[jboss-user] [Security & JAAS/JBoss] - Re: Problem with Dynamic Login Config on JBoss 5.0.1

Plukh do-not-reply at jboss.com
Mon May 25 09:48:23 EDT 2009 

I'm trying the new simpler approach and can't seem to get my application to work (old DynamicLoginConfig way worked fine).

Here's what I'm doing:

WEB-INF/jboss-web.xml (in the web module)

  | <?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN"
  |         "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
  | <jboss-web>
  |     <security-domain>java:/jaas/gameportal</security-domain>
  | </jboss-web>
  | 

META-INF/gameportal-jboss-beans.xml (in ear)

  | <?xml version="1.0" encoding="UTF-8"?>
  | 
  | <deployment xmlns="urn:jboss:bean-deployer:2.0">
  | 
  |     <application-policy xmlns="urn:jboss:security-beans:1.0" name="gameportal">
  |         <authentication>
  |             <login-module code="ru.gameportal.login.GameportalLoginModule"
  |                           flag="required">
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | 
  | </deployment>
  | 

Unfortunately, JBoss doesn't call my custom login module (I'm using WebAuthentication for programmatic login, if it matters). Some info, hopefully relevant, from the log file:


  | 17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating metadata for application-policy gameportal
  | 17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating authentication metadata for policy gameportal
  | 17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Injecting security management JNDIBasedSecurityManagement into application-policy metadata
  | 17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal created org.jboss.security.config.ApplicationPolicy at 1c2f724
  | 17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal registered
  | ...
  | 17:38:06,703 TRACE [JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData at 1f:principalToRoleSetMapnull
  | 17:38:06,703 TRACE [SecurityAssociationValve] Begin invoke, caller=null
  | ...
  | 17:38:06,718 TRACE [JBossWebRealm] Begin authenticate, username=vdenisov at redline.ru
  | 17:38:06,718 DEBUG [JNDIBasedSecurityManagement] Creating SDC for domain=gameportal
  | 17:38:06,718 TRACE [JaasSecurityManager] Constructing
  | 17:38:06,718 DEBUG [gameportal] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler at f92417
  | 17:38:06,718 DEBUG [gameportal] CachePolicy set to: org.jboss.util.TimedCachePolicy at b0a21a
  | 17:38:06,718 DEBUG [JNDIBasedSecurityManagement] setCachePolicy, c=org.jboss.util.TimedCachePolicy at b0a21a
  | 17:38:06,718 TRACE [gameportal] Begin isValid, principal:vdenisov at redline.ru, cache info: null
  | 17:38:06,718 TRACE [gameportal] defaultLogin, principal=vdenisov at redline.ru
  | 17:38:06,718 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(gameportal), size=11
  | 17:38:06,718 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(gameportal), authInfo=AppConfigurationEntry[]:
  | [0]
  | LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
  | ControlFlag: LoginModuleControlFlag: required
  | Options:
  | name=usersProperties, value=u.properties
  | name=unauthenticatedIdentity, value=anonymous
  | name=rolesProperties, value=r.properties
  | 

It then proceeds to authenticate using UsersRolesLoginModule (and, of course, failes to open appropriate files).

Any advice?

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4233051#4233051

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4233051

More information about the jboss-user mailing list