[jboss-user] [Security & JAAS/JBoss] - Need help with DynamicLoginConfig

bbernie do-not-reply at jboss.com
Thu May 3 13:41:35 EDT 2007


Hi.

I am trying to configure a very simple LDAP security domain for testing purposes.

This is my login-conig.xml file:

  | <?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | 
  | <policy>
  |     <application-policy name="ldapTest">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
  |                           flag="required">
  |                 <module-option name="java.naming.factory.initial">
  |                     com.sun.jndi.ldap.LdapCtxFactory
  |                     </module-option>
  |                 <module-option name="java.naming.provider.url">
  |                     ldap://ldapserver:389/
  |                 </module-option>
  |                 <module-option name="java.naming.security.authentication">
  |                     simple
  |                 </module-option>
  |                 <module-option name="principalDNPrefix">uid=</module-option>
  |                 <module-option name="principalDNSuffix">
  |                     ,ou=People,dc=domain,dc=net
  |                 </module-option>
  | 
  |                 <module-option name="rolesCtxDN">
  |                     ou=NetGroup,dc=domain,dc=net
  |                 </module-option>
  |                 <module-option name="uidAttributeID">uniqueMember</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option name="roleAttributeIsDN">false </module-option>
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | </policy>
  | 

I have tried placing this file in META-INF, but jboss only finds the security domain when it is defined in the global login-config.xml file.

I know that the answer to the problem is to configure DynamicLoginConfig to look for my login-config.xml file.  The problem is that I can not DynamicLoginConfig working properly.

I created a jboss-service.xml file in META-INF with the following contents:

  | <server>
  | 
  |    <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
  |                 name="jboss:service=DynamicLoginConfig">
  |         <attribute name="AuthConfig">META-INF/login-config.xml</attribute>
  | 
  |         <depends optional-attribute-name="LoginConfigService">
  |                 jboss.security:service=XMLLoginConfig
  |         </depends>
  |         
  |         <depends optional-attribute-name="SecurityManagerService">
  |                 jboss.security:service=JaasSecurityManager
  |         </depends>
  |    </mbean>
  |    
  | </server>
  | 
  | 

However, Jboss still will not load the login-config.xml file as expected.

I then continued my search on this issue, and discovered that I needed a jboss-app.xml file to load the jboss-service.xml I created.  I created one like so:

  | <?xml version="1.0" encoding="UTF-8"?>
  |      <jboss-app>   
  |        <module>
  |         <service>META-INF/jboss-service.xml</service>
  |        </module>
  |      </jboss-app>
  | 

I have tried deploying this package with jboss-app.xml file in both META-INF and in the root of the package, and either way, I can not get Jboss to load the package specific login-config.xml file.

Am I missing anything else?
Any assistance will be greatly appreciated.
Thank you in advance for any help you can offer.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4042931#4042931

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4042931



More information about the jboss-user mailing list