Discussion:
problem with authentication on jmx-console
costin
2003-04-18 12:40:57 UTC
Permalink
Hi,

I have started to use authentication and used the jmx-console as an
example but,
I have run into a little problem with it.

I am using JBoss 3.2.0.


I have used the same settings on JBoss as I did in the 3.0.7/3.0.6.

I have uncommented the web.xml and jboss-web.xml settings so now I
have a security - constrain and a login config.

############# login-conf.xml ########################
....
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</authentication>
</application-policy>
.....
#####################################################


################### web.xml #########################
<web-app>
....
<!-- A security constraint that restricts access to the HTML JMX console
to users with the role JBossAdmin. Edit the roles to what you want and
uncomment the WEB-INF/jboss-web.xml/security-domain element to enable
secured access to the HTML JMX console.
-->


<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows users with the
role JBossAdmin to access the HTML JMX console web application
</description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>


<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>

<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>
#####################################################

################## jboss-web.xml ###################
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
-->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
#####################################################


Below is the error I received:

<snip>

2003-04-18 15:34:17,506 DEBUG [org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console] JBossUserPrincipal: admin
2003-04-18 15:34:17,508 DEBUG [org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console] created JBossUserRealm::JBossUserPrincipal: admin
2003-04-18 15:34:17,508 DEBUG [org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console] authenticating: Name:admin Password:****
2003-04-18 15:34:17,517 DEBUG [org.jboss.security.plugins.JaasSecurityManager.jmx-console] Login failure
javax.security.auth.login.LoginException: No LoginModules configured for jmx-console
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:350)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:465)
at org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSecurityManager.java:461)
at org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSecurityManager.java:417)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:244)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:219)
at org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.isAuthenticated(JBossUserRealm.java:92)
at org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.authenticate(JBossUserRealm.java:154)
at org.jboss.jetty.security.JBossUserRealm.authenticate(JBossUserRealm.java:323)
at org.mortbay.http.BasicAuthenticator.authenticated(BasicAuthenticator.java:50)
at org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:401)
at org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.java:1456)
....

2003-04-18 15:34:17,519 WARN [org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console] authentication failure: admin
2003-04-18 15:34:17,519 WARN [org.jboss.jbossweb] WARNING: AUTH FAILURE: user admin

</snip>

What happened to the LoginModule defined in he login-conf.xml file?

--
Thanks,
costin



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Neal Sanche
2003-04-18 14:29:33 UTC
Permalink
You've uncommented the section in login-config.xml I see, which is
what the jmx-console was looking for. Then you restarted the server?
That worked for me on 3.2.0.

-Neal
Post by costin
Hi,
I have started to use authentication and used the jmx-console as
an example but,
I have run into a little problem with it.
I am using JBoss 3.2.0.
I have used the same settings on JBoss as I did in the
3.0.7/3.0.6.
I have uncommented the web.xml and jboss-web.xml settings so now
I have a security - constrain and a login config.
############# login-conf.xml ########################
....
<application-policy name = "jmx-console">
<authentication>
<login-module
code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag =
"required" />
</authentication>
</application-policy>
.....
#####################################################
################### web.xml #########################
<web-app>
....
<!-- A security constraint that restricts access to the HTML JMX
console to users with the role JBossAdmin. Edit the roles to what
you want and uncomment the WEB-INF/jboss-web.xml/security-domain
element to enable secured access to the HTML JMX console.
-->
<security-constraint>
<web-resource-collection>
<web-resource-name>HtmlAdaptor</web-resource-name>
<description>An example security config that only allows
users with the role JBossAdmin to access the HTML JMX console web
application </description>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>JBossAdmin</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JBoss JMX Console</realm-name>
</login-config>
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
</web-app>
#####################################################
################## jboss-web.xml ###################
<jboss-web>
<!-- Uncomment the security-domain to enable security. You will
need to edit the htmladaptor login configuration to setup the
login modules used to authentication users.
-->
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
#####################################################
<snip>
2003-04-18 15:34:17,506 DEBUG
[org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console]
JBossUserPrincipal: admin 2003-04-18 15:34:17,508 DEBUG
[org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console] created
JBossUserRealm::JBossUserPrincipal: admin 2003-04-18 15:34:17,508
DEBUG [org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console]
authenticating: Name:admin Password:**** 2003-04-18 15:34:17,517
DEBUG [org.jboss.security.plugins.JaasSecurityManager.jmx-console]
Login failure javax.security.auth.login.LoginException: No
LoginModules configured for jmx-console at
javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:350
) at
javax.security.auth.login.LoginContext.<init>(LoginContext.java:465
) at
org.jboss.security.plugins.JaasSecurityManager.defaultLogin(JaasSec
urityManager.java:461) at
org.jboss.security.plugins.JaasSecurityManager.authenticate(JaasSec
urityManager.java:417) at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurity
Manager.java:244) at
org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurity
Manager.java:219) at
org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.isAuthen
ticated(JBossUserRealm.java:92) at
org.jboss.jetty.security.JBossUserRealm$JBossUserPrincipal.authenti
cate(JBossUserRealm.java:154) at
org.jboss.jetty.security.JBossUserRealm.authenticate(JBossUserRealm
.java:323) at
org.mortbay.http.BasicAuthenticator.authenticated(BasicAuthenticato
r.java:50) at
org.mortbay.http.SecurityConstraint.check(SecurityConstraint.java:4
01) at
org.mortbay.http.HttpContext.checkSecurityConstraints(HttpContext.j
ava:1456) ....
2003-04-18 15:34:17,519 WARN
[org.jboss.jetty.security.JBossUserRealm#JBoss JMX Console]
authentication failure: admin 2003-04-18 15:34:17,519 WARN
[org.jboss.jbossweb] WARNING: AUTH FAILURE: user admin
</snip>
What happened to the LoginModule defined in he login-conf.xml file?
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Scott M Stark
2003-04-18 15:28:59 UTC
Permalink
Works fine for me. There is no login-conf.xml, its login-config.xml.

examples 612>wget http://localhost:8080/jmx-console/
--08:28:18-- http://localhost:8080/jmx-console/
=> `index.html'
Resolving localhost... done.
Connecting to localhost[127.0.0.1]:8080... connected.
HTTP request sent, awaiting response... 401 Unauthorized
Authorization failed.
examples 613>wget http://admin:***@localhost:8080/jmx-console/
--08:28:36-- http://admin:*password*@localhost:8080/jmx-console/
=> `index.html'
Resolving localhost... done.
Connecting to localhost[127.0.0.1]:8080... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]

[ <=> ] 68,108 633.44K/s

08:28:36 (633.44 KB/s) - `index.html' saved [68108]

xxxxxxxxxxxxxxxxxxxxxxxx
Scott Stark
Chief Technology Officer
JBoss Group, LLC
xxxxxxxxxxxxxxxxxxxxxxxx


----- Original Message -----
From: "costin" <***@edison.ro>
To: <jboss-***@lists.sourceforge.net>
Sent: Friday, April 18, 2003 5:40 AM
Subject: [JBoss-user] problem with authentication on jmx-console
Post by costin
Hi,
I have started to use authentication and used the jmx-console as an
example but,
I have run into a little problem with it.
I am using JBoss 3.2.0.
I have used the same settings on JBoss as I did in the 3.0.7/3.0.6.
I have uncommented the web.xml and jboss-web.xml settings so now I
have a security - constrain and a login config.
############# login-conf.xml ########################
....
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</authentication>
</application-policy>
.....
#####################################################
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf

Loading...