[jboss-cvs] JBossAS SVN: r108684 - in branches/JBPAPP_5_1/testsuite: src/resources/cc and 2 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Wed Oct 20 03:08:34 EDT 2010
Author: pskopek at redhat.com
Date: 2010-10-20 03:08:34 -0400 (Wed, 20 Oct 2010)
New Revision: 108684
Added:
branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/
branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/conf/
branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/conf/login-config.xml
Modified:
branches/JBPAPP_5_1/testsuite/build.xml
Log:
cc: added LDAP support
Modified: branches/JBPAPP_5_1/testsuite/build.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/build.xml 2010-10-20 04:43:57 UTC (rev 108683)
+++ branches/JBPAPP_5_1/testsuite/build.xml 2010-10-20 07:08:34 UTC (rev 108684)
@@ -1822,12 +1822,12 @@
<delete file="${jboss.dist}/server/cc/lib/jacorb.jar"/>
<!-- delete file="${jboss.dist}/common/lib/jboss-iiop.jar"/ -->
- <!-- copy alternate part of configuration (cc-none, cc-db, cc-ldap) -->
- <!-- copy todir="${jboss.dist}/server/cc" overwrite="true">
- <fileset dir="${build.resources}/test-configs/${alternate-config}">
+ <!-- copy alternate part of configuration using property cc.login.config -->
+ <copy todir="${jboss.dist}/server/cc" overwrite="true">
+ <fileset dir="${build.resources}/cc/${cc.login.config}">
<include name="**/*"/>
</fileset>
- </copy -->
+ </copy>
<!-- DB config patch (copy JDBC driver library) -->
<!-- copy todir="${jboss.dist}/server/cc/lib" overwrite="true" failonerror="false">
Added: branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/conf/login-config.xml
===================================================================
--- branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/conf/login-config.xml (rev 0)
+++ branches/JBPAPP_5_1/testsuite/src/resources/cc/ldap/conf/login-config.xml 2010-10-20 07:08:34 UTC (rev 108684)
@@ -0,0 +1,189 @@
+<?xml version='1.0'?>
+
+<!-- The XML based JAAS login configuration read by the
+org.jboss.security.auth.login.XMLLoginConfig mbean. Add
+an application-policy element for each security domain.
+
+The outline of the application-policy is:
+<application-policy name="security-domain-name">
+ <authentication>
+ <login-module code="login.module1.class.name" flag="control_flag">
+ <module-option name = "option1-name">option1-value</module-option>
+ <module-option name = "option2-name">option2-value</module-option>
+ ...
+ </login-module>
+
+ <login-module code="login.module2.class.name" flag="control_flag">
+ ...
+ </login-module>
+ ...
+ </authentication>
+</application-policy>
+
+$Id: login-config.xml 87078 2009-04-09 14:23:47Z bstansberry at jboss.com $
+$Revision: 87078 $
+-->
+
+<policy>
+ <!-- Used by clients within the application server VM such as
+ mbeans and servlets that access EJBs.
+ -->
+ <application-policy name="client-login">
+ <authentication>
+ <login-module code="org.jboss.security.ClientLoginModule"
+ flag="required">
+ <!-- Any existing security context will be restored on logout -->
+ <module-option name="restore-login-identity">true</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- Security domains for testing new jca framework -->
+ <application-policy name="HsqlDbRealm">
+ <authentication>
+ <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag="required">
+ <module-option name="principal">sa</module-option>
+ <module-option name="userName">sa</module-option>
+ <module-option name="password"></module-option>
+ <module-option name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name="JmsXARealm">
+ <authentication>
+ <login-module code="org.jboss.resource.security.ConfiguredIdentityLoginModule"
+ flag="required">
+ <module-option name="principal">guest</module-option>
+ <module-option name="userName">guest</module-option>
+ <module-option name="password">guest</module-option>
+ <module-option name="managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the jmx-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="jmx-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
+ <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+ <module-option name="java.naming.provider.url">ldap://dev39.qa.atl2.redhat.com:390/</module-option>
+ <module-option name="java.naming.security.authentication">simple</module-option>
+ <module-option name="principalDNPrefix">uid=</module-option>
+ <module-option name="principalDNSuffix">,ou=People,dc=my-domain,dc=com</module-option>
+ <module-option name="rolesCtxDN">ou=Roles,dc=my-domain,dc=com</module-option>
+ <module-option name="uidAttributeID">member</module-option>
+ <module-option name="matchOnUserDN">true</module-option>
+ <module-option name="roleAttributeID">cn</module-option>
+ <module-option name="roleAttributeIsDN">false</module-option>
+ <module-option name="searchTimeLimit">5000</module-option>
+ <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- A template configuration for the web-console web application. This
+ defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="web-console">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
+ <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
+ <module-option name="java.naming.provider.url">ldap://dev39.qa.atl2.redhat.com:390/</module-option>
+ <module-option name="java.naming.security.authentication">simple</module-option>
+ <module-option name="principalDNPrefix">uid=</module-option>
+ <module-option name="principalDNSuffix">,ou=People,dc=my-domain,dc=com</module-option>
+ <module-option name="rolesCtxDN">ou=Roles,dc=my-domain,dc=com</module-option>
+ <module-option name="uidAttributeID">member</module-option>
+ <module-option name="matchOnUserDN">true</module-option>
+ <module-option name="roleAttributeID">cn</module-option>
+ <module-option name="roleAttributeIsDN">false</module-option>
+ <module-option name="searchTimeLimit">5000</module-option>
+ <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!--
+ A template configuration for the JBossWS security domain.
+ This defaults to the UsersRolesLoginModule the same as other and should be
+ changed to a stronger authentication mechanism as required.
+ -->
+ <application-policy name="JBossWS">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required">
+ <module-option name="usersProperties">props/jbossws-users.properties</module-option>
+ <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
+ <module-option name="unauthenticatedIdentity">anonymous</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "jbosstest-ssl">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
+ flag = "required">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="securityDomain">java:/jaas/jbosstest-ssl</module-option>
+ </login-module>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="password-stacking">useFirstPass</module-option>
+ <module-option name="usersProperties">ssl-users.properties</module-option>
+ <module-option name="rolesProperties">ssl-roles.properties</module-option>
+ <module-option name="roleGroupSeperator">:</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "jbosstest-sso">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">sso-users.properties</module-option>
+ <module-option name="rolesProperties">sso-roles.properties</module-option>
+ <module-option name="roleGroupSeperator">.</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <application-policy name = "jbosstest-web">
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag = "required">
+ <module-option name="usersProperties">sso-users.properties</module-option>
+ <module-option name="rolesProperties">sso-roles.properties</module-option>
+ <module-option name="roleGroupSeperator">.</module-option>
+ </login-module>
+ </authentication>
+ </application-policy>
+
+ <!-- The default login configuration used by any security domain that
+ does not have a application-policy entry with a matching name
+ -->
+ <application-policy name="other">
+ <!-- A simple server login module, which can be used when the number
+ of users is relatively small. It uses two properties files:
+ users.properties, which holds users (key) and their password (value).
+ roles.properties, which holds users (key) and a comma-separated list of
+ their roles (value).
+ The unauthenticatedIdentity property defines the name of the principal
+ that will be used when a null username and password are presented as is
+ the case for an unuathenticated web client or MDB. If you want to
+ allow such users to be authenticated add the property, e.g.,
+ unauthenticatedIdentity="nobody"
+ -->
+ <authentication>
+ <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
+ flag="required"/>
+ </authentication>
+ </application-policy>
+
+</policy>
+
More information about the jboss-cvs-commits
mailing list