Login/Register
does red5 read tomcat-users.xml
Asked Answered
Solved javatomcatred5web.xmldigest-authentication
B

2

6

I have been busy creating an app for Red5. Imagine what was my surprise when I tried to configure basic/digest authentication and I couldn't. What struck me as strange is that I have a running tomcat instance that works and authenticates correctly with the following xmls:

web.xml (part of)

<security-constraint>
        <web-resource-collection>
            <web-resource-name>A Protected Page</web-resource-name>
            <url-pattern>/stats.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>tomcat</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>DIGEST</auth-method>
        <realm-name>BLAAAAAAAAAAAAAAAAA</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>tomcat</role-name>
    </security-role>

and a tomcat-users.xml in /conf that looks kinda like this:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
  <role rolename="tomcat"/>
  <user username="ide" password="bogus" roles="tomcat"/>
</tomcat-users>

The annoying thing is that configuration authenticates correctly when on tomcat's servlet container, but on the red5's modified one, it just keeps asking for authentication. Am I becoming mad or it should work like a charm?

  1. Red5 is version 0_9_1
  2. The stats.jsp is accessible in both servlet containers, the only difference is that when you input the correct password and username in tomcat, you are logged in, and in red5 you are not, it just keeps asking you for the password.

Any pointers? Am I missing something?

Here is a stack trace of the error I receive AT the moment I try the login:

Caused by: java.io.IOException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) [na:1.6.0_22]
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) [na:1.6.0_22]
        ... 27 common frames omitted
[ERROR] [http-127.0.0.1-5080-1] org.apache.catalina.realm.JAASRealm - Cannot find message associated with key jaasRealm.unexpectedError
java.lang.SecurityException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) [na:1.6.0_22]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [na:1.6.0_22]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) [na:1.6.0_22]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) [na:1.6.0_22]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513) [na:1.6.0_22]
        at java.lang.Class.newInstance0(Class.java:355) [na:1.6.0_22]
        at java.lang.Class.newInstance(Class.java:308) [na:1.6.0_22]
        at javax.security.auth.login.Configuration$3.run(Configuration.java:247) [na:1.6.0_22]
        at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_22]
        at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) [na:1.6.0_22]
        at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext.init(LoginContext.java:234) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) [na:1.6.0_22]
        at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:394) [catalina-6.0.24.jar:na]
        at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:357) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.DigestAuthenticator.findPrincipal(DigestAuthenticator.java:283) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.DigestAuthenticator.authenticate(DigestAuthenticator.java:176) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:523) [catalina-6.0.24.jar:na]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina-6.0.24.jar:na]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina-6.0.24.jar:na]
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) [catalina-6.0.24.jar:na]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina-6.0.24.jar:na]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina-6.0.24.jar:na]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) [tomcat-coyote-6.0.24.jar:na]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) [tomcat-coyote-6.0.24.jar:na]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote-6.0.24.jar:na]
        at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]
Caused by: java.io.IOException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) [na:1.6.0_22]
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) [na:1.6.0_22]
        ... 27 common frames omitted

In addition, here is the configuration of red5-web.properties

webapp.contextPath=/project

Even futher information:

Seems to me like it is using the right realm: MemoryRealm

[INFO] [main] org.red5.server.tomcat.TomcatLoader - Setting connector: org.apache.catalina.connector.Connector
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Address to bind: /127.0.0.1:5080
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Setting realm: org.apache.catalina.realm.MemoryRealm
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Loading tomcat context
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Server root: C:/Program Files/Red5
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Config root: C:/Program Files/Red5/conf
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Application root: C:/Program Files/Red5/webapps
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Starting Tomcat servlet engine
[INFO] [main] org.apache.catalina.startup.Embedded - Starting tomcat server
[INFO] [main] org.apache.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/6.0.26

However, immediately after bootstraping Tomcat, I am presented with the following error:

