[jboss-user] [Security] - JAAS Security and FLEX 3 problem

fjaouen do-not-reply at jboss.com
Tue Nov 10 09:52:27 EST 2009


I am currently doing a migration of a Flex Web application from JBoss 4.0.5 to JBoss 5.0.1.

In short term, in my application the security is managed by Flex (using services-config.xml) and there is no security stuff in my web.xml, neither in my jboss-web.xml (no security-domain specified). In Flex my security is custom and do not use server configuration. It is Java code which is bound to Spring security (DAO).

In my JBoss 4.0.5 all is working correctly. When I access my Web Application, my Flex login let me enter my user/password and I see in my logs my custom class called:

2009-09-23 10:10:27,682 INFO  [com.test.infra.security.SpringSecurityLoginCommand] doAuthentication for user admin
2009-09-23 10:10:28,713 INFO  [com.test.infra.security.SpringSecurityLoginCommand] doAuthentication for user admin succeeded
2009-09-23 10:10:28,713 INFO  [com.test.infra.security.SpringSecurityLoginCommand] found user preference locale : en_US

And then I can access my application.

In JBoss 5.0.1 I dot not see these log entries. It seems that JBoss is applying default policy. And I am not able to log in my application:
2009-11-09 17:11:29,016 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http- Creating SDC for domain=jboss-web-policy
2009-11-09 17:11:29,016 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] (http- CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler at 92f645
2009-11-09 17:11:29,016 DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.jboss-web-policy] (http- CachePolicy set to: org.jboss.util.TimedCachePolicy at 66389d
2009-11-09 17:11:29,016 DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement] (http- setCachePolicy, c=org.jboss.util.TimedCachePolicy at 66389d

I do not have any idea why JAAS is applying in that case ? Neither what have change in JBoss which could give this behavior ? Neither what I have to do avoid this ?

I spent a lot of time searching the Web but I do not find any response.

Thanks anybody could help me pass this step !

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4264846#4264846

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4264846

More information about the jboss-user mailing list