-
1. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
peterj Mar 16, 2010 9:37 AM (in response to gunnarbos)Gunnar, welcome to the JBoss forums!
It usually helps if you post the configuration files in question, otherwise we will just be guessing.
Also, saying "it doesn't work" also does not help. Do you mean that the user gets the login form but his/her credentials are never being accepted? Or is the login form never being displayed? Or is there some other behavior? Depending on the exact bahavior I might ask to see additional configuration files. But without knowing that, I have no idea what to ask for.
By the way, as far as i can recall, this particular area of JBoss AS has not changed between 4.0.x and 5.x.
-
2. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
gunnarbos Mar 16, 2010 9:50 AM (in response to peterj)Hi Peter,The web.xml contains<login-config><auth-method>APPFORM</auth-method><form-login-config><form-login-page>/WEB-INF/jsp/login.jsp</form-login-page><form-error-page>/WEB-INF/jsp/loginError.jsp</form-error-page></form-login-config></login-config>and the "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar\catalina.jar/org/apache/catalina/startup/Authenticators.properties" fileis altered to contain APPFORM=mydoman.MyAppformThere is no "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar" file in JBoss 5.1.0.GA so something is changed.Gunnar -
3. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
jaikiran Mar 16, 2010 2:12 PM (in response to gunnarbos)gunnarbos wrote:
and the "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar\catalina.jar/org/apache/catalina/startup/Authenticators.properties" fileis altered to contain APPFORM=mydoman.MyAppformThere is no "$JBOSS_HOME\server\default\deploy\jbossweb-tomcat55.sar" file in JBoss 5.1.0.GA so something is changed.GunnarWhy do want to change the internal property file?
gunnarbos wrote:
Hi Peter,The web.xml contains<login-config><auth-method>APPFORM</auth-method>I haven't heard of APPFORM. Why don't you use FORM?
-
4. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
peterj Mar 16, 2010 4:24 PM (in response to jaikiran)The stuff that was in jbossweb-tomcat55.sar is now in server/xxx/deployers/jbossweb.deployer and server/xxx/deploy/jbossweb.sar. And I am as curious as Jaikiran as to why you would edit that properties file; I would think that such a change would be very version specific and not translate well to future versions.
Anyway, I would have suspected that you would have placed security information into the web.xml, jboss-web.xml (both in WEB-INF in your WAR) and server/xxx/conf/login-config.xml
You still have not said what "it doesn't work" means.
-
5. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
peterj Mar 16, 2010 4:38 PM (in response to peterj)OK, now I see what you are doing - you wrote your own authentication mechanism. Were you able to find the new location of Athenticators.properties? If you can't find it, let me know. -
6. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
gunnarbos Mar 17, 2010 4:03 AM (in response to peterj)Hi,
In the application we use a captcha test and some other checks that need access to the http session. This mustbe done before the usual FORM based JAAS login.
Peter, you are correct and I've still not succeded to find the new location of Authenticators.properties.
I've found this issue JBAS-2481 that seems related but it doesn't say how it is solved and how to use it.
In the file: "war-deployers-jboss.beans.xml" I've found this interresting remark
<!-- You can configure a set of authenticators keyed by http-auth method
used. This will apply the same set of authenticators across all web
applications. You can override the set of authenticators at the web
application level by adding <authenticators> element to the respective
jboss-web.xml
-->
But I don't see how I can add <authenticators> elements to my jboss-web.xml file.
