[jboss-user] [Security & JAAS/JBoss] - UsersRolesLoginModule config error (4.2.1)

[janekindred@yahoo.com]

Hi,
so I started with this page:
http://wiki.jboss.org/wiki/Wiki.jsp?page=CreateASimpleSecurityDomainForJBossSX, which took me to 
http://wiki.jboss.org/wiki/Wiki.jsp?page=SecureAWebApplicationInJBoss
I have a file named jboss-web.xml in my WEB-INF that contains:

<security-domain>java:/jaas/bfcCheck</security-domain>

Problem is that in the jmx-console, JNDIView, I don't see a java:/jaas/bfcCheck

But the above web page says otherwise.

In login-config.xml (jboss-4.2.1.GA\server\default\conf\) I have added 

    <application-policy name = "bfcCheck">
       
          <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required">
           <module-option name="usersProperties">props/bfcCheck-users.properties</module-option>
           <module-option name="rolesProperties">props/bfcCheck-roles.properties</module-option>
          </login-module>
       
    </application-policy>

And i configured my web.xml correctly - used BASIC auth-method.
When I request a security-constrained resource, I'm asked for user&passw, but after I hit enter the jboss log says (although I have the properties files in place):

[UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
	at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315)


I guess the problem is with the JNDI not having registered java:/jaas/bfcCheck
Can anybody help me please?

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4081846#4081846

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4081846