[jboss-user] [JBoss Web Services] New message: "Client Cert Authentication in 5.1.0"
dfisher
do-not-reply at jboss.com
Tue Mar 9 12:41:27 EST 2010
User development,
A new message was posted in the thread "Client Cert Authentication in 5.1.0":
http://community.jboss.org/message/530855#530855
Author : dfisher
Profile : http://community.jboss.org/people/dfisher
Message:
--------------------------------------------------------------
I'm upgrading from version 4.2.3 to 5.1.0 and I'm having trouble getting SSL client authentication and JAAS to work correctly.
My session beans are annotated as:
@Stateless at SecurityDomain("ClientCertDomain")@WebContext( transportGuarantee = "CONFIDENTIAL", authMethod = "CLIENT-CERT")
My login-config.xml contains the following entry:
<application-policy name="ClientCertDomain"> <authentication>
<login-module code="org.jboss.security.auth.spi.DatabaseCertLoginModule" flag="sufficient"> <module-option name="securityDomain">ClientCertDomain</module-option>
..... </login-module>
</authentication> </application-policy>
Invocations of the web service fail with: faultString: (401)Unauthorized
The logs indicate that the security domain specified in the stateless session bean is "".
Application Policy not obtained for domain=. Trying to obtain the App policy for the default domain of the layer:WEB
This is apparently related to this bug: https://jira.jboss.org/jira/browse/JBAS-7037However, I cannot get the workaround to work.
Is the best course of action to attempt to update the jars in the JBoss 5.1.0 distribution?
Or is there another/better way to configure client cert based authorization?
(We can't use WS-Security yet, our clients don't support it.)
--------------------------------------------------------------
To reply to this message visit the message page: http://community.jboss.org/message/530855#530855
More information about the jboss-user
mailing list