[jboss-user] [Installation, Configuration & Deployment] - Context.xml Realm element ignored (JBoss 4.0.3SP1)

jon_french@fws.gov do-not-reply at jboss.com
Mon Sep 25 12:36:10 EDT 2006

I am trying to deploy a custom Realm for a specific web application in JBoss AS 4.0.3SP1. My strategy is to place a context.xml file in the WEB-INF directory of my war file. The contents of the context.xml look like this:

  |              <Realm ... realm configuration here
  |                 />
  | </Context>

However, JBoss does not recognize the Realm definition and instead uses the Realm of the Tomcat Host in which this web application resides. However, configuring a RemoteAccessFilter in the context.xml file like this:

  |          <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="" />
  |              </Context>

definitely works (meaning that the valve is correctly deployed).

So the case is that JBoss is definitely recognizing the /WEB-INF/context.xml file, but is ignoring my Realm element.

The JBoss Wiki at http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingContextDotXML says that in regard to configuring web applications in /WEB-INF/jboss-web.xml vs. context.xml, "The general rule is that if you can do it in jboss-web.xml then the context.xml equivalent is ignored."

So this makes me think that maybe the reason JBoss is ignoring my context.xml Realm element is that it can be configured in /WEB-INF/jboss-web.xml. The only pertinent element in jboss-web.xml is the security-domain element. The docs/dtd/jboss-web.dtd file says of the security-domain element, 

  | <!-- The security-domain element allows one to specify a module wide
  | security manager domain. It specifies the JNDI name of the security
  | manager that implements the EJBSecurityManager and RealmMapping for
  | the domain.
  | -->
  | <!ELEMENT security-domain (#PCDATA)>

The "RealmMapping" text makes me suspicious, but the RealmMapping Javadoc at http://docs.jboss.org/jbossas/javadoc/4.0.4/security/org/jboss/security/RealmMapping.html
doesn't seem to contain any helpful information in regard to JBoss's use of a Host Realm before a Context Realm.

So my question is can anyone verify that JBoss won't allow a webapplication to specify a Realm in Context.xml? Is there a good reason? Is there a way to override the Realm via the "security-domain" element in jboss-web.xml? 

Other information:

The release notes of 4.0.4GA didn't mention any context.xml fixes: http://jira.jboss.com/jira/secure/ReleaseNote.jspa?version=12310691&styleName=Html&projectId=10030
so I'm guessing nothing has changed in regard to my problem in 4.0.4GA.

This JIRA issue http://jira.jboss.com/jira/browse/JBWEB-65 almost seems to apply, but its for the wrong version of JBoss and seems to be about the entire context.xml file being ignored, not just the Realm element.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3973947#3973947

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3973947

More information about the jboss-user mailing list