's class path..

Is that what you were asking ?

Atul


Sorry Atul , I could not get properly .The following article might help you.

JAAS Article.
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Thanks for your link Rahul

Here is what I did

Followed the instructions in tomcat page
1.Write LoginModule, User and Role classes based on JAAS to be managed by the JAAS Login Context (javax.security.auth.login.LoginContext) 2.Create separate classes to distinguish between users and roles,
3.Place the compiled classes on Tomcat's classpath
4.Set up a login.config file for Java

5.Configure the security-constraints in web.xml for the resources to be used -
6.Configure the JAASRealm module in your server.xml. � Configured settings

Anything else which I am missing ? I am trying to use this realm with a J2EE app in tomcat/eclipse environment.
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
All the steps are mentioned properly in Tomcat howto for JAAS configuration.Just follow that.

So what happens when you try to login.
Error - what error ? Check the catalina.log for more information on the error.
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Yes exactly I followed the same link, but didnt make any changes in security file/policy file.

When I run it
i run it via a web app using login.jsp action = j_security_check, it gets to the LoginModule class.

In the LoginModule class I have a jdbc method, and it fails while calling drivermanager.getConnection

Exception is this:
Exception Occured
Error: access denied (java.lang.RuntimePermission loadLibrary.ocijdbc9)

I am running it via eclipse/embedded tomcat

Thanks
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Can anyone give me any inputs to this ?
Still error is there, Thanks!
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Is your login module trying to access to get some authentication information.
Why do not you try granting RuntimePermission to the oc1jdbc9 resource.
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Rahul,

I think it may sound weird, but I put classes12.jar in tomcat's lib directory and the error is gone now. Thanks for your help.

BTW, have you used JAAS with struts ?

Right now I have a login.jsp with action as j_securty_check. How to make the login.jsp go to or forward to another URL after being succesfuly authenticated ? Do you have any samples ?

Thanks,
Rahul Bhattacharjee
Ranch Hand

Joined: Nov 29, 2005
Posts: 2308
Originally posted by Atul Mishra:
Rahul,

I think it may sound weird, but I put classes12.jar in tomcat's lib directory and the error is gone now. Thanks for your help.

BTW, have you used JAAS with struts ?

Right now I have a login.jsp with action as j_securty_check. How to make the login.jsp go to or forward to another URL after being succesfuly authenticated ? Do you have any samples ?

Thanks,


Both the commons and server directory has java.security.AllPermission , granted by the policy file located in Tomcat's conf folder.I think this is the reason.
Atul Mishra
Ranch Hand

Joined: Jun 08, 2006
Posts: 140
Ok Thanks.

Have you experienced this error:

message /j_security_check

description The requested resource (/j_security_check) is not available.

I get it after once it goes thru the authentication module- and if I try to do a second login.

Thanks
 
wood burning stoves
 
subject: JAAS Realm-Error