[jboss-dev-forums] [Design of Security on JBoss] - inconcistency between security-config_5_0.xsd and xml tests

alex.loubyansky@jboss.com do-not-reply at jboss.com
Mon Aug 7 10:30:03 EDT 2006 

The problem is in the  authentication-jaspi element which is declared in the XSD as

  |    <xsd:element name="authentication-jaspi">
  |       <xsd:annotation>
  |          <xsd:appinfo>
  |             <jbxb:skip/>
  |          </xsd:appinfo>
  |       </xsd:annotation>
  |       <xsd:complexType>
  |       <xsd:choice >
  |          <xsd:element maxOccurs="unbounded" ref="jbsx:login-module-stack"/>
  |          <xsd:element maxOccurs="unbounded" ref="jbsx:auth-module"/>
  |       </xsd:choice>
  |       </xsd:complexType>
  |    </xsd:element> 
  | 

The XML tested is

  |    <jbsx:application-policy name="conf-jaspi"> 
  | 	  <jbsx:authentication-jaspi>
  | 		<jbsx:login-module-stack name="lm-stack">
  | 			<jbsx:login-module
  | 				code="org.jboss.security.auth.spi.UsersRolesLoginModule"
  | 				flag="required">
  | 				<jbsx:module-option name="usersProperties">props/jbossws-users.properties</jbsx:module-option>
  | 				<jbsx:module-option name="rolesProperties">props/jbossws-roles.properties</jbsx:module-option>
  | 				<jbsx:module-option name="unauthenticatedIdentity">anonymous</jbsx:module-option>
  | 			</jbsx:login-module>
  | 		</jbsx:login-module-stack>
  | 		<jbsx:auth-module code="auth.module1.class.name">
  | 			<jbsx:module-option name="usersProperties">props/jbossws-users.properties</jbsx:module-option>
  | 			<jbsx:module-option name="rolesProperties">props/jbossws-roles.properties</jbsx:module-option>
  | 			<jbsx:module-option name="unauthenticatedIdentity">anonymous</jbsx:module-option>
  | 		</jbsx:auth-module>
  | 		
  | 		<jbsx:auth-module code="auth.module2.class.name" login-module-stack-ref="lm-stack"/>  
  | 	 </jbsx:authentication-jaspi> 
  |    </jbsx:application-policy>
  | 

There can be either auth-module or login-module-stack but not both.

Actually the test currently passes. Though, the SAX parser's validation is supposed to be on. I'll look into that.

Current SchemaBinding-based validation doesn't catch it. I was working on a fix for another issue and extended SchemaBinding validation to catch that.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3963589#3963589

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3963589

More information about the jboss-dev-forums mailing list