cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Deploying a custom login module to the J2EE engine

Former Member

on ‎07-07-2004 5:26 AM

0 Kudos

I have developed a custom login module, and want to deploy it to the SAP j2ee engine. How should I go about this ? I tried packaging it as a jar and then using the deploytool, went into user management to register the module, but when the module was invoked I got an error in the log saying "Cannot load a login module".

The way I currently deploy it is packaged with the Example Calculator, and this works. I just add my 2 java files into the web module (in com.sap.examples.calculator.beans) and it gets packaged in the war file.

Can anyone help with the "proper" way of deploying my module ?

Thanks in advance

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

former_member293232
Explorer
‎07-12-2004 11:00 AM
0 Kudos

Hi Brad,

A tutorial is being prepared for exactly the scenario you are working with. It will become part of the official documentation. Before that you can do the following:

1. deploy the login module(s) within a library (you already have done this)

2. add the class loader name of this library in Security Provider property "LoginModuleClassLoaders", for example "library:my-library"

3. register the login module(s) in security service in UME User Store, or switch of verifying of authentication stacks during deployment (switch Security Provider service property "VerifyLoginModulesOnDeploy" to "false")

4. deploy the application with the login modules specified in web-j2ee-enigne.xml

5. now it should be ok.

Show replies
Show replies
Former Member
‎07-13-2004 8:18 AM
0 Kudos

Thanks for the replies, I really appreciate it.

I didn't mention that I'm working with SAP WEB AS 6.40 preview.

This version doesn't seem to have a "LoginModuleClassLoaders" in the security provider properties. I tried adding the following to security.class-provider.xml:

<reference type="library" strength="weak">

example.com~myLoginModule

</reference>

unfortunately I'm still getting the "Cannot load a login module" in the log files.

That tutorial sounds fantastic, any idea of a time frame on it? Unfortunately I'm on a short time frame, is there any chance of getting a draft version of that tutorial ? (email bradtari@au1.ibm.com)

It would be much appreciated.

Message was edited by: Brad Tarisznyas

Former Member
‎07-13-2004 9:49 AM
0 Kudos

HI Brad,

you're right - the LoginModuleClassLoaders property exists in Web AS 6.40 SP5 or later. Web AS 6.40 Sneak Preview II is based on SP4 and that's the reason you did not find the property.

However, you did not set the reference in the right XML file. From the Configurations tree in the Configuration Adapter Service browse through the following: cluster_data -> server -> cfg -> services -> security-provider.xml and set the reference. Restart the server after you make the changes.

This should now solve the problem.

Additional hint - you can see if the reference between the Security Provider Service and your library is successfully set using the ClassLoader Viewer Service in the Visual Administrator. Just locate your library from the Components tree on the right side (Components - Libraries -> <Your Library>) and click on it. In the righthand side frame you should see all existing references from and to your library.

Good luck this time!

Former Member
‎07-15-2004 7:41 AM
0 Kudos

Ivo and Stephan,

Thanks to you both...I now have this working. You have both been a great help, without it I'd have probably torn my hair out by now

Former Member
‎07-16-2004 7:34 PM
0 Kudos

Hi Guys,

My setup is EP6.0 SP4 running on WebAS 6.4 SP5 on Win2003/MS SQL (The latest download available from SDN)

I wanted to confirm something. I am working on using a JAAS Login Module to be primarily used by iViews and the EP itself to change the EP Authentication mechanism and not really targetted to any Web Applications (EAR/JAR/WAR etc) deployed on the J2EE Engine itself. I hope the discussion that has happened in this thread applies only to Applications on J2EE engine and not for EP which might require configuration to be done on authschemes.xml similar to that in EP 6.0 SP2. Please confirm !

I have also posted a query on modifying the EP 6.0 SP4 authentication scheme using a custom JAAS login module and this could be seen in the EP Implementation forum.

Thnks in advance

.

Former Member
‎07-27-2004 11:56 PM
0 Kudos

hello Ivaylo,

i am facing a similar problem as Brad. however, after changing security-provider.xml with the reference to my login module (deployed as a library just as Brad's), i can no longer login through the Visual Administrator. it gets the following exception:

com.sap.engine.services.security.exceptions.BaseLoginException: Cannot create new RemoteLoginContext.

it is possible that i mis-typed and thus corrupted the security-provider.xml file itself. the question is: how do i restore the original security-provider.xml? i can't find the file anywhere on the file system. my guess is it is stored in the database. what would you suggest that i do at this point? do i have to reinstall the entire j2ee engine now?

thanks.