    Exception in thread "Launcher:/administration" org.springframework.beans.factory.BeanDefinitionStoreException: Could not resolve bean definition resource pattern [/WEB-INF/red5-*.xml]; nested exception is java.io.FileNotFoundException: ServletContext resource [/WEB-INF/] cannot be resolved to URL because it does not exist
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:190)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93)
        at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
        at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:458)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:388)
        at org.red5.server.tomcat.TomcatLoader$1.run(TomcatLoader.java:594)
Caused by: java.io.FileNotFoundException: ServletContext resource [/WEB-INF/] cannot be resolved to URL because it does not exist
        at org.springframework.web.context.support.ServletContextResource.getURL(ServletContextResource.java:132)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.isJarResource(PathMatchingResourcePatternResolver.java:414)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.findPathMatchingResources(PathMatchingResourcePatternResolver.java:343)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.getResources(PathMatchingResourcePatternResolver.java:282)
        at org.springframework.context.support.AbstractApplicationContext.getResources(AbstractApplicationContext.java:1156)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:177)
        ... 7 more

This error is kinda strange, because after this it seems that /WEB-INF/ is found by the rest of the program by the following output:

[INFO] [Launcher:/SOSample] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/installer] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/LiveMedia] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]

What really annoys me is that, as you can see in the output, when I try to login, I get a JAASRealm-related exception, but in the debug output when Tomcat is loading, it is clear to me that it expects a MemoryRealm. I was wondering where and how in red5.xml should I specify bean properties such that I force red5 to use MemoryRealm that is under /conf/tomcat-users.xml, because it certainly doesn't do so now.

It seems like the biggest question I have posted so far, but I tried to explain it as fully as possible as to avoid confusion.

Brahe answered 6/1, 2011 at 15:34 Comment(4)
Not really an answer to your question... but might help you get there. Seems like it's looking for the WEB-INF or another file somewhere unexpected. Since you're on Windows... should give Process Monitor a try & filter on WEB-INF. Should be able to see if your config files are being accessed/read, also should be able to catch any failed read attempts pointing you to wherever it might be mistakenly trying to read from. Of course it won't help if it's trying to read the files from a jar. -Good LuckSike
Well I did it and it seems it gets parsed after red5 bootstraps. However, when I have a client login, the files don't get parsed again. Do you know the internals of tomcat? Should it parse the file each time a client tries to authenticate, or should the file be parsed once, when the application is deployed ?Brahe
Hi, I'm not a tomcat expert - but I'd expect the files to be read initially on boot (or first login) and not on each login attempt (only potentially being read again if the file was changed). Did you see any failed read attempts in Process Monitor for the WEB-INF directory referenced in the stacktrace ?Sike
Procmon dosnt find any failed read attempt, however, in the stack trace above you can clearly see that it failed to find something in the security configuration.Brahe
O
2

For Red5 0.9, try adding this node to your tomcat.server bean.

<property name="realm">
    <bean class="org.apache.catalina.realm.MemoryRealm" lazy-init="true">
        <property name="pathname" value="conf/tomcat-users.xml" />
    </bean>
</property>

If the xml is still not found (try a full path) or the realm property doesn't allow you to set it, I would suggest that you upgrade to 1.0.

Oller answered 4/8, 2011 at 2:47 Comment(1)
Thanks, will try soon as I have a little time.Brahe
H
0

I've seen this problem numerous times, and, on our systems, it was typically hiding a configuration issue. Are you sure that all of the relevant paths are set, so that all of your libraries can be properly accessed?

Also, the resource pattern syntax, that seems a bit broken, can you replace that configuration setting with a list of all of the files, instead?

Harar answered 21/1, 2011 at 2:13 Comment(2)
What do you mean by "configuration setting with a list of all of the files, instead?" Do you suggest to add manually resources as under the <url-pattern> tag?Brahe
The issue is still open by the way as I could not find any difference whether i manually load resources or leave the file as it is.Brahe

© 2022 - 2024 — McMap. All rights reserved.