Big problem with login-config.xml on Jboss-3.2.6 on Debian L
atillman Oct 28, 2004 11:23 AMMy web applications cannot seem to find the loging configurations that are defined in their jboss-app.xml file. This is a problem on my own web apps as well as the ones that come with Jboss-3.2.6. This is a huge problem and is preventing me from upgrading.
Here is my login-config.xml
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.
The outline of the application-policy is:
<application-policy name="security-domain-name">
<login-module code="login.module1.class.name" flag="control_flag">
<module-option name = "option1-name">option1-value</module-option>
<module-option name = "option2-name">option2-value</module-option>
...
</login-module>
<login-module code="login.module2.class.name" flag="control_flag">
...
</login-module>
...
</application-policy>
$Revision: 1.6 $
-->
<!-- Used by clients within the application server VM such as
mbeans and servlets that access EJBs.
-->
<application-policy name = "client-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
<!-- Security domain for JBossMQ -->
<application-policy name = "jbossmq">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "dsJndiName">java:/jdbc/JMSPool</module-option>
<module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
<module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
</login-module>
</application-policy>
<!-- Security domains for testing new jca framework -->
<application-policy name = "HsqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</application-policy>
<application-policy name = "FirebirdDBRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sysdba</module-option>
<module-option name = "userName">sysdba</module-option>
<module-option name = "password">masterkey</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
</login-module>
</application-policy>
<application-policy name = "JmsXARealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
</login-module>
</application-policy>
<!-- A template configuration for the jmx-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required">
<module-option name="usersProperties">jmx-console-users.properties</module-option>
<module-option name="rolesProperties">jmx-console-roles.properties</module-option>
</login-module>
</application-policy>
<!-- A template configuration for the web-console web application. This
defaults to the UsersRolesLoginModule the same as other and should be
changed to a stronger authentication mechanism as required.
-->
<application-policy name = "web-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
<!-- The default login configuration used by any security domain that
does not have a application-policy entry with a matching name
-->
<!-- <application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy> -->
And here is my jboss-web for jmx-console.
<jboss-web>
<security-domain>java:/jaas/jmx-console</security-domain>
</jboss-web>
Now, I have changed the username and password in "jmx-console-users.properties" but not in the "user.properties" file in the conf directory. If I use the username and password in "jmx-console-users.properties" the login fails, but if I use the one in "user.properties" it succeeds. Furthermore, if I remove the "other" configuration from login-config.xml and go back to jmx-console, and error is logged with the message "No LoginModules configured for jboss.web". It seems that it cannot find the configuration "jmx-console". In this case you cannot login at all.