
-vm c:\dev\java\jdk1.6.0\binalso to see what configuration options stuck, go to menu item:
Help > About Eclipse Platform > Installation Details
here's the first one :
commons.DefaultGrailsApplication The class [<ClassName>] was not found when attempting
to load Grails application. Skipping.
the message shows up in the logs when starting the application with run-app. there are no other exceptions nor errors and the application seems to startup successfully. until you try to access the log mentioned class. in my case it was a controller and because it was skipped at startup i get a big old fat 404 when trying to access it.
the cause was that for some reason the package declaration within my controller went missing. strangely there were no compilation exceptions either. after re-adding my package declaration, all was fine. the same applies for incorrectly defined package declarations.
this article is an ammendment to the jboss negotiation project documentation and a jboss community thread. the reason for this article, is that at times i felt that the documentation was ambigiuos and on occasion also lacking some important information. so here's my take on it, which made SSO work for me...after copious hours of elbow grease i might add.
•As an example, you may want to access an SSO enabled jboss server as follows: http://jbossserver.six.com. For the purpose of the documentation to come, 'jbossserver' is referring to the machine name, 'six' is referring to the domain and 'six.com' is referring to the realm.
•Download the “JBoss Negotiation Project” (JBossNegotiation - 2.0.3.GA)
•Unpack and copy jboss-negotiation-2.0.3.GA.jar to: ${JBOSS_HOME}/server/${server_config}/lib
•Add an entry to ${JBOSS_HOME}/server/${server_config}/deployers/jbossweb.deployer/META-INF/war-deployers-jboss-beans.xml.
Within this descriptor you should see a set of authenticators defined using a property called "authenticators". Add the following entry:
<entry> <key>SPNEGO</key> <value>org.jboss.security.negotiation.NegotiationAuthenticator</value> </entry>•In order for JBoss to identify itself against a specific realm and kdc (e.g. kdserver.six.com), include the following as system properties within {jboss.home}/server/${server_config}/deploy/properties-service.xml:
<attribute name="Properties">
java.security.krb5.kdc=kdcserver.six.com
java.security.krb5.realm=SIX.COM
</attribute>
•Create an Active Directory user account e.g. jbossuser with a suitable password. Note: Do not create a user with the same name as the JBoss machine/server name (jbossserver). When creating the user, use the following properties:
a) User cannot change password (true/checked)setspn.exe -a HTTP/jbossserver.six.com@SIX.COM jbossuserThe following command can be used to list, thus confirm, the successful mapping of principal name to user account.
setspn.exe -l jbossuser•The Windows Server ktpass.exe command line utility takes the jbossuser user and maps it as a trusted host, in this case you would need to execute the following command:
ktpass -princ HTTP/jbossserver.six.com@SIX.COM -pass * -mapuser SIX\jbossuser –out•The ktab.exe (Kerberos key table manager) Java SDK Development utility is then used to export the keytab that will be used by the application server using the following command. It is strongly advised to use the same java version as used by the JBoss application server.
c:\jbossuser.http.keytab
ktab -k c:\jbossuser.http.keytab -a jbossuser@SIX.COM•The application server requires a security domain that it can use to first authenticate against the KDC. In order to configure this, a keytab will be required for the principal that represents the application server. Below is an example host security domain to be added to ${JBOSS_HOME}/server/${server_config}/conf/login-config.xml. Remember to adjust the location path of the keyTab:
<application-policy name="host">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="storeKey">true</module-option>
<module-option name="useKeyTab">true</module-option>
<module-option name="principal">HTTP/jbossserver.six.com@SIX.COM</module-option>
<module-option name="keyTab">/usr/local/jbossuser.http.keytab</module-option>
<module-option name="doNotPrompt">true</module-option>
<module-option name="debug">true</module-option>
</login-module>
</authentication>
</application-policy>
•The application also requires it's own security domain to be defined with a login module to work in connection with the NegotiationAuthenticator.
For starters, the configuration requires two property files:jdoe@SIX.COM=Users•Add the below to the ${JBOSS_HOME}/server/${server_config}/conf/login-config.xml:
<application-policy name="SPNEGO">
<authentication>
<login-module
code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
flag="requisite">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="serverSecurityDomain">host</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">props/spnego-users.properties</module-option>
<module-option name="rolesProperties">props/spnego-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
•By default Internet Explorer only performs SPNEGO authentication against sites in the 'Local intranet' zone.
- open the 'Internet Options' from the 'Tools' menui built this blogging engine with groovy & grails | source code