Thanks for your responses.
We have tried using JBoss 5.1.0GA and ran into exactly the same problem.
We also tried using <security-domain>FileNet</security-domain> as jaikiran
mentioned, and the result was the same.
We could ran Java client application using EJB transport without problems.
This problem only occurs when we use an application that uses Web Services transport to
connect to our application engine, which involves in having the WSI listener propagating
the security information to EJB's security domain for authentication. Our WSI
listener is implemented as a web servlet in JBoss web container which invokes
FnClientLoginModule initially under the "FileNetP8Engine" application-policy,
the authentication against LDAP is then performed in EJB container through the
"FileNet" application-policy which is defined as the EJB security domain in
jboss.xml.
Here is the excerpt of the login-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<application-policy name="FileNetP8Engine">
<login-module
code="com.filenet.api.authentication.jboss.login.FnClientLoginModule"
flag="required">
<module-option
name="multi-threaded">true</module-option>
</login-module>
</application-policy>
<application-policy name = "FileNet">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">
<module-option
name="java.naming.provider.url">ldap://ldaphost:389</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="allowEmptyPasswords">false</module-option>
<module-option
name="bindDN">cn=CEAdmin,ou=FileNet,dc=ldaphost,dc=com</module-option>
<module-option name="bindCredential">password</module-option>
<module-option
name="baseCtxDN">dc=ldaphost,dc=com</module-option>
<module-option name="baseFilter">(cn={0})</module-option>
<module-option
name="rolesCtxDN">dc=ldaphost,dc=com</module-option>
<module-option
name="roleFilter">(uniqueMember={0})</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="uidAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
</login-module>
</application-policy>
This mechanism has been working in JBoss 4.0.5 and 4.2.x.
We will try reproduce the problem on a sample application.
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4237730#...
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...