Former Member
‎07-29-2004 12:12 AM
0 Kudos

Hi Buds,

You might want to try out the following

1. Shut down all the J2EE Server and dispatcher instances.

2. open up Config Tool

3. select the 'Secure Store' (which is right below the 'cluster_data' option)

4. modify the option

'admin/password/<3 char instance name>' to set your new password.

5. start you instances and you know what to do...

V

Former Member
‎07-30-2004 8:11 AM
0 Kudos

Hi Wentao,

sorry for being a bit late with my reply but I was on a short vacation.

Anyway, I don't believe that adding the reference to the security-provider.xml can cause the problem you get.

Your guess that the XML is stored in the DB is correct. Even if you are unable to log on through the Visual Administrator, you can open the security-provider.xml for editing using the configuration editor from the Config tool. You must do the following:

1. Stop the dispatcher and server processes (However, <b>the DB must be online</b>).

2. Launch the Config tool using the <drive>:\usr\sap\J2E\JC00\j2ee\configtool\configtool.bat

3. Choose File -> Configuration Editor from the main menu of the tool. Now you get the same editor as in the Configuration Adapter service in the Visual Administrator. You know how to locate the security-provider.xml - check if there's anything wrong in there.

Hope that helps!

Regards,

Ivo

Former Member
‎07-09-2004 9:58 AM
0 Kudos

Hi Brad,

deploying the login module as a library is the right way to go. As I see from your post you've done everything, except that you are missing a reference from you application to the library that contains the login module. You can set the reference using the application-j2ee-engine.xml of your application (you need to redeploy the app after you change it). Here is a description of how to do that using the NW Developer Studio: http://help.sap.com/saphelp_nw04/helpdata/en/53/69662514eb6e46b1eb6e77ae5cf10b/frameset.htm

Hope that helps!

Show replies
Show replies
Former Member
‎07-12-2004 1:23 AM
0 Kudos

Ivaylo,

Thanks for your reply.

What I'm actually trying to do is NOT deploy my custom login module with an application. But rather deploy the jar file as a library to the J2EE engine, so that any application can use it by configuring it in their login stacks. I'm still not totally clear whether this is possible or not.

What I have currently done:

1. developed custom login module packaged as a jar in NW studio (2 class files)

2. Using deploytool I deploy the jar as a library to the j2ee engine. This works and the library shows up under the libraries section.

3. Register the login module in the user management->manage security stores section. I'm unsure if this works properly. Do I just provide the full path to the required class ? For example "com.example.myloginmodule.LoginModule"

I have a suspicion that my error of "cannot load a login module" stems from here.

4. I have then followed your step and added a reference to the libray (Hard reference) and this seems ok.

5. I configure the login module stack for the selected application (the example calculator).

6. When accessing the application, the log file reports "cannot load a login module".

I know the problem is not with the login module itself, as I have successfully used it when packaged and deployed with the application. However this solution unfortunately is not acceptable. I need to use this login module in the same fashion that the other modules are used and configured in a stackable fashion.

Former Member
‎07-12-2004 8:17 AM
0 Kudos

Hi Brad,

>

> What I'm actually trying to do is NOT deploy my

> custom login module with an application. But rather

> deploy the jar file as a library to the J2EE engine,

> so that any application can use it by configuring it

> in their login stacks. I'm still not totally clear

> whether this is possible or not.

Once again - It is possible to deploy the login module as a library to the J2EE Engine; furthermore, this is the PREFERRED way to use login modules!

>

> What I have currently done:

>

> 1. developed custom login module packaged as a jar in

> NW studio (2 class files)

>

> 2. Using deploytool I deploy the jar as a library to

> the j2ee engine. This works and the library shows up

> under the libraries section.

>

> 3. Register the login module in the user

> management->manage security stores section. I'm

> unsure if this works properly. Do I just provide the

> full path to the required class ? For example

> "com.example.myloginmodule.LoginModule"

> I have a suspicion that my error of "cannot load a

> login module" stems from here.

>

> 4. I have then followed your step and added a

> reference to the libray (Hard reference) and this

> seems ok.

>

Sorry, Brad, I've made a mistake here. You need to set a reference from the Security Provider Service to the library that contains the login module (not from the application). To do that at runtime, you'll have to use the Configuration Adapter service on the J2EE Engine. For a description of the procedure, see this page in the documentation: http://help.sap.com/saphelp_nw04/helpdata/en/dd/1e3a3e5069eb6ce10000000a114084/frameset.htm

You need to provide additional entry of the following type in the security-provider.xml file:

<reference type="library" strength="weak">

Your-library-name-here

</reference>

Regards,

Ivo.

Message was edited by: Ivaylo Ivanov

Ask a Question