[jboss-user] [Security & JAAS/JBoss] - JBOSS JSSE configuration issue

as1816 do-not-reply at jboss.com
Wed May 16 06:03:57 EDT 2007


We have a problem in using JAAS during migration from Jboss-3.2.3 to JBoss-4.0.5.GA. The same approach is working in JBoss-3.2.3 version.
The reason for above I found is SecurityAssociation is not populated for JBoss-4.0.5.GA.

Ear Deployment/JAAS Configurations details:

We have two .ear deployed in the same server. First ear contains all EJBs. Second ear contains one war file through which we monitor the system. We are using customized login module and this login module is invoked properly and subject is populated.

                subject.getPrivateCredentials().add(userBean);
                logger.info("Adding role '" + userBean.getRole() + "'to context");
                userRoles.addMember(new SimplePrincipal(userBean.getRole()));


 Login module returns true. But from action class, when we call below code subject is null.
--------------------------------------------------------------------------------------
		EntryUser user = EISDataHelper().getUser();
 		signature of getUser is as below:
		public EntryUserBean getUser() throws CustodyException,
 		RemoteException
 		{
        		Subject subj = SecurityAssociation.getSubject(); 
//Here subject is null(in JBoss-4.0.5.GA), while same code is running in JBoss-3.2.3
             		if (subj == null) 
			{
                         	logger.debug("subject is null");
              			return null;
             		}
 		}
--------------------------------------------------------------------------------------


 Configuration for login module in login-config.xml  is as below :
--------------------------------------------------------------------------------------
 <application-policy name="settlement">
      
            <login-module code="com.db.dcs.model.settlements.jboss.security.LdapDBLoginModule" flag="required">
                  <module-option name="validatePWD">true</module-option>
            </login-module>
      
 </application-policy>

--------------------------------------------------------------------------------------


 Configuration for JAAS  in conf/jboss-service.xml  is as below :
--------------------------------------------------------------------------------------
 <!--
 ====================================================================
 -->
      <!-- Security
	 -->
      <!--
 ====================================================================
 -->
      
            jboss.security:service=XMLLoginConfig
      
      

            login-config.xml

      

      <!-- JAAS security manager and realm mapping -->
      <!-- change JaasSecurityManager by JaasSecurityDomain -->
      
            
         org.jboss.security.plugins.JaasSecurityDomain
      
      

      <!--JaasSecurityDomain -->
      
    jboss.security:service=JaasSecurityManager
    
        
    

    ${jboss.server.home.dir}/ssl/.keystore

    gft01abc

--------------------------------------------------------------------------------------


Configuration for SSL  in deploy/jbossweb-tomcat55.sar/server.xml is as below :
--------------------------------------------------------------------------------------

	
--------------------------------------------------------------------------------------

Configuration for security domain  in deploy/settlement-webapp.ear/settlement-webapp.war/jboss-web.xml is as below :
--------------------------------------------------------------------------------------
<jboss-web>
      <security-domain>java:/jaas/settlement</security-domain>
</jboss-web>
--------------------------------------------------------------------------------------


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4046069#4046069

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4046069



More information about the jboss-user mailing list