4 Replies Latest reply on Oct 1, 2002 11:14 PM by cjohan

    Custom Login Module help

    jackburns
    jackburns Jul 9, 2002 8:04 AM

      Just thought I'd post this to help people who are writing custom login modules - I found it hidden in this forum from quite a long time ago

      In auth.conf jboss (2.4.4) doesn't recognise custom login modules if you write:

      custom {
      com.company.CustomLoginModule required
      option1=value1;
      };

      With web access control it doesn't even throw an exception, it just uses the web container's security rather than the SecurityInterceptor forwarding to the jboss security domain. It also doesn't throw exceptions if the custom class doesn't exist.

      Jboss documentation isn't very good, but you need to use the ProxyLoginModule with a moduleName parameter set to your custom class name:

      custom {
      org.jboss.security.auth.spi.ProxyLoginModule required
      moduleName=com.company.CustomLoginModule
      option1=value1;
      };

      This also ensures that jboss can find any custom classes used in the custom login module (ie in lib/ext jars)- otherwise it looks for them in the system path

      • 3938 Views
      • Tags:
        • 1. Re: Custom Login Module help
          jameschaingchen
          jameschaingchen Jul 18, 2002 5:45 PM (in response to jackburns)

          Thanks for the very useful information. I have been struggled by this problem for sometime.

          I need to ask a question.

          Where to put the com.company.CustomLoginModule class? Can it be included in the deployment ear? Or it has to be placed in lib/ext in a jar file.

            • Actions
          • 2. Re: Custom Login Module help
            kpseal
            kpseal Jul 19, 2002 4:36 AM (in response to jackburns)

            I think it can go into the EAR file.
            From what I understand, ProxyLoginModule essentially bootstraps the loading of the actual LoginModule so that the class is loaded when it's first used rather than when the server starts off.
            So providing your enterprise application makes it available there should be no problem with JBoss loading it up when people start trying to log in. Neat.
            I think this might have changed slightly in 3.0.0.
            Hope this helps.

              • Actions
            • 3. Re: Custom Login Module help
              jameschaingchen
              jameschaingchen Jul 22, 2002 10:00 AM (in response to jackburns)

              Neat! It works. Thanks!

                • Actions
              • 4. Re: Custom Login Module help
                cjohan
                cjohan Oct 1, 2002 11:14 PM (in response to jackburns)

                Thank you, Jack! I spent hours trying to find out why I was getting an "unable to find login module" exception from JBoss 2.4.8.

                I notice that a standard SRP config uses this feature:
                srp {
                org.jboss.security.auth.spi.ProxyLoginModule required
                moduleName=org.jboss.security.srp.jaas.SRPCacheLoginModule
                cacheJndiName="srp/AuthenticationCache"
                ;

                org.jboss.security.auth.spi.UsersRolesLoginModule required
                password-stacking=useFirstPass
                ;

                };

                However, note that the UserRolesLoginModule does not need to be loaded by the ProxyLoginModule. Can anyone explain why that is?

                  • Actions