This is the jboss-web.xml file I have now:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>java:/jaas/casablanca</security-domain>
<context-root>/ebill-front</context-root>
</jboss-web>
Gunnar
-
7. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
jaikiran Mar 17, 2010 4:03 AM (in response to gunnarbos)In AS-5, you can configure the authenticators in JBOSS_HOME/server/< servername>/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml. Here's what it contains: {code:xml} <!-- You can configure a set of authenticators keyed by http-auth method used. This will apply the same set of authenticators across all web applications. You can override the set of authenticators at the web application level by adding <authenticators> element to the respective jboss-web.xml --> <property name="authenticators"> <map class="java.util.Properties" keyClass="java.lang.String" valueClass="java.lang.String"> <entry> <key>BASIC</key> <value>org.apache.catalina.authenticator.BasicAuthenticator</value> </entry> <entry> <key>CLIENT-CERT</key> <value>org.apache.catalina.authenticator.SSLAuthenticator</value> </entry> <entry> <key>DIGEST</key> <value>org.apache.catalina.authenticator.DigestAuthenticator</value> </entry> <entry> <key>FORM</key> <value>org.apache.catalina.authenticator.FormAuthenticator</value> </entry> <entry> <key>NONE</key> <value>org.apache.catalina.authenticator.NonLoginAuthenticator</value> </entry> </map> </property> {code} Note that it's better to configure this in the WEB-INF/jboss-web.xml of your application (if you don't have that file then add a new one). That way you don't have to keep looking for the location of this file every time the file is moved between versions. The comments in the above xml file, tell you how to add the authenticators in your jboss-web.xml
-
8. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
jaikiran Mar 17, 2010 4:11 AM (in response to gunnarbos)Hmm, you seem to have edited your post while i was typing my previous reply
gunnarbos wrote:
In the file: "war-deployers-jboss.beans.xml" I've found this interresting remark
<!-- You can configure a set of authenticators keyed by http-auth method
used. This will apply the same set of authenticators across all web
applications. You can override the set of authenticators at the web
application level by adding <authenticators> element to the respective
jboss-web.xml
-->
But I don't see how I can add <authenticators> elements to my jboss-web.xml file.
This is the jboss-web.xml file I have now:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 5.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
<security-domain>java:/jaas/casablanca</security-domain>
<context-root>/ebill-front</context-root>
</jboss-web>
Gunnar
Looking at the jboss-web_5_0.dtd, the authenticators element is no longer available. But it's there in jboss-web_4_2.dtd:
<!ELEMENT jboss-web (class-loading?, security-domain?, jacc-star-role-allow?, context-root?, virtual-host*, use-session-cookies?, replication-config?, resource-env-ref*, resource-ref*, security-role*, ejb-ref*, ejb-local-ref*, message-destination-ref*, message-destination*, webservice-description*, service-ref*, depends*, servlet*, authenticators*)>
Try using that in AS-5, i believe it should work. The dtd can be found in JBOSS_HOME/docs/dtd/jboss-web_4_2.dtd
-
9. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
gunnarbos Mar 17, 2010 5:01 AM (in response to jaikiran)Hi,
I've tried your suggestion like this:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 4.2//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_2.dtd">
<jboss-web>
<security-domain>java:/jaas/casablanca</security-domain>
<context-root>/ebill-front</context-root>
<authenticators>
<authenticator>
<key>CAPTCHAFORM</key>
<value>mydomain.jcaptcha.CaptchaAuthenticator</value>
</authenticator>
</authenticators>
</jboss-web>
but now I get an exception when starting JBoss
Caused by: org.jboss.xb.binding.JBossXBRuntimeException: authenticators cannot appear in this position. Expected content of jboss-web is unordered_sequence: security-role* max-active-sessions? webservice-description* class-loading? jacc-star-role-allow? message-destination* servlet* replication-config? passivation-config? context-root? security-domain? virtual-host* use-session-cookies? depends* {unordered_sequence jndiEnvironmentRefsGroup}?
at org.jboss.xb.binding.sunday.unmarshalling.SundayContentHandler.startElement(SundayContentHandler.java:449)
Obviously I can't use the 4.2 DTD!
Gunnar
-
10. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
jaikiran Mar 17, 2010 5:14 AM (in response to gunnarbos)I had a quick look at the code and it looks like the metadata which back the jboss-web.dtd/xsd, no longer supports this irrespective of the dtd/xsd version. So i guess, you are left with changing the global war-deployers-jboss-beans.xml file. -
11. Re: migrating an app from JB 4.0 to 5.1. Problem with login handling.
gunnarbos Mar 17, 2010 5:38 AM (in response to jaikiran)Hi,
It works now!
Thanks to all who helped me out!
Gunnar