Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

does red5 read tomcat-users.xml

I have been busy creating an app for Red5. Imagine what was my surprise when I tried to configure basic/digest authentication and I couldn't. What struck me as strange is that I have a running tomcat instance that works and authenticates correctly with the following xmls:

web.xml (part of)

<security-constraint>
        <web-resource-collection>
            <web-resource-name>A Protected Page</web-resource-name>
            <url-pattern>/stats.jsp</url-pattern>
        </web-resource-collection>
        <auth-constraint>
            <description/>
            <role-name>tomcat</role-name>
        </auth-constraint>
    </security-constraint>
    <login-config>
        <auth-method>DIGEST</auth-method>
        <realm-name>BLAAAAAAAAAAAAAAAAA</realm-name>
    </login-config>
    <security-role>
        <description/>
        <role-name>tomcat</role-name>
    </security-role>

and a tomcat-users.xml in /conf that looks kinda like this:

<?xml version="1.0" encoding="UTF-8"?>
<tomcat-users>
  <role rolename="tomcat"/>
  <user username="ide" password="bogus" roles="tomcat"/>
</tomcat-users>

The annoying thing is that configuration authenticates correctly when on tomcat's servlet container, but on the red5's modified one, it just keeps asking for authentication. Am I becoming mad or it should work like a charm?

  1. Red5 is version 0_9_1
  2. The stats.jsp is accessible in both servlet containers, the only difference is that when you input the correct password and username in tomcat, you are logged in, and in red5 you are not, it just keeps asking you for the password.

Any pointers? Am I missing something?

Here is a stack trace of the error I receive AT the moment I try the login:

Caused by: java.io.IOException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) [na:1.6.0_22]
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) [na:1.6.0_22]
        ... 27 common frames omitted
[ERROR] [http-127.0.0.1-5080-1] org.apache.catalina.realm.JAASRealm - Cannot find message associated with key jaasRealm.unexpectedError
java.lang.SecurityException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:93) [na:1.6.0_22]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) [na:1.6.0_22]
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) [na:1.6.0_22]
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) [na:1.6.0_22]
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513) [na:1.6.0_22]
        at java.lang.Class.newInstance0(Class.java:355) [na:1.6.0_22]
        at java.lang.Class.newInstance(Class.java:308) [na:1.6.0_22]
        at javax.security.auth.login.Configuration$3.run(Configuration.java:247) [na:1.6.0_22]
        at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_22]
        at javax.security.auth.login.Configuration.getConfiguration(Configuration.java:242) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext$1.run(LoginContext.java:237) [na:1.6.0_22]
        at java.security.AccessController.doPrivileged(Native Method) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext.init(LoginContext.java:234) [na:1.6.0_22]
        at javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) [na:1.6.0_22]
        at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:394) [catalina-6.0.24.jar:na]
        at org.apache.catalina.realm.JAASRealm.authenticate(JAASRealm.java:357) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.DigestAuthenticator.findPrincipal(DigestAuthenticator.java:283) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.DigestAuthenticator.authenticate(DigestAuthenticator.java:176) [catalina-6.0.24.jar:na]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:523) [catalina-6.0.24.jar:na]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) [catalina-6.0.24.jar:na]
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [catalina-6.0.24.jar:na]
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:555) [catalina-6.0.24.jar:na]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [catalina-6.0.24.jar:na]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298) [catalina-6.0.24.jar:na]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852) [tomcat-coyote-6.0.24.jar:na]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588) [tomcat-coyote-6.0.24.jar:na]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489) [tomcat-coyote-6.0.24.jar:na]
        at java.lang.Thread.run(Thread.java:662) [na:1.6.0_22]
Caused by: java.io.IOException: Unable to locate a login configuration
        at com.sun.security.auth.login.ConfigFile.init(ConfigFile.java:250) [na:1.6.0_22]
        at com.sun.security.auth.login.ConfigFile.<init>(ConfigFile.java:91) [na:1.6.0_22]
        ... 27 common frames omitted

In addition, here is the configuration of red5-web.properties

webapp.contextPath=/project

Even futher information:

Seems to me like it is using the right realm: MemoryRealm

[INFO] [main] org.red5.server.tomcat.TomcatLoader - Setting connector: org.apache.catalina.connector.Connector
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Address to bind: /127.0.0.1:5080
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Setting realm: org.apache.catalina.realm.MemoryRealm
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Loading tomcat context
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Server root: C:/Program Files/Red5
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Config root: C:/Program Files/Red5/conf
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Application root: C:/Program Files/Red5/webapps
[INFO] [main] org.red5.server.tomcat.TomcatLoader - Starting Tomcat servlet engine
[INFO] [main] org.apache.catalina.startup.Embedded - Starting tomcat server
[INFO] [main] org.apache.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/6.0.26

However, immediately after bootstraping Tomcat, I am presented with the following error:

    Exception in thread "Launcher:/administration" org.springframework.beans.factory.BeanDefinitionStoreException: Could not resolve bean definition resource pattern [/WEB-INF/red5-*.xml]; nested exception is java.io.FileNotFoundException: ServletContext resource [/WEB-INF/] cannot be resolved to URL because it does not exist
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:190)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:149)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:93)
        at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:130)
        at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:458)
        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:388)
        at org.red5.server.tomcat.TomcatLoader$1.run(TomcatLoader.java:594)
Caused by: java.io.FileNotFoundException: ServletContext resource [/WEB-INF/] cannot be resolved to URL because it does not exist
        at org.springframework.web.context.support.ServletContextResource.getURL(ServletContextResource.java:132)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.isJarResource(PathMatchingResourcePatternResolver.java:414)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.findPathMatchingResources(PathMatchingResourcePatternResolver.java:343)
        at org.springframework.core.io.support.PathMatchingResourcePatternResolver.getResources(PathMatchingResourcePatternResolver.java:282)
        at org.springframework.context.support.AbstractApplicationContext.getResources(AbstractApplicationContext.java:1156)
        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:177)
        ... 7 more

This error is kinda strange, because after this it seems that /WEB-INF/ is found by the rest of the program by the following output:

[INFO] [Launcher:/SOSample] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/installer] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]
[INFO] [Launcher:/LiveMedia] org.springframework.beans.factory.config.PropertyPlaceholderConfigurer - Loading properties file from ServletContext resource [/WEB-INF/red5-web.properties]

What really annoys me is that, as you can see in the output, when I try to login, I get a JAASRealm-related exception, but in the debug output when Tomcat is loading, it is clear to me that it expects a MemoryRealm. I was wondering where and how in red5.xml should I specify bean properties such that I force red5 to use MemoryRealm that is under /conf/tomcat-users.xml, because it certainly doesn't do so now.

It seems like the biggest question I have posted so far, but I tried to explain it as fully as possible as to avoid confusion.

like image 940
Nikola Yovchev Avatar asked Jan 06 '11 15:01

Nikola Yovchev


1 Answers

For Red5 0.9, try adding this node to your tomcat.server bean.

<property name="realm">
    <bean class="org.apache.catalina.realm.MemoryRealm" lazy-init="true">
        <property name="pathname" value="conf/tomcat-users.xml" />
    </bean>
</property>

If the xml is still not found (try a full path) or the realm property doesn't allow you to set it, I would suggest that you upgrade to 1.0.

like image 55
Paul Gregoire Avatar answered Oct 01 '22 22:10

Paul Gregoire