How To Configure JBoss Mail Server 1.0M4 to use the DatabaseServerLoginModule

versions: 1.0M5-pre

Configure jboss-service.xml for DatabaseServerLoginModule

Find the section of jboss-service.xml that looks like this:

   <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
      name="jboss.mail:type=SecurityConfig,name=LoginConfig">
      <attribute name="PolicyConfig" serialDataType="jbxb">
         <jaas:policy
            xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
            xmlns:jaas="urn:jboss:security-config:4.1"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            >
            <jaas:application-policy name="jbms">
               <jaas:authentication>
                  <jaas:login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                     flag="required">
                         <jaas:module-option name="usersProperties">jbms-users.properties</jaas:module-option>
                         <jaas:module-option name="rolesProperties">jbms-roles.properties</jaas:module-option>
                         <jaas:module-option name="unauthenticatedIdentity">nobody</jaas:module-option>
                  </jaas:login-module>
               </jaas:authentication>
            </jaas:application-policy>
         </jaas:policy>
      </attribute>
      <depends optional-attribute-name="LoginConfigService">
         jboss.security:service=XMLLoginConfig
      </depends>
      <depends optional-attribute-name="SecurityManagerService">
         jboss.security:service=JaasSecurityManager
      </depends>
   </mbean>

Reconfigure them to look like this (4 lines changed):

   <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
      name="jboss.mail:type=SecurityConfig,name=LoginConfig">
      <attribute name="PolicyConfig" serialDataType="jbxb">
         <jaas:policy
            xsi:schemaLocation="urn:jboss:security-config:4.1 resource:security-config_4_1.xsd"
            xmlns:jaas="urn:jboss:security-config:4.1"
            xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
            >
            <jaas:application-policy name="jbms">
               <jaas:authentication>
                  <!-- changed section -->
                  <jaas:login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
                     flag="required">
                         <jaas:module-option name="dsJndiName">java:/DefaultDS</jaas:module-option>
                         <jaas:module-option name="principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</jaas:module-option>
                         <jaas:module-option name="rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</jaas:module-option>
                  </jaas:login-module>
               </jaas:authentication>
            </jaas:application-policy>
         </jaas:policy>
      </attribute>
      <depends optional-attribute-name="LoginConfigService">
         jboss.security:service=XMLLoginConfig
      </depends>
      <depends optional-attribute-name="SecurityManagerService">
         jboss.security:service=JaasSecurityManager
      </depends>
   </mbean>

You can use any datasource that you like, but we suggest you use the same one that your mail is stored in for various reasons that are out of scope for this document.

You can also change the queries above however the order of the columns returned matters (but not the names) and only the single "user" parameter which replaces the ? will be provided.

Final thoughts

You may need to recreate the users you had defined in the installer or properties file based security.  Don't worry their mail isn't lost but you need to add them to the database or they will not be able to log in to get their mail!  If they had no mail yet then don't worry about it.