[jboss-user] [JBoss Web Services] New message: "Client Cert Authentication in 5.1.0"

dfisher do-not-reply at jboss.com
Tue Mar 9 12:41:27 EST 2010

User development,

A new message was posted in the thread "Client Cert Authentication in 5.1.0":


Author  : dfisher
Profile : http://community.jboss.org/people/dfisher

I'm upgrading from version 4.2.3 to 5.1.0 and I'm having trouble getting SSL client authentication and JAAS to work correctly.
My session beans are annotated as:
@Stateless at SecurityDomain("ClientCertDomain")@WebContext(  transportGuarantee = "CONFIDENTIAL",  authMethod = "CLIENT-CERT")

My login-config.xml contains the following entry:

  <application-policy name="ClientCertDomain">    <authentication>
      <login-module code="org.jboss.security.auth.spi.DatabaseCertLoginModule"                    flag="sufficient">        <module-option name="securityDomain">ClientCertDomain</module-option>
        .....      </login-module>
    </authentication>  </application-policy>

Invocations of the web service fail with: faultString: (401)Unauthorized
The logs indicate that the security domain specified in the stateless session bean is "".
Application Policy not obtained for domain=. Trying to obtain the App policy for the default domain of the layer:WEB
This is apparently related to this bug: https://jira.jboss.org/jira/browse/JBAS-7037However, I cannot get the workaround to work.
Is the best course of action to attempt to update the jars in the JBoss 5.1.0 distribution?
Or is there another/better way to configure client cert based authorization?
(We can't use WS-Security yet, our clients don't support it.)


To reply to this message visit the message page: http://community.jboss.org/message/530855#530855

More information about the jboss-user mailing list