[jboss-jira] [JBoss JIRA] (WFLY-7412) A security-domain can only load login-modules from a single JBoss module
Peter Palaga (JIRA)
issues at jboss.org
Wed Dec 14 10:36:00 EST 2016
[ https://issues.jboss.org/browse/WFLY-7412?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13338622#comment-13338622 ]
Peter Palaga commented on WFLY-7412:
------------------------------------
To make sure that this issue was fixed I created a simple test project: https://github.com/ppalaga/WFLY-7412
What it does:
* It builds WildFly from source using srcdeps
* It configures a test instance with a security-domain with two custom login modules that live in two independent JBoss Modules
* Runs some tests that invoke both login modules.
Indeed, it proves that the fix works.
I would certainly be good to have such a test in the WildFly testsuite. I'd do it straight away, but I was not able to find any similar integration test in the WF code base that would run some management commands and add custom JBoss modules to the test instance. I am kinda hesitant to push my solution based on maven plugins there, because it looks too different from the usual Arquillian way of writing itests.
Could perhaps anybody point me to an arquillian test that runs management commands and installs custom JBoss modules?
> A security-domain can only load login-modules from a single JBoss module
> --------------------------------------------------------------------------
>
> Key: WFLY-7412
> URL: https://issues.jboss.org/browse/WFLY-7412
> Project: WildFly
> Issue Type: Bug
> Components: Security
> Reporter: Derek Horton
> Assignee: Stefan Guilhen
> Fix For: 11.0.0.Alpha1
>
>
> A security-domain can only load login-modules from a single JBoss module. Even though the security-domain configuration will allow each login module defined within a single security-domain to have a "module" attribute, the only module that is used to load the login-modules is the last "module" attribute that the parsing system locates.
> For example, with the following configuration, it looks like "org.jboss.example.CustomLoginModule" should be loaded from the "org.jboss.example" jboss-module and "org.jboss.example.CustomBaseCertLoginModule" should be loaded from the "org.jboss.another.example" jboss-module:
> <security-domain name="jmx-console" cache-type="default">
> <authentication>
> <login-module code="org.jboss.example.CustomLoginModule" module="org.jboss.example" flag="required">
> <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
> </login-module>
> <login-module code="org.jboss.example.CustomBaseCertLoginModule" module="org.jboss.another.example" flag="required">
> <module-option name="usersProperties" value="${jboss.server.config.dir}/users.properties"/>
> <module-option name="rolesProperties" value="${jboss.server.config.dir}/roles.properties"/>
> </login-module>
> </authentication>
> </security-domain>
> Unfortunately, it does not work like this. Only the "org.jboss.another.example" jboss-module is used to load the custom login modules.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list