We are in the process of migrating an application that uses JAAS from
JBoss to BEA. I am having trouble getting the BEA deployment set up so that my custom login module is created and used correctly. I believe that I have done something wrong in the way I have set up permissions in my weblogic.policy file. Here's what I see:
To begin with, I am starting the weblogic server using a -D command that points to my login.config file:
-Djava.security.auth.login.config=${JAVA_HOME}/jre/lib/security/weblogic-login.config
I can then see that the server knows to use this file (and the custom loign module defined by that file) because the server echoes this out when it starts:
java.security.auth.login.config = /opt/bea/jdk142_08/jre/lib/security/weblogic-login.config
java.security.policy = /opt/bea/weblogic81/server/lib/weblogic.policy
So far, so good (I think). Now, when I open the security wide open in my weblogic.config file, my custom login module DOES get created and used by the application. However, I don't want the security as broad as this (I like to narrow it down to what I really need):
grant {
permission java.security.AllPermission;
};
So now I have begun to attempt to grant only those permissions that I really want:
grant {
permission java.lang.RuntimePermission "*";
permission java.io.FilePermission "${/}opt${/}bea${/}weblogic81${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}user_projects${/}domains${/}-", "read,write,delete";
permission java.io.FilePermission "${/}opt${/}bea${/}-", "read,write,delete";
permission java.io.FilePermission "${/}tmp${/}-", "read,write,delete";
permission java.util.PropertyPermission "*", "read";
permission java.net.SocketPermission "*", "connect";
permission javax.security.auth.AuthPermission "*";
permission java.security.auth.AuthPermission "*";
};
However, I now get this error when I attempt to create my custom login module:
ERROR [gov.va.med.logservice] No LoginModules configured for EelsLogin
javax.security.auth.login.LoginException: No LoginModules configured for EelsLogin
at javax.security.auth.login.LoginContext.init(LoginContext.java:189)
at javax.security.auth.login.LoginContext.<init>(LoginContext.java:404)
at gov.va.med.logService.struts.action.EelsLoginAction.execute(EelsLoginAction.java:87)
at org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:419)
at org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:224)
at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1194)
at org.apache.struts.action.ActionServlet.doPost(ActionServlet.java:432)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:760)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1072)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:465)
at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:348)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6981)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3892)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2766)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:224)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:183)
Any ideas?
- Ben
