18

好吧,我正在尝试为我的 Servlet(在 Eclipse 中的 Tomcat 7 上运行)创建 JAAS 身份验证,但出现此错误。

他是完整的堆栈跟踪:'`

INFO: Starting Servlet Engine: Apache Tomcat/7.0.32
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
Geg 19, 2013 9:53:08 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
Geg 19, 2013 9:53:08 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1786 ms
Geg 19, 2013 9:53:30 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
    at javax.security.auth.login.LoginContext.init(Unknown Source)
    at javax.security.auth.login.LoginContext.<init>(Unknown Source)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

Geg 19, 2013 10:29:20 PM org.apache.catalina.realm.JAASRealm authenticate
SEVERE: Unexpected error
javax.security.auth.login.LoginException: No LoginModules configured for GdiaLogin
    at javax.security.auth.login.LoginContext.init(Unknown Source)
    at javax.security.auth.login.LoginContext.<init>(Unknown Source)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:392)
    at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:332)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:158)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:544)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

`

在 context.xml 中:

<Realm className="org.apache.catalina.realm.JAASRealm" 
appName="GdiaLogin"
userClassNames="org.ktu.gdia.core.security.UserPrincipal"
roleClassNames="org.ktu.gdia.core.security.RolePrincipal" />

在 jaas.config 中(我很确定 Tomcat 能正确找到它,因为我在 eclipse 中添加了带有“运行配置”参数的正确路径):

  GdiaLogin {
    org.ktu.gdia.core.security.GdiaLoginModule required debug=true;
};

我假设 jaas.config 一定有问题...

我的登录模块,不确定我是否需要在这里提供它,但它几乎直接来自我一直在关注的教程:

    package org.ktu.gdia.core.security;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.NameCallback;
import javax.security.auth.callback.PasswordCallback;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import javax.security.auth.spi.LoginModule;

import org.ktu.gdia.core.businesslogic.ControllerFactory;
import org.ktu.gdia.core.interfaces.SecurityControllerInterface;

public class GdiaLoginModule implements LoginModule {

  private CallbackHandler handler;
  private Subject subject;
  private UserPrincipal userPrincipal;
  private RolePrincipal rolePrincipal;
  private String login;
  private List<String> userGroups;

  private SecurityControllerInterface securityController;


  @Override
    public void initialize(Subject subject, CallbackHandler callbackHandler,
            Map<String, ?> sharedState, Map<String, ?> options) {

      try {

        securityController = ControllerFactory.getInstance().getSecurityController();

    } catch (ClassNotFoundException | InstantiationException
            | IllegalAccessException e) {

        throw new RuntimeException("Failed to initialize SecurityController in " + this.getClass().getSimpleName(), e);
    }
      handler = callbackHandler;
      this.subject = subject;
  }

  @Override
  public boolean login() throws LoginException {

    Callback[] callbacks = new Callback[2];
    callbacks[0] = new NameCallback("login");
    callbacks[1] = new PasswordCallback("password", true);

    try {
      handler.handle(callbacks);
      String name = ((NameCallback) callbacks[0]).getName();
      String password = String.valueOf(((PasswordCallback) callbacks[1])
          .getPassword());

      // Here we validate the credentials against some
      // authentication/authorization provider.
      // It can be a Database, an external LDAP, 
      // a Web Service, etc.
      // For this tutorial we are just checking if 
      // user is "user123" and password is "pass123"

      if (securityController.credentialsValid(name, password)) {

          // TODO authenticate

          login = name;
          userGroups = new ArrayList<String>();
          userGroups.add("admin");
          return true;

      }

      if (name != null &&
          name.equals("user123") &&
          password != null &&
          password.equals("pass123")) {

        // We store the username and roles
        // fetched from the credentials provider
        // to be used later in commit() method.
        // For this tutorial we hard coded the
        // "admin" role
        login = name;
        userGroups = new ArrayList<String>();
        userGroups.add("admin");
        return true;
      }

