Custom realm in Glassfish 4: login module not found

StackOverflow https://stackoverflow.com/questions/23566816

Frage

I am trying to create a custom realm and login module for Glassfish 4.

I followed the procedure outlined in The glassfish 4 Application Development Guide p. 4-6, "Creating a Custom Realm".

I also followed the steps in this article.

I created a loginModule that extends com.sun.appserv.security.AppservPasswordLoginModule.

I created a realm (SaltRealm) that extends com.sun.appserv.security.AppservRealm.

I compile to a jar, and placed the jar in glassfish4\glassfish\domains\domain1\lib.

I added this to \glassfish4\glassfish\domains\domain1\config\login.conf:

saltRealm {
   com.example.LoginModule required;
};

I added to \glassfish4\glassfish\domains\domain1\config\domain.xml:

   <auth-realm classname="com.example.SaltRealm" name="saltRealm">
      <property name="jaas-context" value="saltRealm"></property>
    </auth-realm>

And I added a section in web.xml to use saltRealm.

<login-config>
    <auth-method>FORM</auth-method>
    <realm-name>saltRealm</realm-name>
    <form-login-config>
        <form-login-page>/login.xhtml</form-login-page>
        <form-error-page>/error.xhtml</form-error-page>
    </form-login-config>
</login-config>

It looks like the saltRealm class is found (I can tell that the constructor runs).

However, it seems that the login module is not found. I get this warning:

WEB9102: Web Login Failed: com.sun.enterprise.security.auth.login.common.LoginException: Login failed: Invalid null input: name

I'm not sure what I'm missing here.

War es hilfreich?

Lösung

I have had similar issues following very similar instructions until some research pulled up one missing piece.

You should make sure you are overriding getJAASContext() from IASRealm. This isn't an abstract method but you need to override it as the return value is used to map the realm to the login module. So getJAASContext() should return the name of the realm you are using in your login.conf.

In your case that will be:

@Override
public String getJAASContext(){
    return "saltRealm";
}

Andere Tipps

The snippets you posted seem correct. To debug your problem you can launch Glassfish in debug mode and set breakpoints in your login module.

As alternative enable detailled login of your realm in the glassfish console:

Configurations - server-config - Logger Settings - Log Levels - javax.enterprise.system.core.security
Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit StackOverflow
scroll top