0

Hi I have configured my application for basic authentication on Jboss7 like below.

Added the security domain in standalone.xml of Jboss like below.

<security-domain name="BasicAuthWebAppPolicy" cache-type="default">
                    <authentication>
                        <login-module code="RealmUsersRoles" flag="required">
                            <module-option name="usersProperties" value="basicSecurityWebApp-users.properties"/>
                            <module-option name="rolesProperties" value="basicSecurityWebApp-roles.properties"/>
                        </login-module>
                    </authentication>
                </security-domain>

In web.xml file I have the configuration like below.

<security-constraint>
            <web-resource-collection>
                <web-resource-name>MySecureResources</web-resource-name>
                <description>Some Description</description>
                <url-pattern>/secured/*</url-pattern>
                <http-method>GET</http-method>
                <http-method>POST</http-method>
            </web-resource-collection>
            <auth-constraint>
                <role-name>TestRole</role-name>
            </auth-constraint>
        </security-constraint>
        <login-config>
            <auth-method>BASIC</auth-method>
        </login-config>
        <security-role>
            <role-name>TestRole</role-name>
        </security-role>

My jboss-web.xml is having contents.

<?xml version="1.0"?>
    <!DOCTYPE jboss-web PUBLIC
            "-//JBoss//DTD Web Application 5.0//EN"
            "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
    <jboss-web>
        <security-domain>java:/jaas/BasicAuthWebAppPolicy</security-domain>
        <context-root>/basicSecurityWebApp</context-root>
    </jboss-web>

Also I have the properties file added in the path WEB-INF/classes. The user file contains TestUserOne=TestPassword and the role file contains TestUserOne=TestRole When I enter the suer name and password I am getting the below error in jboss logs.

0:18:07,162 ERROR [org.jboss.security.authentication.JBossCachedAuthenticationMnager] (http--127.0.0.1-8080-1) Login failure: javax.security.auth.login.LoginE ception: java.lang.NullPointerException at org.jboss.sasl.util.UsernamePasswordHashUtil.stringToByte(UsernamePaswordHashUtil.java:86) at org.jboss.sasl.util.UsernamePasswordHashUtil.generateHashedURP(UsernaePasswordHashUtil.java:131)

Please let me know what is the issue with my configuration.

robin
  • 1,893
  • 1
  • 18
  • 38

1 Answers1

0

The method which is causing the exception is trying to access a null object. Looking at source code of UsernamePasswordHashUtil.java here, "realm" is null.

You probably need to do additional configuration to make it work. For instance, adding the following line in your web.xml :

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>ApplicationRealm</realm-name>
</login-config>

Then add users to ApplicationRealm like explained here

Community
  • 1
  • 1
Ahmed M
  • 71
  • 1
  • 4