Jboss is not accessing my Security Domain from login-config.
mumar3 May 16, 2006 10:43 AMI am having a weird problem. I am writting a simple EJB Application. The problem I am having is as follows:
In file login-config.xml, I have configured a login Module for my Security Domain "adviceDomain", But JBoss reads "other" from login-config.xml and if I take "other" out from login-config.xml then I get the following Error Message:
[java] java.rmi.AccessException: SecurityException; nested exception is:
[java] javax.security.auth.login.LoginException: No LoginModules configured for adviceDomain
AM I MISSING any STEP or missing some thing else? Your help will be much appreciated.
Here are the Steps I took with Code Examples:
1- set up a security Domain in JBoss.xml
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE jboss PUBLIC "-//JBoss//DTD JBOSS//EN" "http://www.jboss.org/j2ee/dtd/jboss.dtd"> <jboss> <security-domain>java:/jaas/adviceDomain</security-domain> <enterprise-beans> <session> <ejb-name>AdviceBean</ejb-name> <jndi-name>ejb/AdviceBean</jndi-name> </session> </enterprise-beans> </jboss>
2- Setup Permission in ejb-jar.xml
<ejb-jar> <description>Intro to EJB</description> <display-name>EJB1</display-name> <enterprise-beans> <!-- Session Beans --> <session> <display-name>Advice Bean</display-name> <ejb-name>AdviceBean</ejb-name> <home>com.cc.dvr.AdviceHome</home> <remote>com.cc.dvr.Advice</remote> <ejb-class>com.cc.dvr.AdviceBean</ejb-class> <session-type>Stateful</session-type> <transaction-type>Container</transaction-type> </session> </enterprise-beans> <!-- Assembly Descriptor --> <assembly-descriptor> <security-role> <role-name>AdviceRole</role-name> </security-role> <method-permission> <role-name>AdviceRole</role-name> <method> <ejb-name>AdviceBean</ejb-name> <method-name>*</method-name> </method> </method-permission> </assembly-descriptor> </ejb-jar>
3- add application-policy for security domain "adviceDomain" in $JBOSS_HOME/server/default/conf/login-config.xml.
<application-policy name ="adviceDomian"> <!-- A simple server login module, which can be used when the number of users is relatively small. It uses two properties files: users.properties, which holds users (key) and their password (value). roles.properties, which holds users (key) and a comma-separated list of their roles (value). The unauthenticatedIdentity property defines the name of the principal that will be used when a null username and password are presented as is the case for an unuathenticated web client or MDB. If you want to allow such users to be authenticated add the property, e.g., unauthenticatedIdentity="nobody" --> <authentication> <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" > <module-option name="usersProperties">props/users.properties</module-option> <module-option name="rolesProperties">props/roles.properties</module-option> <module-option name="unauthenticatedIdentity">nobody</module-option> </login-module> </authentication> </application-policy>
Am I MISSING any step? or Some thing else wrong here. You help will be much Appreciated.