wood burning stoves*
The moose likes Tomcat and the fly likes JAAS authentication is not working in tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Products » Tomcat
Bookmark "JAAS authentication is not working in tomcat" Watch "JAAS authentication is not working in tomcat" New topic

JAAS authentication is not working in tomcat

Nazeer Ahammad
Ranch Hand

Joined: Feb 26, 2012
Posts: 43
Hi All,

I'm tring to execute one authentication program using JAAS realms in tomcat but when i was running i'm getting error like below.

javax.security.auth.login.LoginException: No LoginModules configured for BytesLoungeLogin
at javax.security.auth.login.LoginContext.init(Unknown Source)
at javax.security.auth.login.LoginContext.<init>(Unknown Source)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:394)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:334)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:157)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:554)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:164)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:380)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:243)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:188)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:288)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)

used classes are classes :

import java.security.Principal;

public class RolePrincipal implements Principal {

private String name;

public RolePrincipal(String name) {
this.name = name;

public void setName(String name) {
this.name = name;

public String getName() {
return name;

import java.security.Principal;

public class UserPrincipal implements Principal {

private String name;

public UserPrincipal(String name) {
this.name = name;

public void setName(String name) {
this.name = name;

public String getName() {
return name;


import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

public class BytesLoungeLoginModule implements LoginModule {

private CallbackHandler handler;
private Subject subject;
private UserPrincipal userPrincipal;
private RolePrincipal rolePrincipal;
private String login;
private List<String> userGroups;

public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {

handler = callbackHandler;
this.subject = subject;

public boolean login() throws LoginException {

Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("login");
callbacks[1] = new PasswordCallback("password", true);

try {
String name = ((NameCallback) callbacks[0]).getName();
String password = String.valueOf(((PasswordCallback) callbacks[1])

if (name != null && name.equals("user123") && password != null
&& password.equals("pass123")) {
login = name;
userGroups = new ArrayList<String>();
return true;

throw new LoginException("Authentication failed");

} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.getMessage());


public boolean commit() throws LoginException {

userPrincipal = new UserPrincipal(login);

if (userGroups != null && userGroups.size() > 0) {
for (String groupName : userGroups) {
rolePrincipal = new RolePrincipal(groupName);

return true;

public boolean abort() throws LoginException {
return false;

public boolean logout() throws LoginException {
return true;

web.xml is like below

<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">



below one is context.xml it is placed in META-INF

<?xml version="1.0" encoding="UTF-8"?>
<Realm className="org.apache.catalina.realm.JAASRealm" appName="BytesLoungeLogin"
userClassNames="com.byteslounge.jaas.UserPrincipal" roleClassNames="com.byteslounge.jaas.RolePrincipal" />
below one is the jaas.config file it is placed in Tomcat->conf folder.

BytesLoungeLogin {
com.byteslounge.jaas.BytesLoungeLoginModule required debug=true;

Please any one solve my problem.

Thanks and Regards,
Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 15959

It's a little hard to read all that, but it looks like you are both trying to write your own Realm module and at the same time use the stock JAAS Realm module. You need to go one way or the other.

One other thing that may need investigating is the proper location of your jaas.config file. If it needs to be in the classpath, the Tomcat conf directory is not part of Tomcat's classpath.

Customer surveys are for companies who didn't pay proper attention to begin with.
Nazeer Ahammad
Ranch Hand

Joined: Feb 26, 2012
Posts: 43
Hi i tried but it is not working. Is there any other way to resolve this problem
I agree. Here's the link: http://aspose.com/file-tools
subject: JAAS authentication is not working in tomcat
Similar Threads
Jboss login module issue, HTTP Status 403
JAAS Real program giving error like javax.security.auth.login.LoginException: No LoginModules
JAAS with JSF misunderstanding
Tomcat JAAS Authentication NullPointerException
login manually using LoginContext is not stored on the session for a security constraint