[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 5.0.1 stubbornly ignores application-policy in log

registration-form-muzz-die do-not-reply at jboss.com
Fri Apr 17 21:47:54 EDT 2009

Well, have some progress thanks to Wolfgang Knauf's posts:
anonymous wrote : For the annotation approach: I know that there are two "SecurityDomain" annotations in the JBoss package: org.jboss.ejb3.annotation.SecurityDomain (the right one) and org.jboss.aspects.security.SecurityDomain (this one does not do anything). Could you check whether you picked the right one?
Actually there are at least 3 of them. The third one is org.jboss.security.annotation.SecurityDomain ;)

I replaced annotation with the proper one, and enabled security logging in "server/default/conf/jboss-log4j.xml", as Wolfgang described:

  <appender name="CONSOLE.SECURITY" class="org.apache.log4j.ConsoleAppender">
  |     <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
  |     <param name="Target" value="System.out"/>
  |     <param name="Threshold" value="TRACE"/>
  |     <layout class="org.apache.log4j.PatternLayout">
  |       <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
  |     </layout>
  |   </appender>
  |   ...
  |   <category name="org.jboss.security">
  |     <priority value="TRACE"/>
  |      <appender-ref ref="CONSOLE.SECURITY"/>
  |   </category>

and now i see that username i've hardcoded in client is delivered to server, both "principalsQuery" and "rolesQuery" are executed over datasource and i am experiencing the 
05:23:09,640 TRACE [IB-Automation] Login failure
  | javax.security.auth.login.FailedLoginException: No matching username found in Roles
which i believe i can take care myself. :D
Hope, this information could help to avoid time wasting. 

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226306#4226306

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226306

More information about the jboss-user mailing list