[jboss-user] [JBossWS] - Re: Question on Basic WS Authentication

mjhammel do-not-reply at jboss.com
Thu Jan 24 12:39:48 EST 2008 

Alessio:

In JBOSS 4.0.5GA I dropped crunch-login-config-service.xml and crunch-login-config.xml into server/default/conf in order to enable a DB based authentication.  This worked fine.  In 4.2.2GA it doesn't appear that crunch-login-config-service.xml is being seen.  The only way to get crunch-login-config.xml to be read is to manually put it into login-config.xml.  Am I missing something or is this a change to 4.2.2GA that I'll just have to live with?

Here are the contents of the two files:

crunch-login-config-service.xml

<?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE server>
  | 
  | <server>
  | 
  |         <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
  |                 <attribute name="AuthConfig">crunch-login-config.xml</attribute>
  |         <depends optional-attribute-name="LoginConfigService">jboss.security:service=XMLLoginConfig</depends>
  |         <depends optional-attribute-name="SecurityManagerService">jboss.security:service=JaasSecurityManager</depends>
  |         </mbean>
  |   
  | </server>

crunch-login-config.xml

<?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | 
  | <!--
  |     Crunch Security Realm Configuration.
  |     This file defines how authentication is determined for access to pages.
  |     This file gets copied to $JBOSS_HOME/server/default/conf by the Ant build.
  | -->
  | 
  | <policy>
  | 
  | <application-policy name = "CrunchDBRealm">
  |   <authentication>
  |     <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
  |        <module-option name = "unauthenticatedIdentity">guest</module-option>
  |        <module-option name = "dsJndiName">java:/CrunchDS</module-option>
  |        <module-option name = "principalsQuery">SELECT password FROM subscriber WHERE username=?</module-option>
  |        <module-option name = "rolesQuery">SELECT CRUNCHROLES.ROLENAME, 'Roles' FROM CRUNCHROLES, SUBSCRIBER WHERE SUBSCRIBER.USERNAME=? AND CRUNCHROLES.USERGUID=SUBSCRIBER.GUID</module-option>
  |     </login-module>
  |   </authentication>
  | </application-policy>
  | 
  | </policy>
  | 

Again, in 4.2.2GA if I copy everything between  and   in the crunch-login-config.xml into login-config.xml then authentication works as it's supposed to.  But I'd rather just drop in my own config without mucking with the JBOSS default config, if that's still possible.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4123136#4123136

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4123136

More information about the jboss-user mailing list