Jetspeed 2
  1. Jetspeed 2
  2. JS2-749

Jetspeed Login Module fails to load on Windows in directories with spaces in the path

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Won't Fix
    • Affects Version/s: 2.2.0
    • Fix Version/s: 2.2.0
    • Component/s: Security
    • Labels:
      None
    • Environment:
      Windows

      Description

      Jetspeed Login Module fails to load on Windows in directories with spaces in the path
      It appears that we are breaking the Login Module on Windows when there are spaces in the path to the login module configuration file that Jetspeed provides, and is put into the work area of the application server. The problem is the Java class loader encodes the space, but then the file system does not understand the encoding (%20). If we do not encode the space, the file system correctly finds the resource. This change should be tested on all major file systems before committing.

        Activity

        Hide
        David Sean Taylor added a comment -

        I have to prioritize this one

        Show
        David Sean Taylor added a comment - I have to prioritize this one
        Hide
        Ate Douma added a comment -

        Aaron Evans provided a solution on the jetspeed-user list which we maybe can to solve it for the default provided login.conf too:
        (note, I didn't test this myself yet)

        Aaron Evans wrote:
        > Ok, I figured out a solution to this (that is, how to configure your
        > custom Login Module even if your tomcat is installed to a path with
        > spaces).
        >
        > What you can do is put your login.conf file in a jar file that you
        > install in jetspeed/WEB-INF/lib.
        >
        > So say you put the file under a package like com.mycompany.security.impl.
        >
        > Then in security-providers.xml, configure the "location" of your
        > login.conf to be:
        >
        > com/mycompany/security/impl/login.conf
        >
        > The file URL with the absolute path will then get constructed
        > correctly and your login module will be found.
        >
        > The URL will actually end up being something like:
        >
        > file:$

        {CATALINA_HOME}/work/Catalina/localhost/jetspeed/loader/com/mycompany/security/impl/login.conf
        >
        > Where ${CATALINA_HOME}

        is the absolute path to your tomcat installation.
        >
        > -aaron
        >

        Show
        Ate Douma added a comment - Aaron Evans provided a solution on the jetspeed-user list which we maybe can to solve it for the default provided login.conf too: (note, I didn't test this myself yet) Aaron Evans wrote: > Ok, I figured out a solution to this (that is, how to configure your > custom Login Module even if your tomcat is installed to a path with > spaces). > > What you can do is put your login.conf file in a jar file that you > install in jetspeed/WEB-INF/lib. > > So say you put the file under a package like com.mycompany.security.impl. > > Then in security-providers.xml, configure the "location" of your > login.conf to be: > > com/mycompany/security/impl/login.conf > > The file URL with the absolute path will then get constructed > correctly and your login module will be found. > > The URL will actually end up being something like: > > file:$ {CATALINA_HOME}/work/Catalina/localhost/jetspeed/loader/com/mycompany/security/impl/login.conf > > Where ${CATALINA_HOME} is the absolute path to your tomcat installation. > > -aaron >
        Hide
        Vivek Kumar added a comment -

        We have tested this bug in different platform and scenario, this seems to be an issue while loading jaas configuration file from java or tomcat. I have even opened issue with tomcat for there response on this (https://issues.apache.org/bugzilla/show_bug.cgi?id=45975)

        I am marking this issue resolved, as in default setup of jetspeed-2, we packaged our jaas configuration file in jar. This is current work around for loading jaas configuration,if you have installed tomcat in directory which have spaces.

        Show
        Vivek Kumar added a comment - We have tested this bug in different platform and scenario, this seems to be an issue while loading jaas configuration file from java or tomcat. I have even opened issue with tomcat for there response on this ( https://issues.apache.org/bugzilla/show_bug.cgi?id=45975 ) I am marking this issue resolved, as in default setup of jetspeed-2, we packaged our jaas configuration file in jar. This is current work around for loading jaas configuration,if you have installed tomcat in directory which have spaces.
        Hide
        Frank Otto added a comment -

        I have the same problem with jetspeed 2.2.0.

        My tomcat folder is: C:\Programme\Tomcat Server\ and I get following error on jetspeed:

        java.lang.SecurityException: C:\Programme\Tomcat%20Server\work\Catalina\localhost\jetspeed\loader\login.conf (Das System kann den angegebenen Pfad nicht finden)

        I solved this by writing my own AuthenticationProvider with a workaround for jetspeeds BaseAuthenticationProvider:

        File file = new File(loginConfigUrl.toURI());
        ...
        System.setProperty("java.security.auth.login.config", file.getAbsolutePath());

        Hope this helps...

        kind regards,

        F.O.

        Show
        Frank Otto added a comment - I have the same problem with jetspeed 2.2.0. My tomcat folder is: C:\Programme\Tomcat Server\ and I get following error on jetspeed: java.lang.SecurityException: C:\Programme\Tomcat%20Server\work\Catalina\localhost\jetspeed\loader\login.conf (Das System kann den angegebenen Pfad nicht finden) I solved this by writing my own AuthenticationProvider with a workaround for jetspeeds BaseAuthenticationProvider: File file = new File(loginConfigUrl.toURI()); ... System.setProperty("java.security.auth.login.config", file.getAbsolutePath()); Hope this helps... kind regards, F.O.

          People

          • Assignee:
            Vivek Kumar
            Reporter:
            David Sean Taylor
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development