[jboss-user] [Security & JAAS/JBoss] - Re: JBoss won't load login-config from webapp

alllle do-not-reply at jboss.com
Wed Jul 16 00:33:00 EDT 2008 

"celle2006" wrote : Hi oozoo!
  | 
  | I think you forgot to set the realm-name to value MyTestApp. 
  | 
  | Greetz celle2006

Hi, just want to post a quick comment to see if it will help.

I think the realm element in web.xml file is only used to prompt for user name and password in the HTTP BASIC auth. It has nothing to do with the JBoss security domain. 

I think the problem is that the META-INF/login-config.xml is just a config file you put there and nothing instructs JBoss to load it. J2EE spec does not specify this file, this is a JBoss specific thing. and JBoss is only loading this file from the server_config/conf/ folder. 

So either you merge your policy into the server_config/conf/login-config.xml file, or you can do the following (not tested):

jboss-app.xml:

  | <?xml version="1.0" encoding="UTF-8"?>
  | <jboss-app>   
  |    <module>
  |       <service>jboss-service.xml</service>
  |    </module>
  | </jboss-app>
  | 

jboss-service.xml

  | <?xml version="1.0" encoding="UTF-8"?>
  | <server>   
  |    <!-- hooking in a login module for the standalone version of JSF Forums -->
  |     <!-- The custom JAAS login configuration that installs 
  |        a Configuration capable of dynamically updating the
  |        config settings
  |    -->
  |    <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
  |       name="jboss.security.tests:service=LoginConfig">
  |       <attribute name="AuthConfig">META-INF/security-config.xml</attribute>
  |       <depends optional-attribute-name="LoginConfigService">
  |          jboss.security:service=XMLLoginConfig
  |       </depends>
  |       <depends optional-attribute-name="SecurityManagerService">
  |          jboss.security:service=JaasSecurityManager
  |       </depends>
  |    </mbean>
  | </server>
  | 

and a META-INF/security-config.xml:

  | <?xml version='1.0'?>
  | <!DOCTYPE policy PUBLIC
  |       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
  |       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
  | <policy>
  | <application-policy name="MyTestApp">
  | 
  | <!-- Active directory configuration -->
  | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
  | <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  | (..)
  | 
  | 
  | <module-option name="roleFilter">(member={1})</module-option>
  | <module-option name="roleAttributeID">memberOf</module-option>
  | <module-option name="roleAttributeIsDN">true</module-option>
  | <module-option name="roleNameAttributeID">cn</module-option>
  | <module-option name="password-stacking">useFirstPass</module-option>
  | </login-module>
  | <!-- database configuration -->
  | <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
  | <module-option name="password-stacking">useFirstPass</module-option>
  | 
  | (..)
  | 
  | </login-module>
  | 
  | </application-policy> 
  | </policy>
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4164641#4164641

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4164641

More information about the jboss-user mailing list