Weel am trying to connect to FileNet server on my windows server 2012 Virtual Machine. Evrything works like a charme when am using a standalone java application to do it. But when the connection tentative is done from a Web Application on JBOSS AS 7.1 boom everything is going crazy.
Am getting this exception:
FNRCE0040E: E_NOT_AUTHENTICATED: L'utilisateur n'est pas authentifié. Message : PBOX000070: Password invalid/Password required
Could someone help me please ?
I found the solution, I added the folowing lines to the standalone-full.xml
<security-domain name="FileNetP8WSI" cache-type="default">
<authentication>
<login-module code="com.filenet.api.util.WSILoginModule" flag="required">
<module-option name="userName" value="YourUserName"/>
<module-option name="password" value="YourPassword"/>
</login-module>
</authentication>
</security-domain>
Related
I practise sip scenarios based on mobicents sip servlets. I have Restcomm-JBoss-AS7-8.2.0.1221 and my own sip application deployed on it (restcomm app is disabled). I encountered a problem with enabling jboss security. What I did:
1.Create sip-servlets-roles.properties
admin=caller
2.Create sip-servlets-users.properties (for user alice, domain 192.168.56.101, password 1234)
admin=6f8002e56ee173a3a39144ea90d18a39
3.Put above files to ../Restcomm-JBoss-AS7-8.2.0.1221/standalone/configuration
4.Deploy sip application with sip.xml
<security-constraint>
<display-name>REGISTER Method Security Constraint</display-name>
<resource-collection>
<resource-name>SipServletApp</resource-name>
<description>Require authenticated REGSITER requests</description>
<servlet-name>SipServletApp</servlet-name>
<sip-method>REGISTER</sip-method>
</resource-collection>
<auth-constraint>
<role-name>caller</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>DIGEST</auth-method>
<realm-name>192.168.56.101</realm-name>
</login-config>
5.standalone-sip.xml is unchanged
<security-domain name="sip-servlets">
<authentication>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/sip-servlets-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/sip-servlets-roles.properties"/>
<module-option name="hashAlgorithm" value="MD5"/>
<module-option name="hashEncoding" value="RFC2617"/>
<module-option name="hashUserPassword" value="false"/>
<module-option name="hashStorePassword" value="true"/>
<module-option name="passwordIsA1Hash" value="true"/>
<module-option name="storeDigestCallback" value="org.jboss.security.auth.callback.RFC2617Digest"/>
</login-module>
</authentication>
</security-domain>
6.Try to register user alice with zoiper
wireshark trace
7.Enabling trace level and got Error in jboss logs
14:14:10,140 DEBUG [org.jboss.security] (Restcomm-SIP-Servlets-UDPMessageChannelThread-44) PBOX000206: Login failure: javax.security.auth.login.LoginException: java.lang.NullPointerException
at org.jboss.security.auth.spi.Util.createPasswordHash(Util.java:424)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.createPasswordHash(UsernamePasswordLoginModule.java:450)
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:280)
...
8.DAR is set to my sip app
So the question is what is wrong with this configuration?
Your storePassword, ie. admin=6f8002e56ee173a3a39144ea90d18a39 is already hashed. module-option name="hashStorePassword" value="true", should be value="false"
Its been more than 3 days couldn't figure out what is wrong with my Jenkins.
I have Jenkins job, which pull the source from Bitbucket and build and Deploy in Jboss 5.1.
But at the time of deployment I am getting the bellow exception tried multiple solution but I am getting the same annoying error.
Stack-trace
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 2.534 s
[INFO] Finished at: 2015-07-08T03:19:04+05:30
[INFO] Final Memory: 13M/176M
[INFO] ------------------------------------------------------------------------
[JENKINS] Archiving /var/lib/jenkins/jobs/SpringHelloWorld/workspace/pom.xml to com.programcreek/HelloWorld/0.0.1-SNAPSHOT/HelloWorld-0.0.1-SNAPSHOT.pom
[JENKINS] Archiving /var/lib/jenkins/jobs/SpringHelloWorld/workspace/target/HelloWorld.war to com.programcreek/HelloWorld/0.0.1-SNAPSHOT/HelloWorld-0.0.1-SNAPSHOT.war
channel stopped
Deploying /var/lib/jenkins/jobs/SpringHelloWorld/workspace/target/HelloWorld.war to container JBoss 5.x Remote
The undeployment phase of the redeploy action has failed: org.codehaus.cargo.util.CargoException: Cannot undeploy deployable org.codehaus.cargo.container.deployable.WAR[HelloWorld.war]
ERROR: Build step failed with exception
org.codehaus.cargo.util.CargoException: Cannot deploy deployable org.codehaus.cargo.container.deployable.WAR[HelloWorld.war]
at org.codehaus.cargo.container.jboss.JBoss5xRemoteDeployer.deploy(JBoss5xRemoteDeployer.java:216)
at org.codehaus.cargo.container.spi.deployer.AbstractDeployer.redeploy(AbstractDeployer.java:212)
at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:73)
at hudson.plugins.deploy.CargoContainerAdapter$1.invoke(CargoContainerAdapter.java:116)
at hudson.plugins.deploy.CargoContainerAdapter$1.invoke(CargoContainerAdapter.java:103)
at hudson.FilePath.act(FilePath.java:989)
at hudson.FilePath.act(FilePath.java:967)
at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:103)
at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:61)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:761)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:721)
at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1053)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:670)
