Martin Hynar [
http://community.jboss.org/people/martin.hynar] created the discussion
"Security domain for JMS authentication is blacklisted when implementation is in
EAR"
To view the discussion, visit:
http://community.jboss.org/message/579220#579220
--------------------------------------------------------------
Hello everyone,
there is an interresting problem with security domain used to authenticate users
connecting to JMS resources. The thing is that, there is custom implementation of
authentication module (more constraints required) and a configuration of login-module that
references this implementation.
<application-policy name="CustomSecurityDomain">
<authentication>
<login-module code="custom.authentication.LoginModule"
flag="required">
<!-- some module options ... -->
</login-module>
</authentication>
</application-policy>
The class custom.authentication.LoginModule sits within EAR. Then this authentication
module is configured to be used by JMS authentication:
<bean name="SecurityStore"
class="org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStore">
<!-- default security configuration -->
<property name="defaultSecurityConfig">
<![CDATA[
<security>
<role name="jmsrole" read="true" write="true"
create="true"/>
</security>
]]>
</property>
<property name="securityDomain">CustomSecurityDomain</property>
<property name="securityManagement"><inject
bean="JNDIBasedSecurityManagement"/></property>
<!-- @JMX annotation to export the management view of this bean -->
<annotation>@org.jboss.aop.microcontainer.aspects.jmx.JMX(name="jboss.messaging:service=SecurityStore",exposedInterface=org.jboss.jms.server.jbosssx.JBossASSecurityMetadataStoreMBean.class)</annotation>
<!-- Password Annotation to inject the password from the common password utility
-->
<annotation>@org.jboss.security.integration.password.Password(securityDomain=suckerPassword,methodName=setSuckerPassword)</annotation>
</bean>
With this setup, the authentication always fails and by debugging (I probably have wrong
logging levels set) it is known that CustomSecurityDomain is on blacklist. When the
custom.authentication.LoginModule is separated into separate jar and deployed on its own,
then everything (authentication) work just fine, but then there are different reasons that
prevent usage of this setup. Did somebody faced problem like this? Any solution or advice
is welcome!
thanks, Martin
--------------------------------------------------------------
Reply to this message by going to Community
[
http://community.jboss.org/message/579220#579220]
Start a new discussion in JBoss Web Services at Community
[
http://community.jboss.org/choose-container!input.jspa?contentType=1&...]