[jboss-user] [Security & JAAS/JBoss] - Problems to integrate CustomLoginModule
petersî
do-not-reply at jboss.com
Thu Jul 20 04:41:12 EDT 2006
Hi,
we would like to use our own login module to authenticate consumers and providers with our SOA-based infrastructure and I have the impression that Jboss totally ignores the custom login modules and instead uses it own
Im using by the way JBoss 4.0.4. RC1 with JDK 1.5
I have set up following sbb-login-config-xml
| <?xml version='1.0'?>
| <!DOCTYPE policy PUBLIC
| "-//JBoss//DTD JBOSS Security Config 3.0//EN"
| "http://www.jboss.org/j2ee/dtd/security_config.dtd">
|
| <!-- The XML based JAAS login configuration read by the
| org.jboss.security.auth.login.XMLLoginConfig mbean. Add
| an application-policy element for each security domain.
|
| The outline of the application-policy is:
| <application-policy name="security-domain-name">
| <authentication>
| <login-module code="login.module1.class.name" flag="control_flag">
| <module-option name = "option1-name">option1-value</module-option>
| <module-option name = "option2-name">option2-value</module-option>
| ...
| </login-module>
|
| <login-module code="login.module2.class.name" flag="control_flag">
| ...
| </login-module>
| ...
| </authentication>
| </application-policy>
|
| -->
| <policy>
| <application-policy name="auth-id-password">
| <authentication>
| <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
| flag="required">
| <module-option name="auth-type">auth-id-password</module-option>
| <module-option name="container-type">JBOSS</module-option>
| <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name="auth-principal">
| <authentication>
| <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
| flag="required">
| <module-option name="auth-type">auth-principal</module-option>
| <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| <application-policy name="auth-token-checking">
| <authentication>
| <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
| flag="required">
| <module-option name="auth-type">auth-token-password</module-option>
| <module-option name="container-type">JBOSS</module-option>
| <module-option name="reauthentication">true</module-option>
| <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
| </policy>
|
Im using this service.xml to startup the config
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server>
sbb-login-config.xml
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager
The Jar file for the login module is in the server/lib. Is this the best way to put it ? Or do i need to put it in a jar file ?
It seems that on startup the jar file can be accessed and is loaded.
The security domain is set in the relevant DDs .
According to the log is seems to be able to read my login-config file and reads out the security domains. But somehow its now able to use it and I dont get any error message because of it .
by the way Im using it own server side and not on client side not als client login module but this is also something we consider .
Any hints and tips ?
Thx and rgds,
Iris
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3959477#3959477
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3959477
More information about the jboss-user
mailing list