at hudson.model.Run.execute(Run.java:1766)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:537)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:374)
Caused by: javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.ClientLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:800)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.codehaus.cargo.tools.jboss.JBossDeployer.getDeploymentManager(JBossDeployer.java:176)
at org.codehaus.cargo.tools.jboss.JBossDeployer.deploy(JBossDeployer.java:71)
at org.codehaus.cargo.container.jboss.JBoss5xRemoteDeployer.deploy(JBoss5xRemoteDeployer.java:212)
... 17 more
javax.security.auth.login.LoginException: unable to find LoginModule class: org.jboss.security.ClientLoginModule
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:800)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.codehaus.cargo.tools.jboss.JBossDeployer.getDeploymentManager(JBossDeployer.java:176)
at org.codehaus.cargo.tools.jboss.JBossDeployer.deploy(JBossDeployer.java:71)
at org.codehaus.cargo.container.jboss.JBoss5xRemoteDeployer.deploy(JBoss5xRemoteDeployer.java:212)
at org.codehaus.cargo.container.spi.deployer.AbstractDeployer.redeploy(AbstractDeployer.java:212)
at hudson.plugins.deploy.CargoContainerAdapter.deploy(CargoContainerAdapter.java:73)
at hudson.plugins.deploy.CargoContainerAdapter$1.invoke(CargoContainerAdapter.java:116)
at hudson.plugins.deploy.CargoContainerAdapter$1.invoke(CargoContainerAdapter.java:103)
at hudson.FilePath.act(FilePath.java:989)
at hudson.FilePath.act(FilePath.java:967)
at hudson.plugins.deploy.CargoContainerAdapter.redeploy(CargoContainerAdapter.java:103)
at hudson.plugins.deploy.DeployPublisher.perform(DeployPublisher.java:61)
at hudson.tasks.BuildStepMonitor$3.perform(BuildStepMonitor.java:45)
at hudson.model.AbstractBuild$AbstractBuildExecution.perform(AbstractBuild.java:761)
at hudson.model.AbstractBuild$AbstractBuildExecution.performAllBuildSteps(AbstractBuild.java:721)
at hudson.maven.MavenModuleSetBuild$MavenModuleSetBuildExecution.post2(MavenModuleSetBuild.java:1053)
at hudson.model.AbstractBuild$AbstractBuildExecution.post(AbstractBuild.java:670)
at hudson.model.Run.execute(Run.java:1766)
at hudson.maven.MavenModuleSetBuild.run(MavenModuleSetBuild.java:537)
at hudson.model.ResourceController.execute(ResourceController.java:98)
at hudson.model.Executor.run(Executor.java:374)
Build step 'Deploy war/ear to a container' marked build as failure
Finished: FAILURE
I tried multiple ways.
After searching a lot what I found
jbossx/jbossx-security-client.jar.zip is missing in jboss lib, so
i downloaded the jar and pasted into the lib.
But the problem is still there
I tried to modify login-config.xml but this is also not working for me.
The content of login-config.xml look like this.
<?xml version='1.0'?>
<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.
The outline of the application-policy is:
<application-policy name="security-domain-name">
<authentication>
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>
<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</authentication>
</application-policy>
$Id: login-config.xml 87078 2009-04-09 14:23:47Z bstansberry#jboss.com $
$Revision: 87078 $
-->
<policy>
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name="client-login">
<authentication>
<login-module code="org.jboss.security.ClientLoginModule"
flag="required">
<!-- Any existing security context will be restored on logout -->
<module-option name="restore-login-identity">true</module-option>
</login-module>
</authentication>
</application-policy>
<!-- Security domains for testing new jca framework -->
<application-policy name="HsqlDbRealm">
<authentication>
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag="required">
<module-option name="principal">sa</module-option>
<module-option name="userName">sa</module-option>
<module-option name="password"></module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</authentication>
</application-policy>
<application-policy name="JmsXARealm">
<authentication>
<login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag="required">
<module-option name="principal">guest</module-option>
<module-option name="userName">guest</module-option>
<module-option name="password">guest</module-option>
<module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</authentication>
</application-policy>
<!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jmx-console-users.properties</module-option>
<module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
<!-- A template configuration for the web-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="web-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">web-console-users.properties</module-option>
<module-option name="rolesProperties">web-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
<!--
A template configuration for the JBossWS security domain.
This defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name="JBossWS">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="usersProperties">props/jbossws-users.properties</module-option>
<module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
<module-option name="unauthenticatedIdentity">anonymous</module-option>
</login-module>
</authentication>
</application-policy>
<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<application-policy name="other">
<!-- A simple server login module, which can be used when the number
of users is relatively small. It uses two properties files:
users.properties, which holds users (key) and their password (value).
roles.properties, which holds users (key) and a comma-separated list of
their roles (value).
