我正在尝试为我的Servlet创建JAAS身份验证(在Eclipse中运行Tomcat 7),但是我收到了这个错误。
他是完整的堆栈跟踪: “`
INFO: Starting Servlet Engine: Apache Tomcat/7.0.32
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Geg 19, 2013 9:53:08 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1786 ms
Geg 19, 2013 9:53:30 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
at javax.security.auth.login.LoginContext.init(Unknown Source)
at javax.security.auth.login.LoginContext.<init>(Unknown Source)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Geg 19, 2013 10:29:20 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
at javax.security.auth.login.LoginContext.init(Unknown Source)
at javax.security.auth.login.LoginContext.<init>(Unknown Source)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
`
在context.xml中:
<Realm className="org.apache.catalina.realm.JAASRealm"
appName="GdiaLogin"
userClassNames="org.ktu.gdia.core.security.UserPrincipal"
roleClassNames="org.ktu.gdia.core.security.RolePrincipal" />
在jaas.config中(我很确定Tomcat找到它是正确的,因为我在eclipse中添加了带有“run configurations”参数的正确路径):
GdiaLogin {
org.ktu.gdia.core.security.GdiaLoginModule required debug=true;
};
我假设jaas.config ...
有问题我的登录模块,不知道我是否需要在这里提供它,但是,它几乎直接来自我一直关注的教程:
package org.ktu.gdia.core.security;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;
import org.ktu.gdia.core.businesslogic.ControllerFactory;
import org.ktu.gdia.core.interfaces.SecurityControllerInterface;
public class GdiaLoginModule implements LoginModule {
private CallbackHandler handler;
private Subject subject;
private UserPrincipal userPrincipal;
private RolePrincipal rolePrincipal;
private String login;
private List<String> userGroups;
private SecurityControllerInterface securityController;
@Override
public void initialize(Subject subject, CallbackHandler callbackHandler,
Map<String, ?> sharedState, Map<String, ?> options) {
try {
securityController = ControllerFactory.getInstance().getSecurityController();
} catch (ClassNotFoundException | InstantiationException
| IllegalAccessException e) {
throw new RuntimeException("Failed to initialize SecurityController in " + this.getClass().getSimpleName(), e);
}
handler = callbackHandler;
this.subject = subject;
}
@Override
public boolean login() throws LoginException {
Callback[] callbacks = new Callback[2];
callbacks[0] = new NameCallback("login");
callbacks[1] = new PasswordCallback("password", true);
try {
handler.handle(callbacks);
String name = ((NameCallback) callbacks[0]).getName();
String password = String.valueOf(((PasswordCallback) callbacks[1])
.getPassword());
// Here we validate the credentials against some
// authentication/authorization provider.
// It can be a Database, an external LDAP,
// a Web Service, etc.
// For this tutorial we are just checking if
// user is "user123" and password is "pass123"
if (securityController.credentialsValid(name, password)) {
// TODO authenticate
login = name;
userGroups = new ArrayList<String>();
userGroups.add("admin");
return true;
}
if (name != null &&
name.equals("user123") &&
password != null &&
password.equals("pass123")) {
// We store the username and roles
// fetched from the credentials provider
// to be used later in commit() method.
// For this tutorial we hard coded the
// "admin" role
login = name;
userGroups = new ArrayList<String>();
userGroups.add("admin");
return true;
}
// If credentials are NOT OK we throw a LoginException
throw new LoginException("Authentication failed");
} catch (IOException e) {
throw new LoginException(e.getMessage());
} catch (UnsupportedCallbackException e) {
throw new LoginException(e.getMessage());
}
}
@Override
public boolean commit() throws LoginException {
userPrincipal = new UserPrincipal(login);
subject.getPrincipals().add(userPrincipal);
if (userGroups != null && userGroups.size() > 0) {
for (String groupName : userGroups) {
rolePrincipal = new RolePrincipal(groupName);
subject.getPrincipals().add(rolePrincipal);
}
}
return true;
}
@Override
public boolean abort() throws LoginException {
return false;
}
@Override
public boolean logout() throws LoginException {
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(rolePrincipal);
return true;
}
}
编辑:我在eclipse中为tomcat运行配置参数:
-Dcatalina.base="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7" -Dcatalina.home="D:\Servers\GenTreeUploader_Tomcat7" -Dwtp.deploy="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\wtpwebapps" -Djava.endorsed.dirs="D:\Servers\GenTreeUploader_Tomcat7\endorsed" -Djava.security.auth.login.config="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\conf\jaas.config"
好?有什么想法吗?
答案 0 :(得分:20)
根据http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm
您应该为Java设置login.config文件,并通过为JVM指定其位置来告诉Tomcat在哪里找到它,例如通过设置环境变量:
JAVA_OPTS=$JAVA_OPTS -Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config
<强>加强>
对于Windows打开startup.bat
在set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config
okHome
e.g。
:okHome
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config
set "EXECUTABLE=%CATALINA_HOME%\bin\catalina.bat"
答案 1 :(得分:2)
有点迟到的答案但是如果有人在Eclipse中启用JAAS自定义模块时遇到同样的问题:您必须在其启动参数中将jaas.config文件的位置传递给Tomcat。在Eclipse中执行此操作的方法是:
附加参数:-Djava.security.auth.login.config =“”,即:
-Djava.security.auth.login.config =“D:\ tomcat \ 7.0.50”\ conf \ jaas.config“
答案 2 :(得分:1)
我有完全相同的问题:
javax.security.auth.login.LoginException: No LoginModules configured for OwnModule
但文件jaas.config的路径是正确的。我确定,因为当我在jaas.config中出现语法错误时,我得到了异常:
java.io.IOException: Configuration Error:
我通过更改编码文件“jaas.config”解决了这个问题!首先我用UTF-8创建了这个文件然后我被提到异常。当我将编码更改为ANSI时,它一直运行没有问题!有点疯狂。
答案 3 :(得分:1)
如果您将Tomcat 7作为服务运行,则无法使用.bat文件(不会调用它们)。
但是,您可以运行/ bin目录中的.EXE Tomcat7w.exe。您将看到一个带有Java选项卡的面板。您可以在那里添加-D属性(例如指向您的jaas.config文件)。