Deploying Drools Guvnor – java.lang.SecurityException: Unable to locate a login configuration

This other day I was deploying jBoss Drools Guvnor on Tomcat 6.0.20 on Linux and when I tried to log in to Drools Guvnor I received this error:

//catalina.log

ERROR 11-03 09:41:55,522 (LoggingHelper.java:error:76) 	 Service method 'public abstract org.drools.guvnor.client.rpc.UserSecurityContext org.drools.guvnor.client.rpc.SecurityService.getCurrentUser()' threw an unexpected exception: java.lang.SecurityException: Unable to locate a login configuration
java.lang.SecurityException: Unable to locate a login configuration
	at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
	at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
	at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
	at java.lang.Class.newInstance0(Class.java:355)
	at java.lang.Class.newInstance(Class.java:308)
	at javax.security.auth.login.Configuration$3.run(Configuration.java:246)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:241)
	at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.login.LoginContext.init(LoginContext.java:234)
	at javax.security.auth.login.LoginContext.<init>(LoginContext.java:367)
	at javax.security.auth.login.LoginContext.<init>(LoginContext.java:444)
	at org.jboss.seam.security.Identity.getLoginContext(Identity.java:406)
	at org.jboss.seam.security.Identity.authenticate(Identity.java:324)
	at org.drools.guvnor.server.security.SecurityServiceImpl.checkAutoLogin(SecurityServiceImpl.java:129)
	at org.drools.guvnor.server.security.SecurityServiceImpl.getCurrentUser(SecurityServiceImpl.java:109)
	at org.drools.guvnor.server.SecurityServiceServlet.getCurrentUser(SecurityServiceServlet.java:65)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at com.google.gwt.user.server.rpc.RPC.invokeAndEncodeResponse(RPC.java:562)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processCall(RemoteServiceServlet.java:188)
	at com.google.gwt.user.server.rpc.RemoteServiceServlet.processPost(RemoteServiceServlet.java:224)
	at com.google.gwt.user.server.rpc.AbstractRemoteServiceServlet.doPost(AbstractRemoteServiceServlet.java:62)

In all that, the key part is this:  java.lang.SecurityException: Unable to locate a login configuration.

For my Drools Guvnor deployment, the login configuration is specified in the “drools_jaas_tomcat.config” file.  I had placed that file in the <TOMCAT_HOME>/conf directory.  But I needed to tell Tomcat to look there by adding a “java.security.auth.login.config” command line argument to the JAVA_OPTS.

I did this by creating a setenv.sh script in my <TOMCAT_HOME>/bin directory.  By default, Tomcat will run a setenv.sh script during startup to set additional environment variables.

// <TOMCAT_HOME>/bin/setenv.sh

export DOMAIN_HOME="/opt/apache-tomcat-6.0.20"
export JAVA_OPTS="-Xms128m -Xmx256m -XX:PermSize=48m -XX:MaxPermSize=128m -Djava.security.auth.login.config=${DOMAIN_HOME}/conf/drools_jaas_tomcat.config"
Advertisements

About stevewall123

I am a Lead Software Engineer in Minneapolis working for Thomson Reuters. I am currently working on projects using Java, JavaScript, Spring, Drools, Hazelcast, Liquibase and Tomcat. Previously, I used C#, GWT, Grails, Groovy, JMS and JBoss Drools Guvnor. In the past I have worked on projects using J2EE, Swing, Webwork, Hibernate, Spring, Spring-WS, JMS, JUnit and Ant.
This entry was posted in Drools Guvnor and tagged , . Bookmark the permalink.

3 Responses to Deploying Drools Guvnor – java.lang.SecurityException: Unable to locate a login configuration

  1. Pingback: Deploying Drools Guvnor – javax.security.auth.login.LoginException: unable to find LoginModule | Banging My Head Against the Wall

  2. Christoph says:

    Hi stevewall123, I’m stuck to the same problem and have no idea how to write my drools_jaas_tomcat.config. could you serve an example from your config please?

    best,
    christoph

    • stevewall123 says:

      Sorry for the slow reply. I needed to find it on an old project I worked on. Here it is:


      //drools_jaas_tomcat.config
      Drools.Config {
      com.sun.security.auth.module.LdapLoginModule REQUIRED
      userProvider="ldap://12.34.56.789:389/ou=DroolsUsers,ou=OuVaue,dc=DcValue,dc=dcvalue"
      groupProvider="ldap://12.34.56.789:389/ou=main,ou=OuVaue,dc=DcValue,dc=dcvalue"
      authIdentity="{USERNAME}"
      userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))"
      useSSL=false
      debug=false;
      };

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s