JBossDeveloper

And application.xml goes in the META-INF of the EAR file???????

All these xml files all over the place!

OK, that bit is working, I have my DataSources dynamically loaed with the EAR.

But it's still really weird.

request.getUserPrincipal.isUserInRole("User") returns true.

sessionContext.isCallerInRole("User") returns false;

?????????

And WHY must I have an EMPTY <security-domain/> element in jboss.xml in the EJB jar to make the login work?

The sar thing doesn't work. At least not with that embedded Dynamic config.

Just putting login-config.xml in the base of the EAR doesn't do it. And adding a to application.xml pointing to login-config.xml causes an error. Don't think you can do that.

Anway.

Why is sessionContext.isCallerInRole("User") returning false?

request.isUserInRole("User") returns true, because in my LoginModule, I have

 private void createRoleSets() throws LoginException
 {
 SimpleGroup roles = new SimpleGroup("Roles");

// Add roles held by the user.
// Currently, the only role is "User".
 roles.addMember(new GreenfieldsUserRole("User"));

 SimpleGroup callerPrincipal = new SimpleGroup("CallerPrincipal");
 callerPrincipal.addMember(getIdentity());

 roleSets = new SimpleGroup[]{ roles, callerPrincipal };
 }

Here is something from our testsuite.


form-auth.ear
==========

= form-auth-roles.properties
=form-auth-users.properties
=form-auth.war
=jboss-service.xml
META-INF
|
----------------- application.xml
----------------- jboss-app.xml
----------------- security-config.xml

<?xml version="1.0" encoding="UTF-8"?>

<server>
 <!-- The custom JAAS login configuration that installs
 a Configuration capable of dynamically updating the
 config settings
 -->
 <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
 name="jboss.security.tests:service=LoginConfig">
 <attribute name="AuthConfig">META-INF/security-config.xml</attribute>
 <depends optional-attribute-name="LoginConfigService">
 jboss.security:service=XMLLoginConfig
 </depends>
 <depends optional-attribute-name="SecurityManagerService">
 jboss.security:service=JaasSecurityManager
 </depends>
 </mbean>
</server>

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">

<!-- The JAAS login configuration file for the java:/jaas/jbossweb-form-auth
security domain used by the security-spec test case
-->
<policy>

 <application-policy name = "jbossweb-form-auth">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">nobody</module-option>
 <module-option name="usersProperties">form-auth-users.properties</module-option>
 <module-option name="rolesProperties">form-auth-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>
</policy>

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-app
 PUBLIC "-//JBoss//DTD J2EE Application 1.3V2//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-app_3_2.dtd">

<jboss-app>
 <module>
 <service>jboss-service.xml</service>
 </module>
</jboss-app>

Hello,

Your post has been quite valuable to me, but there are a few details missing that would help me and others a lot.

- I have a custom login module and a custom principal (that extends SimplePrincipal).

- I got all the XML configuration files working.

- I added @SecurityDomain("MySecurityDomain") to the EJBs that call:
MyPrincipal principal = (MyPrincipal)sessionCtx.getCallerPrincipal();
...and...
sessionCtx.isCallerInRole("MyRole");

"isCallerInRole()" works since I added @SecurityDomain.

BUT "sessionCtx.getCallerPrincipal()" only returns SimplePrincipal, not my custom principal!!!

@NigelWhite: You mention that you had the same problem, then you say you solved the problem, but you don't mention how!

Please let everybody know what we are missing!

Thank You very much!!!