      // If credentials are NOT OK we throw a LoginException
      throw new LoginException("Authentication failed");

    } catch (IOException e) {
      throw new LoginException(e.getMessage());
    } catch (UnsupportedCallbackException e) {
      throw new LoginException(e.getMessage());
    }

  }

  @Override
  public boolean commit() throws LoginException {

    userPrincipal = new UserPrincipal(login);
    subject.getPrincipals().add(userPrincipal);

    if (userGroups != null && userGroups.size() > 0) {
      for (String groupName : userGroups) {
        rolePrincipal = new RolePrincipal(groupName);
        subject.getPrincipals().add(rolePrincipal);
      }
    }

    return true;
  }

  @Override
  public boolean abort() throws LoginException {
    return false;
  }

  @Override
  public boolean logout() throws LoginException {
    subject.getPrincipals().remove(userPrincipal);
    subject.getPrincipals().remove(rolePrincipal);
    return true;
  }

}

编辑:我在 Eclipse 中为 tomcat 运行配置参数:

-Dcatalina.base="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7" -Dcatalina.home="D:\Servers\GenTreeUploader_Tomcat7" -Dwtp.deploy="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\wtpwebapps" -Djava.endorsed.dirs="D:\Servers\GenTreeUploader_Tomcat7\endorsed" -Djava.security.auth.login.config="D:\Dropbox\EclipseWorkspace\.metadata\.plugins\org.eclipse.wst.server.core\tmp7\conf\jaas.config"

出色地?有任何想法吗?

4

4 回答 4

23

根据http://tomcat.apache.org/tomcat-7.0-doc/realm-howto.html#JAASRealm

您应该为 Java 设置 login.config 文件,并通过将其位置指定给 JVM 来告诉 Tomcat 在哪里找到它,例如通过设置环境变量: JAVA_OPTS=$JAVA_OPTS -Djava.security.auth.login.config=$CATALINA_BASE/conf/jaas.config

添加

对于 Windows 打开startup.bat 添加以下行:set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config之后okHome

例如

:okHome
set JAVA_OPTS=%JAVA_OPTS% -Djava.security.auth.login.config=%CATALINA_HOME%/conf/jaas.config
set "EXECUTABLE=%CATALINA_HOME%\bin\catalina.bat"
于 2013-05-20T06:39:16.700 回答
3

答案有点晚,但如果有人在 Eclipse 中启用他们的 JAAS 自定义模块时遇到同样的问题:您必须在启动参数中将 jaas.config 文件的位置传递给 Tomcat。在 Eclipse 中执行此操作的方法是:

  1. 双击服务器选项卡上的 Tomcat 实例
  2. 点击“打开启动配置”
  3. 在“参数”选项卡中,有一个 VM 参数输入文本。
  4. 附加您的参数:-Djava.security.auth.login.config="",即:

    -Djava.security.auth.login.config="D:\tomcat\7.0.50"\conf\jaas.config"

  5. 单击应用,确定并重新启动服务器
于 2014-04-22T11:43:52.493 回答
3

如果您将 Tomcat 7 作为服务运行,则不能使用 .bat 文件(不会调用它们)。

但是,您可以运行 /bin 目录中的 .EXE Tomcat7w.exe。您将看到一个带有 Java 选项卡的面板。您可以在那里添加 -D 属性(例如指向您的 jaas.config 文件)。

于 2015-07-28T19:47:51.637 回答
1

我有完全相同的问题:

javax.security.auth.login.LoginException: No LoginModules configured for OwnModule

但文件 jaas.config 的路径是正确的。我敢肯定,因为当我在 jaas.config 中出现语法错误时,我得到了异常:

java.io.IOException: Configuration Error:

我通过更改编码文件“jaas.config”解决了这个问题!首先我在 UTF-8 中创建了这个文件,然后我提到了异常。当我将编码更改为ANSI时,它一直运行没有问题!有点疯狂。

于 2015-01-09T14:11:28.970 回答