-
15. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 27, 2006 10:14 AM (in response to david.l.small)Oh, and here is the trace leading up to the error. It's as if jBoss is ignoring the security domain entries in jboss-web.xml and jboss.xml.
2006-06-27 10:12:06,082 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2006-06-27 10:12:06,082 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.java:] Begin isValid, principal:null, cache info: null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.java:] defaultLogin, principal=null
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(java:), size=10
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(java:), no entry in appConfigs, tyring parentCont: null
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(java:), no entry in parentConfig, trying: other
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(java:), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize, instance=@11058755
2006-06-27 10:12:06,121 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null -
16. Re: XMLLoginConfig not picking up my application-policy
j2ee_junkie Jun 27, 2006 10:43 AM (in response to david.l.small)David,
Yes, your login-config.xml is correct. Your earlier post varifies that the "PinkRealm" is in fact getting configured. The problem is with your deployment. The output from your last post shows that the a "java:" security-domain is being attempted, but since it does not exist, the default "other" application-policy is being used. Review your security-domain settings for accuracy.
cgriffith -
17. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 27, 2006 10:56 AM (in response to david.l.small)To get the security domain settings I'm using jboss-web.xml and jboss.xml just as I did in 4.0.3. There is nothing peculiar about them. And if I try to use the @SecurityDomain annotation instead, I get the same problem. Here are the files ...
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 2.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
<jboss-web>
<security-domain>java:/jaas/PinkRealm</security-domain>
</jboss-web>
<?xml version="1.0" encoding="ISO-8859-1" ?>
<!DOCTYPE jboss PUBLIC
"-//JBoss//DTD JBOSS 4.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">
<security-domain>java:/jaas/PinkRealm</security-domain> -
18. Re: XMLLoginConfig not picking up my application-policy
j2ee_junkie Jun 27, 2006 11:16 AM (in response to david.l.small)David,
I have a good look at the trace logging when you deploy your ear. Look for security-domain binding settings made by deployer and parsing of your descriptors.
cgriffith -
19. Re: XMLLoginConfig not picking up my application-policy
j2ee_junkie Jun 27, 2006 11:30 AM (in response to david.l.small)Also,
Doing a forum search with query "@SecurityDomain" AND annotation AND "security domain" yeilds similar situations as yours.
cgriffith -
20. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 27, 2006 11:39 AM (in response to david.l.small)This is what I have for parsing of the jboss.xml file. Not much in the line of tracing ...
2006-06-27 11:14:30,834 DEBUG [org.jboss.ejb3.Ejb3Module] Creating jboss.j2ee:service=EJB3,module=pinkcommon-ejb.jar
2006-06-27 11:14:30,841 DEBUG [org.jboss.ejb3.security.JaccHelper] Initialising JACC Context for deployment: pinkcommon-ejb.jar
2006-06-27 11:14:30,853 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] ctor, contextID=pinkcommon-ejb.jar
2006-06-27 11:14:30,938 DEBUG [org.jboss.ejb3.Ejb3DescriptorHandler] found jboss.xml jar:file:/usr/local/jboss-4.0.4.GA/server/default/tmp/deploy/tmp58947pinkcommon.ear-contents/pinkcommon-ejb.jar!/META-INF/jboss.xml
2006-06-27 11:14:31,519 INFO [org.jboss.ejb3.Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to com.pinksheets.common.ejb.biz.AnalyzeLegacyDatabaseBean org.jboss.annotation.security.SecurityDomainImpl@10ab67f
2006-06-27 11:14:31,536 DEBUG [org.jboss.ejb3.Ejb3AnnotationHandler] found EJB3: ejbName=AnalyzeLegacyDatabaseBean, class=com.pinksheets.common.ejb.biz.AnalyzeLegacyDatabaseBean, type=STATELESS
2006-06-27 11:14:31,595 DEBUG [org.jboss.ejb3.ProxyDeployer] no declared remote bindings for : AnalyzeLegacyDatabaseBean
2006-06-27 11:14:31,643 INFO [org.jboss.ejb3.Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to com.pinksheets.common.ejb.biz.CodesServiceBean org.jboss.annotation.security.SecurityDomainImpl@15c0729
2006-06-27 11:14:31,666 DEBUG [org.jboss.ejb3.Ejb3AnnotationHandler] found EJB3: ejbName=CodesServiceBean, class=com.pinksheets.common.ejb.biz.CodesServiceBean, type=STATELESS
2006-06-27 11:14:31,666 DEBUG [org.jboss.ejb3.ProxyDeployer] no declared remote bindings for : CodesServiceBean -
21. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 27, 2006 11:57 AM (in response to david.l.small)This thread has the answer.
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=78329
Apparently, the "java:/jaas/" must now be removed. Not that this is your fault, but it would have been nice if this change have been documented in the release notes. It's a pretty significant change.
Now, I have a new error to track down and fix. Thanks for your help. -
22. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 27, 2006 12:32 PM (in response to david.l.small)Actually, it gets even weirder. It is true that you need to remove "java:/jaas/" in jboss.xml 's security-domain element. But that same prefix must be present in the jboss-web.xml 's security-domain element otherwise the web authentication doesn't work.
-
23. Re: XMLLoginConfig not picking up my application-policy
starksm64 Jun 28, 2006 9:57 AM (in response to david.l.small)Then that is an ejb3 bug.
-
24. Re: XMLLoginConfig not picking up my application-policy
david.l.small Jun 28, 2006 10:05 AM (in response to david.l.small)"scott.stark@jboss.org" wrote:
Then that is an ejb3 bug.
Does this mean that you'll be reverting back to using "java:/jaas/" in jboss.xml (or @SecurityDomain) in a future version? -
25. Re: XMLLoginConfig not picking up my application-policy
jbossjleplat Jun 28, 2006 11:31 AM (in response to david.l.small)That problem had me stuck for quite a while. It's especially tough as all the tutorials and JaasHowTo and JASS FAQ don't mention this issue.