<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">

<div>
        <table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                <tbody>
                        <tr>

                                <td>

                                        <table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                                                <tbody>
                                                        <tr>
                                                                <td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
                                                                        <h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
                                                                        <!-- To have a header image/logo replace the name below with your img tag -->
                                                                        <!-- Email clients will render the images when the message is read so any image -->
                                                                        <!-- must be made available on a public server, so that all recipients can load the image. -->
                                                                        <a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
                                                                </td>

                                                        </tr>
                                                        <tr>
                                                                <td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px;  -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
    Security domain for JMS authentication is blacklisted when implementation is in EAR
</h3>
<span style="margin-bottom: 10px;">
    created by <a href="http://community.jboss.org/people/martin.hynar">Martin Hynar</a> in <i>JBoss Web Services</i> - <a href="http://community.jboss.org/message/579220#579220">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">

<div class="jive-rendered-content"><p>Hello everyone,</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>there is an interresting problem with security domain used to authenticate users connecting to JMS resources. The thing is that, there is custom implementation of authentication module (more constraints required) and a configuration of login-module that references this implementation.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag">&lt;application-policy name="CustomSecurityDomain"&gt;</span>
&#160; <span class="jive-xml-tag">&lt;authentication&gt;</span>
&#160;&#160;&#160; <span class="jive-xml-tag">&lt;login-module code="custom.authentication.LoginModule" flag="required"&gt;</span>
&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-comment">&lt;!-- some module options ... --&gt;</span>
&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/login-module&gt;</span>
&#160; <span class="jive-xml-tag">&lt;/authentication&gt;</span>
<span class="jive-xml-tag">&lt;/application-policy&gt;</span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>The class <span style="font-family: courier new,courier;">custom.authentication.LoginModule</span> sits within EAR. Then this authentication module is configured to be used by JMS authentication:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag">&lt;bean name="SecurityStore" class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore"&gt;</span>
&#160; <span class="jive-xml-comment">&lt;!-- default security configuration --&gt;
&#160; <span class="jive-xml-tag">&lt;property name="defaultSecurityConfig"&gt;</span>
&#160;&#160;&#160; &lt;![CDATA[
&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;security&gt;</span>
&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;role name="jmsrole" read="true" write="true" create="true"/&gt;</span>
&#160;&#160;&#160;&#160;&#160; <span class="jive-xml-tag">&lt;/security&gt;</span>
&#160;&#160;&#160; ]]&gt;
&#160; <span class="jive-xml-tag">&lt;/property&gt;</span>

&#160; <span class="jive-xml-tag">&lt;property name="securityDomain"&gt;</span>CustomSecurityDomain<span class="jive-xml-tag">&lt;/property&gt;</span>
&#160; <span class="jive-xml-tag">&lt;property name="securityManagement"&gt;</span><span class="jive-xml-tag">&lt;inject bean="JNDIBasedSecurityManagement"/&gt;</span><span class="jive-xml-tag">&lt;/property&gt;</span>

&#160; &lt;!-- @JMX annotation to export the management view of this bean --&gt;
&#160; <span class="jive-xml-tag">&lt;annotation&gt;</span>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)<span class="jive-xml-tag">&lt;/annotation&gt;</span>

&#160; &lt;!-- Password Annotation to inject the password from the common password utility --&gt;</span>
&#160; <span class="jive-xml-tag">&lt;annotation&gt;</span>@org.jboss.security.integration.password.Password(securityDomain=<span class="jive-xml-quote">suckerPassword</span>,methodName=<span class="jive-xml-quote">setSuckerPassword</span>)<span class="jive-xml-tag">&lt;/annotation&gt;</span>
<span class="jive-xml-tag">&lt;/bean&gt;</span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>With this setup, the authentication always fails and by debugging (I probably have wrong logging levels set) it is known that <span style="font-family: courier new,courier;">CustomSecurityDomain</span> is on blacklist. When the <span style="font-family: courier new,courier;">custom.authentication.LoginModule</span> is separated into separate jar and deployed on its own, then everything (authentication) work just fine, but then there are different reasons that prevent usage of this setup. Did somebody faced problem like this? Any solution or advice is welcome!</p><p style="min-height: 8pt; height: 8pt; padding: 0px;">&#160;</p><p>thanks, Martin</p></div>

<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
    <p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/579220#579220">going to Community</a></p>
        <p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
                        </tr>
                    </tbody>
                </table>


                </td>
            </tr>
        </tbody>
    </table>

</div>

</body>
</html>