• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Devaka Cooray
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Liutauras Vilda
  • paul wheaton
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Piet Souris
  • Carey Brown
  • Tim Holloway
Bartenders:
  • Martijn Verburg
  • Frits Walraven
  • Himai Minh

JAAS migration from JBoss to BEA

 
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
We are in the process of migrating an application that uses JAAS from JBoss to BEA. I am having trouble getting the BEA deployment set up so that my custom login module is created and used correctly. I believe that I have done something wrong in the way I have set up permissions in my weblogic.policy file. Here's what I see:

To begin with, I am starting the weblogic server using a -D command that points to my login.config file:

-Djava.security.auth.login.config=${JAVA_HOME}/jre/lib/security/weblogic-login.config

I can then see that the server knows to use this file (and the custom loign module defined by that file) because the server echoes this out when it starts:

java.security.auth.login.config = /opt/bea/jdk142_08/jre/lib/security/weblogic-login.config
java.security.policy = /opt/bea/weblogic81/server/lib/weblogic.policy


So far, so good (I think). Now, when I open the security wide open in my weblogic.config file, my custom login module DOES get created and used by the application. However, I don't want the security as broad as this (I like to narrow it down to what I really need):

grant {
permission java.security.AllPermission;
};


So now I have begun to attempt to grant only those permissions that I really want:


grant {
permission java.lang.RuntimePermission "*";
permission java.io.FilePermission "${/}opt${/}bea${/}weblogic81${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}user_projects${/}domains${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}-", "read,write,delete";
permission java.io.FilePermission "${/}tmp${/}-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
permission java.net.SocketPermission "*", "connect";
permission javax.security.auth.AuthPermission "*";
permission java.security.auth.AuthPermission "*";
};


However, I now get this error when I attempt to create my custom login module:


ERROR [gov.va.med.logservice] No LoginModules configured for EelsLogin
javax.security.auth.login.LoginException: No LoginModules configured for EelsLogin
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
at gov.va.med.logService.struts.action.EelsLoginAction.execute(EelsLoginAction.java:87)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6981)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)


Any ideas?

- Ben
 
Nothing up my sleeve ... and ... presto! A tiny ad:
the value of filler advertising in 2021
https://coderanch.com/t/730886/filler-advertising
reply
    Bookmark Topic Watch Topic
  • New Topic