[JBoss JIRA] (WFLY-7412) A security-domain can only load login-modules from a single JBoss module

Wednesday, 14 December 2016

    [
https://issues.jboss.org/browse/WFLY-7412?page=com.atlassian.jira.plugin....
] 

Peter Palaga commented on WFLY-7412:
------------------------------------

To make sure that this issue was fixed I created a simple test project:
https://github.com/ppalaga/WFLY-7412
What it does:

* It builds WildFly from source using srcdeps
* It configures a test instance with a security-domain with two custom login modules that
live in two independent JBoss Modules
* Runs some tests that invoke both login modules.

Indeed, it proves that the fix works.

I would certainly be good to have such a test in the WildFly testsuite. I'd do it
straight away, but I was not able to find any similar integration test in the WF code base
that would run some management commands and add custom JBoss modules to the test instance.
I am kinda hesitant to push my solution based on maven plugins there, because it looks too
different from the usual Arquillian way of writing itests.

Could perhaps anybody point me to an arquillian test that runs management commands and
installs custom JBoss modules?

...
  A security-domain can only load login-modules from a single JBoss
module 
 --------------------------------------------------------------------------

                 Key: WFLY-7412
                 URL: https://issues.jboss.org/browse/WFLY-7412
             Project: WildFly
          Issue Type: Bug
          Components: Security
            Reporter: Derek Horton
            Assignee: Stefan Guilhen
             Fix For: 11.0.0.Alpha1

 A security-domain can only load login-modules from a single JBoss module.  Even though
the security-domain configuration will allow each login module defined within a single
security-domain to have a "module" attribute, the only module that is used to
load the login-modules is the last "module" attribute that the parsing system
locates.  
 For example, with the following configuration, it looks like
"org.jboss.example.CustomLoginModule" should be loaded from the
"org.jboss.example" jboss-module and
"org.jboss.example.CustomBaseCertLoginModule" should be loaded from the
"org.jboss.another.example" jboss-module:
   <security-domain name="jmx-console" cache-type="default">
       <authentication>
           <login-module code="org.jboss.example.CustomLoginModule"
module="org.jboss.example" flag="required">
               <module-option name="usersProperties"
value="${jboss.server.config.dir}/users.properties"/>
               <module-option name="rolesProperties"
value="${jboss.server.config.dir}/roles.properties"/>
           </login-module>
           <login-module code="org.jboss.example.CustomBaseCertLoginModule"
module="org.jboss.another.example" flag="required">
               <module-option name="usersProperties"
value="${jboss.server.config.dir}/users.properties"/>
               <module-option name="rolesProperties"
value="${jboss.server.config.dir}/roles.properties"/>
           </login-module>
       </authentication>
   </security-domain>
 Unfortunately, it does not work like this.  Only the
"org.jboss.another.example" jboss-module is used to load the custom login
modules. 

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006