The unauthenticatedIdentity property defines the name of the principal
that will be used when a null username and password are presented as is
the case for an unuathenticated web client or MDB. If you want to
allow such users to be authenticated add the property, e.g.,
unauthenticatedIdentity="nobody"
-->
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required"/>
</authentication>
</application-policy>
</policy>
I am not sure what do I do with this file.
Does anybody have any clue regarding this ??
After searching a lot, what I found that Deploy plug-in it self has a problem. so I used another method to do so. Since, we are able to build the project, what are we left with is to only deploy the project in the Jboss. So instead of using deploy plug-in I am using shell script. "SCP" to copy the .war file in Jboss deploy folder and restart the jboss with shell script as well.
And its done
We are using the JBoss supplied generic resource adapter to connect to JMS queues on Tibco EMS server. We don't use any authentication to connect to Tibo EMS, that is we connect without username and password. However, the configuration of the resource adapter requires a recovery element (for XA recovery) that specifies some kind of authentication, see [1].
Someone mentioned that we might be able to define a custom security domain that always authenticates or returns empty username and passwords. (Specifying empty username or password directly in the recover element is not allowed)
Does anyone know how to make such a dummy security-domain?
We're running JBoss EAP 6.2.2.
[1] https://access.redhat.com/site/solutions/361463
This snippet in the standalone.xml did the trick:
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="no-authentication" cache-type="default">
<authentication>
<login-module code="ConfiguredIdentity" flag="required">
<module-option name="username" value=""/>
<module-option name="password" value=""/>
<module-option name="principal" value=""/>
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
I'm trying to enable access to Guvnor through LDAP defined roles. I've managed to get JBoss to connect to my LDAP server and authenticate by user, but I have no idea how to do that by role instead. What I want is to allow, for example, all users with the Role "Guvnor Administrator" to log into the Guvnor page.
Can anyone help me with this? I've tried several configurations, including modifying the web.xml in guvnor.war, but the closest I could get to role-based authorization was through configuring user permissions in the Guvnor administration page.
My standalone.xml:
<security-domain name="drools-guvnor" cache-type="default">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://myLDAPHost"/>
<module-option name="baseCtxDN" value="ou=Users,dc=proj,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=Roles, dc=flow,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
</login-module>
</authentication>
</security-domain>
beans.xml:
<security:IdentityImpl> <s:modifies/>
<!-- JAAS based authentication -->
<security:authenticatorName>jaasAuthenticator</security:authenticatorName>
</security:IdentityImpl>
<security:jaas.JaasAuthenticator>
<s:modifies/>
<security:jaasConfigName>drools-guvnor</security:jaasConfigName>
</security:jaas.JaasAuthenticator>
<!-- SECURITY AUTHORIZATION CONFIGURATION --> <!-- This is used to enable or disable role-based authorization. By default it is disabled. -->
<guvnorSecurity:RoleBasedPermissionResolver>
<s:modifies/>
<guvnorSecurity:enableRoleBasedAuthorization>true</guvnorSecurity:enableRoleBasedAuthorization>
</guvnorSecurity:RoleBasedPermissionResolver>
<weld:scan>
<!-- Disable the seam-security by drools rules
<weld:exclude name="org.jboss.seam.security.permission.RuleBasedPermissionResolver"/>-->
<!-- TODO remove me when GUVNOR-1196 is fixed -->
<weld:exclude name="org.drools.guvnor.gwtutil.**"/>
<weld:exclude name="org.drools.guvnor.client.**"/>
</weld:scan>
I want to develop a simple java web application with JBoss 7 server to enable login from username/password entered by the user and authenticate with ldap.
So this is what i wrote in web.xml placed in WEB-INF/
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Enter user name and password</realm-name>
</login-config>
then added jboss-web.xml in same folder
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>java:/jaas/website-domain</security-domain>
</jboss-web>
Then I added the website-domain realm in standalone.xml
<security-domain name="website-domain" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://localhost:10389"/>
<module-option name="bindDN" value="ou=people,dc=mycompany,dc=com" />
<module-option name="bindCredential" value="shad"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="Context.REFERRAL" value="follow"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="allowEmptyPasswords" value="true"/>
</login-module>
</authentication>
</security-domain>
So how the username and password entered will be sent to these modules ? Or do I have to write a custom JAAS realm ? Is their any working example you guys can share me??
I wrote a post in portuguese...
http://jbossdivers.wordpress.com/2012/02/12/utilizando-ldap-login-module-no-jboss-as-7-1/
Your webapp needs to point to your security domain website-domain by adding a line in WEB-INF/jboss-web.xml
<security-domain flushOnSessionInvalidation="true">java:/jaas/website-domain</security-domain>
I believe in Jboss 7 you need to only specify website-domain (no java:/jaas/ prefix)