[jboss-jira] [JBoss JIRA] (AS7-3888) Deployment provided login modules for security domains are not accessible to remote invocation

Jason Greene (JIRA) jira-events at lists.jboss.org
Fri Feb 24 10:30:36 EST 2012 

     [ https://issues.jboss.org/browse/AS7-3888?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jason Greene closed AS7-3888.
-----------------------------

    Fix Version/s: No Release
                       (was: 7.1.2.Final)
       Resolution: Rejected


This is by design (explanation to follow). Although instead of modifying the security module, the best approach is to define a new static module with its own jar (placing it in the modules dir) and reference it using the module="" tag in the security domain login module stack.

The reason it is not possible to use application classes is that remoting connections perform authentication once during the negotiation phase of the connection, and all subsequent ejb (or jndi etc) invocations share the same connection. So an authenticated connection can potentially span an arbitrary number of applications, and that information can not be known at the time of authentication.
                
> Deployment provided login modules for security domains are not accessible to remote invocation
> ----------------------------------------------------------------------------------------------
>
>                 Key: AS7-3888
>                 URL: https://issues.jboss.org/browse/AS7-3888
>             Project: Application Server 7
>          Issue Type: Enhancement
>          Components: Security
>    Affects Versions: 7.1.0.Final
>         Environment: Reproduced on Ubuntu 10.04.3 LTS, CentOS release 5.7, Windows 7
>            Reporter: Daniel Jipa
>            Assignee: Darran Lofthouse
>             Fix For: No Release
>
>         Attachments: myear.ear
>
>
> When using a remote jndi connection to AS and a custom security-realm for it that is tied to a custom login module the authentication only works when packaging the class in a jar and installing it on jboss_install_dir/modules/org/jboss/as/remoting/main. It should be loadable from ear also. 
> More details here: https://community.jboss.org/thread/195501

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

More information about the jboss-jira mailing list