[jboss-as7-dev] SPNEGO authentication fails loading configuration
Darran Lofthouse
darran.lofthouse at jboss.com
Wed Jun 8 09:06:34 EDT 2011
On 06/08/2011 01:59 PM, Bill Burke wrote:
> I have some questions as I'm writing some of my own authentication plugins.
>
> * How do you associate a login-module "code" to a class?
At the moment the security subsystem has a class called ModulesMap, in
the branch I have asked to be reviewed I have just added my LoginModules
to that class.
It does however feel like a feature that would be a good candidate to
make more dynamic so new modules can be registered as they become available.
> * You state in your wiki "Within JBoss AS7 it is not possible to
> override the authenticators as before". What do you mean by this. Do
> you mean being able to plugin your own values that can be used within
> web.xml's auth-method of login-config? I think this is something that
> needs to be added.
Yes that feature to define your own auth-method with a custom
authenticator is no longer present in AS7.
I did start a thread here "JBoss Web Custom Authenticators" but have had
no responses.
Personally I also think it should be re-instated but by using the valve
approach in the jboss-web.xml it was no longer a blocker for me.
> On 6/8/11 8:30 AM, Darran Lofthouse wrote:
>> Just a quick update on the progress here.
>>
>> I have completed the integration on AS7-770 and I am just waiting for a
>> colleague to review before I request the changes are pulled into the AS
>> repo.
>>
>> https://github.com/darranl/jboss-as/tree/issues%2FAS7-770
>>
>> In the meantime I have also created the following article with a summary
>> of the configuration differences when enabling Negotiation in AS7: -
>>
>> http://community.jboss.org/docs/DOC-16876
>>
>> Regards,
>> Darran Lofthouse.
>>
>>
>>
>> On 05/13/2011 11:39 AM, Darran Lofthouse wrote:
>>> Hello Christoph,
>>>
>>> At the moment JBoss Negotiation is very specific to the JBoss AS 4/5/6
>>> architecture - I have created the following so I can verify the
>>> behaviour in AS7: -
>>>
>>> https://issues.jboss.org/browse/AS7-770
>>>
>>> Due to the JVM requirements for AS7 I think JBoss Negotiation can be
>>> simplified a long way now.
>>>
>>> Regards,
>>> Darran Lofthouse.
>>>
>>>
>>> On 05/13/2011 09:30 AM, Christoph Gostner wrote:
>>>> Hi,
>>>>
>>>> I'm running into problems using the SPNEGO authenticator in AS7.
>>>> I created a module with the costumized picketbox jar, modified the
>>>> Authenticators.properties in jbossweb-7.0.0.CR1.jar and deployed the test
>>>> toolkit.
>>>>
>>>> At first sight the deployment process works. But testing the application,
>>>> it can't find the required login modules configured in standalone.xml.
>>>> So I debugged the complete process and compared my application with a
>>>> working
>>>> BASIC authentication jar.
>>>>
>>>> Deploying the BasicAuthentication.jar, the required configuration is set in
>>>> JaasConfigurationService.start(...). The configuration includes all the
>>>> login
>>>> modules, configured in standalone.xml.
>>>>
>>>> When I deploy the negotiation toolkit, the configuration is not set. The
>>>> authentication process tries to load the configuration in
>>>> Configuration.getConfiguration()
>>>> but a new configuration instance is created with no login modules in it.
>>>>
>>>> The authenticator is a subclass of AuthenticatorBase.
>>>> It seems that JBoss doesn't recognize that the application is JAAS enabled.
>>>>
>>>> I don't see the difference between the BASIC authentication application and
>>>> SPNEGO toolkit. Has somebody an explanation for this phenomenon?
>>>>
>>>> Christoph
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> jboss-as7-dev mailing list
>>>> jboss-as7-dev at lists.jboss.org
>>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>>
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> jboss-as7-dev at lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>
More information about the jboss-as7-dev
mailing list