[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 5 authentication / authorization problem

Wolfgang Knauf do-not-reply at jboss.com
Wed Feb 4 04:02:21 EST 2009


I have to admit I don't have much more ideas on this.

My own security example is packaged in one single EAR and works, so I would advice you to give this a try (EJB jar and web war in one EAR).

The strange thing is that the "jboss.xml" approach at least seems to perform a login, but the annotation approach does not work.

Could you post your full jboss.xml? Your snippet does not contain a doctype declaration, maybe this confuses jboss. It should be:
<?xml version="1.0" encoding="UTF-8"?>
  | <!DOCTYPE jboss PUBLIC
  | 	"-//JBoss//DTD JBOSS 5.0//EN"
  | 	"http://www.jboss.org/j2ee/dtd/jboss_5_0.dtd">
  | <jboss>
  | 	<security-domain>toy-shop-realm</security-domain>
  | </jboss>

For the annotation approach: I know that there are two "SecurityDomain" annotations in the JBoss package: org.jboss.ejb3.annotation.SecurityDomain (the right one) and org.jboss.aspects.security.SecurityDomain (this one does not do anything). Could you check whether you picked the right one?

Does the security logging tell you that it uses your properties file and can verify login/password?
The "Logging" chapter from the security FAQ is slightly outdated, please see http://www.jboss.com/index.html?module=bb&op=viewtopic&t=148747#4203604 for an up-to-date config.

If this does not help: you could mail me your sample.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4206827#4206827

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4206827

More information about the jboss-user mailing list