Spring 1.2 Resource + Acegi 0.8.2 Jaas problem

[gmansoor]

We just migrated to Spring 1.2, so upgraded Acegi Security from 0.8.0 to 0.8.2 but having this wiered problem. Not exactly sure where the problem lies but let me explain it.

App Server is weblogic 8.1
Spring 1.2
Acegi Security 0.8.2

Using JaasAuthenticationProvider.
I deploy my app and try to login from the webpage. Please note that I am not using AuthenticationProcessingFilter, and call authenticationManager.authenticate from the Struts Action (AuthenticationManager reference is injected to struts action).
I get this error
javax.security.auth.login.LoginException: No LoginModules configured for name ...

Kill the server, restart again and it works fine.

It was working perfectly alright with prev version of Spring and acegi 0.8.0.
Wiered thing is that it works after just restarting. no changes anywhere... just restart.. hard to understand.

Also note that my login config file is in the classpath jar so my entry is like that
<property name="loginConfig">
<value>classpath:login.conf</value>
</property>
If I print the Jaas System property that it sets for conf location. Jar file do exists there, and login.conf is a part of it. I do not see any difference anywhere.

Any idea of where the problem could be?

[gmansoor]

After doing some debugging, it seems that it does find the login config, but unable to find the specified login context, but login context does exists.

LoginContext.getAppConfigurationEntry(name) method fails and returns null, but after a restart same code/conf works fine.

[gmansoor]

Now, I extended JaasAuthenticationProvider, override afterPropertiesSet(), and set the jaas system property through the following code.

URL url = getClass().getResource(loginConfigFile);
System.setProperty("java.security.auth.login.confi g", url.toString());

Basically I added another property loginConfigFile (String parameter), and resolving its info directly myself using Class.getResource(...)
Suprisingly, it worked.
Whats the difference? JaasAuthenticationProvider.setLoginConfig has a parameter Resource, so it uses Property Editor to convert the supplied String (passed through bean) to org.springframework.core.io.Resource

Did something changed related to Resource classes in Spring? Not sure. I have no idea. Did someone else encountered this problem?

[gmansoor]

any one having this problem?

[RayKrueger]

Is there possibly another login.conf in the classpath somewhere?
Would it be possible to rename your login.conf to something else?

[gmansoor]

There is no other login.conf in the claaspath. I put the debug to locate the login.conf entry its try to load. It shows the correct one. I searched for other file, could not find any.

Wiered thing is that it works after restart, why?

[Ben Alex]

Did this get sorted out? If it's a bug, please log it in JIRA so it's tracked: http://opensource.atlassian.com/proj....jspa?id=10040

Thanks!

[lars.vonk]

Hello

Has someone already solved this issue because I encountered the same problem. I am using Acegi 0.8.3, spring 1.2.4 and WL 8.1 SP4.

After some debugging I discovered that sometimes there are two System.properties referencing to the same file. Namely java.security.auth.login.config and a property called login.config.url.x.
I think this somehow confuses the javax.security.auth.login.LoginContext, because if only the system property java.security.auth.login.config is set and refferencing to the specified file it works fine. But after reloading the spring config (e.g. after a hot-deployment) it also sets a property called login.config.url.x and then it gives the error No LoginModules found. Here is the code were that happens:

Code:

    public void afterPropertiesSet() throws Exception {
        //irrelevant code omitted....

        boolean allowed = "true".equalsIgnoreCase(Security.getProperty(
                    "policy.allowSystemProperty"));

        if (allowed && (System.getProperty(SYSPROP) == null)) {
            log.debug("Setting system property [" + SYSPROP + "] to: "
                + loginConfigStr);
            System.setProperty(SYSPROP, loginConfigStr);
        } else {
            setPropertyUsingLoop(loginConfigStr);
        }

        // irrelevant code omitted....
    }

To fix this I also overrote the JaasAuthenticationProvider.afterPropertiesSet and there I check if the System.property java.security.auth.login.config is already set and reffering to the file specified in the Spring config (now only a check for null is done), if not I call the afterPropertiesSet of the JaasAuthenticationProvider itself. This works fine.

Lars.

[hand2008]

I have the same problem. Currently I'm using Acegi 1.0.0 and JBoss 4.

Here is my configuration:
<bean id="jaasAuthenticationProvider" class="org.acegisecurity.providers.jaas.JaasAuthen ticationProvider">
<property name="loginConfig">
<value>/WEB-INF/login.conf</value>
</property>
<property name="loginContextName" >
<value>ldapJAAS</value>
</property>
<property name="callbackHandlers">
<list>
<bean class="org.acegisecurity.providers.jaas.JaasNameCa llbackHandler"/>
<bean class="org.acegisecurity.providers.jaas.JaasPasswo rdCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean class="some.TestAuthorityGranter"/>
</list>
</property>
</bean>

Here is the information i got from server log:
2006-06-27 08:21:07,187 DEBUG [org.acegisecurity.ui.webapp.AuthenticationProcessi ngFilter] Updated SecurityContextHolder to contain null Authentication
2006-06-27 08:21:07,187 DEBUG [org.acegisecurity.ui.webapp.AuthenticationProcessi ngFilter] Authentication request failed: org.acegisecurity.AuthenticationServiceException: No LoginModules configured for ldapJAAS; nested exception is javax.security.auth.login.LoginException: No LoginModules configured for ldapJAAS

My loginContext was not found, although I specified the right loginConfig file. I had to setup the same application policy in login-config.xml to make it work.
Basically, my login.conf is never recongnized.

Any idea what happened? Thanks.

[frederic.visticot]

Acegi acegi-security-1.0.0-RC1.jar

/WEB-INF/loginmodule.conf:loginmodule {
com.alcatel.in.osp.services.security.jaas.INLoginM odule required; };


<bean id="jaasAuthenticationProvider" class="com.alcatel.in.osp.services.security.jaas.I NJaasAuthenticationProvider">
<property name="loginConfig">
<value>/WEB-INF/loginmodule.conf</value>
</property>
<property name="loginContextName">
<value>loginmodule</value>
</property>
<property name="callbackHandlers">
<list>
<bean class="org.acegisecurity.providers.jaas.JaasNameCa llbackHandler"/>
<bean class="org.acegisecurity.providers.jaas.JaasPasswo rdCallbackHandler"/>
</list>
</property>
<property name="authorityGranters">
<list>
<bean class="test.ageci.INAuthorityGranter"/>
</list>
</property>
</bean>




01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - Authentication attempt using org.acegisecurity.providers.jaas.JaasAuthenticatio nProvider
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - Updated SecurityContextHolder to contain null Authentication
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - Authentication request failed: org.acegisecurity.AuthenticationServiceException: Aucun LoginModule configuré pour loginmodule; nested exception is javax.security.auth.login.LoginException: Aucun LoginModule configuré pour loginmodule
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - SecurityContextHolder set to new context, as request processing completed
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - Converted URL to lowercase, from: '/faces/login.jspx?error=true'; to: '/faces/login.jspx?error=true'
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - Candidate is: '/faces/login.jspx?error=true'; pattern is /**; matched=true
01 déc. 2006 17:52:17,752 - DEBUG [ApplicationServerThread-0] - /faces/login.jspx?error=true at position 1 of 5 in additional filter chain; firing Filter: 'org.acegisecurity.context.HttpSessionContextInteg rationFilter@4b0'