javax.security.auth.login.LoginException:没有为SomeLogin配置LoginModule

时间:2013-05-19 19:53:30

标签: java eclipse authentication tomcat jaas

我正在尝试为我的Servlet创建JAAS身份验证(在Eclipse中运行Tomcat 7),但是我收到了这个错误。

他是完整的堆栈跟踪: “`

INFO: Starting Servlet Engine: Apache Tomcat/7.0.32
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Geg 19, 2013 9:53:08 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1786 ms
Geg 19, 2013 9:53:30 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
    at javax.security.auth.login.LoginContext.init(Unknown Source)
    at javax.security.auth.login.LoginContext.<init>(Unknown Source)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Geg 19, 2013 10:29:20 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
    at javax.security.auth.login.LoginContext.init(Unknown Source)
    at javax.security.auth.login.LoginContext.<init>(Unknown Source)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

`

在context.xml中:

<Realm className="org.apache.catalina.realm.JAASRealm" 
appName="GdiaLogin"
userClassNames="org.ktu.gdia.core.security.UserPrincipal"
roleClassNames="org.ktu.gdia.core.security.RolePrincipal" />

在jaas.config中(我很确定Tomcat找到它是正确的,因为我在eclipse中添加了带有“run configurations”参数的正确路径):

  GdiaLogin {
    org.ktu.gdia.core.security.GdiaLoginModule required debug=true;
};

我假设jaas.config ...

有问题

我的登录模块,不知道我是否需要在这里提供它,但是,它几乎直接来自我一直关注的教程:

    package org.ktu.gdia.core.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.ktu.gdia.core.businesslogic.ControllerFactory;
import org.ktu.gdia.core.interfaces.SecurityControllerInterface;

public class GdiaLoginModule implements LoginModule {

  private CallbackHandler handler;
  private Subject subject;
  private UserPrincipal userPrincipal;
  private RolePrincipal rolePrincipal;
  private String login;
  private List<String> userGroups;

  private SecurityControllerInterface securityController;


  @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler,
            Map<String, ?> sharedState, Map<String, ?> options) {

      try {

        securityController = ControllerFactory.getInstance().getSecurityController();

    } catch (ClassNotFoundException | InstantiationException
            | IllegalAccessException e) {

        throw new RuntimeException("Failed to initialize SecurityController in " + this.getClass().getSimpleName(), e);
    }
      handler = callbackHandler;
      this.subject = subject;
  }

  @Override
  public boolean login() throws LoginException {

    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("login");
    callbacks[1] = new PasswordCallback("password", true);

    try {
      handler.handle(callbacks);
      String name = ((NameCallback) callbacks[0]).getName();
      String password = String.valueOf(((PasswordCallback) callbacks[1])
          .getPassword());

      // Here we validate the credentials against some
      // authentication/authorization provider.
      // It can be a Database, an external LDAP, 
      // a Web Service, etc.
      // For this tutorial we are just checking if 
      // user is "user123" and password is "pass123"

      if (securityController.credentialsValid(name, password)) {

          // TODO authenticate

          login = name;
          userGroups = new ArrayList<String>();
          userGroups.add("admin");
          return true;

      }

      if (name != null &&
          name.equals("user123") &&
          password != null &&
          password.equals("pass123")) {

        // We store the username and roles
        // fetched from the credentials provider
        // to be used later in commit() method.
        // For this tutorial we hard coded the
        // "admin" role
        login = name;
        userGroups = new ArrayList<String>();
        userGroups.add("admin");
        return true;
      }

      // If credentials are NOT OK we throw a LoginException
      throw new LoginException("Authentication failed");

    } catch (IOException e) {
      throw new LoginException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
      throw new LoginException(e.getMessage());
    }

  }

  @Override
  public boolean commit() throws LoginException {

    userPrincipal = new UserPrincipal(login);
    subject.getPrincipals().add(userPrincipal);

    if (userGroups != null && userGroups.size() > 0) {
      for (String groupName : userGroups) {
        rolePrincipal = new RolePrincipal(groupName);
        subject.getPrincipals().add(rolePrincipal);
      }
    }

    return true;
  }

  @Override
  public boolean abort() throws LoginException {
    return false;
  }

  @Override
  public boolean logout() throws LoginException {
    subject.getPrincipals().remove(userPrincipal);
    subject.getPrincipals().remove(rolePrincipal);
    return true;
  }

}

编辑:我在eclipse中为tomcat运行配置参数:

-Dcatalina.base="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7" -Dcatalina.home="D:\Servers\GenTreeUploader_Tomcat7" -Dwtp.deploy="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\wtpwebapps" -Djava.endorsed.dirs="D:\Servers\GenTreeUploader_Tomcat7\endorsed" -Djava.security.auth.login.config="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\conf\jaas.config"

好?有什么想法吗?

4 个答案:

答案 0 :(得分:20)

根据http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm

您应该为Java设置login.config文件,并通过为JVM指定其位置来告诉Tomcat在哪里找到它,例如通过设置环境变量: JAVA_OPTS=$JAVA_OPTS -Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config

<强>加

对于Windows打开startup.batset JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config

之后添加以下行:okHome

e.g。

:okHome
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config
set "EXECUTABLE=%CATALINA_HOME%\bin\catalina.bat"

答案 1 :(得分:2)

有点迟到的答案但是如果有人在Eclipse中启用JAAS自定义模块时遇到同样的问题:您必须在其启动参数中将jaas.config文件的位置传递给Tomcat。在Eclipse中执行此操作的方法是:

  1. 双击服务器选项卡上的Tomcat实例
  2. 点击“打开启动配置”
  3. 在“参数”选项卡中,有一个VM参数输入文本。
  4. 附加参数:-Djava.security.auth.login.config =“”,即:

    -Djava.security.auth.login.config =“D:\ tomcat \ 7.0.50”\ conf \ jaas.config“

  5. 单击“应用”,“确定”并重新启动服务器

答案 2 :(得分:1)

我有完全相同的问题:

javax.security.auth.login.LoginException: No LoginModules configured for OwnModule

但文件jaas.config的路径是正确的。我确定,因为当我在jaas.config中出现语法错误时,我得到了异常:

java.io.IOException: Configuration Error:

我通过更改编码文件“jaas.config”解决了这个问题!首先我用UTF-8创建了这个文件然后我被提到异常。当我将编码更改为ANSI时,它一直运行没有问题!有点疯狂。

答案 3 :(得分:1)

如果您将Tomcat 7作为服务运行,则无法使用.bat文件(不会调用它们)。

但是,您可以运行/ bin目录中的.EXE Tomcat7w.exe。您将看到一个带有Java选项卡的面板。您可以在那里添加-D属性(例如指向您的jaas.config文件)。