0 Replies Latest reply on May 13, 2006 12:27 PM by anil.saldhana

    Caveat about Dynamic Login Config Service

    anil.saldhana

      http://wiki.jboss.org/wiki/Wiki.jsp?page=DynamicLoginConfig

      This is a great service when you need to dynamically load the jaas configuration for the security service. In the service, you can optionally specify (in fact we should kind of mandate it), the AuthConfig attribute to refer to a login-config.xml.

      If you do not specify this AuthConfig attribute, then the service defaults to the global login-config.xml (in the conf directory of your server configuration). The issue that I have seen in this case is if you stop or undeploy this service, then the default jaas configuration emanating from the global login-config.xml is offloaded and the security manager will start having issues.

      For this reason, it is recommended to specify a login-config.xml as part of your sar. I have updated the wiki page with this caveat.