[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 5.0.1 stubbornly ignores application-policy in log
registration-form-muzz-die
do-not-reply at jboss.com
Fri Apr 17 21:47:54 EDT 2009
Well, have some progress thanks to Wolfgang Knauf's posts:
anonymous wrote : For the annotation approach: I know that there are two "SecurityDomain" annotations in the JBoss package: org.jboss.ejb3.annotation.SecurityDomain (the right one) and org.jboss.aspects.security.SecurityDomain (this one does not do anything). Could you check whether you picked the right one?
Actually there are at least 3 of them. The third one is org.jboss.security.annotation.SecurityDomain ;)
I replaced annotation with the proper one, and enabled security logging in "server/default/conf/jboss-log4j.xml", as Wolfgang described:
<appender name="CONSOLE.SECURITY" class="org.apache.log4j.ConsoleAppender">
| <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
| <param name="Target" value="System.out"/>
| <param name="Threshold" value="TRACE"/>
|
| <layout class="org.apache.log4j.PatternLayout">
| <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
| </layout>
| </appender>
| ...
|
| <category name="org.jboss.security">
| <priority value="TRACE"/>
| <appender-ref ref="CONSOLE.SECURITY"/>
| </category>
and now i see that username i've hardcoded in client is delivered to server, both "principalsQuery" and "rolesQuery" are executed over datasource and i am experiencing the
05:23:09,640 TRACE [IB-Automation] Login failure
| javax.security.auth.login.FailedLoginException: No matching username found in Roles
which i believe i can take care myself. :D
Hope, this information could help to avoid time wasting.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4226306#4226306
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4226306
More information about the jboss-user
mailing list