Problems to integrate CustomLoginModule
petersî Jul 20, 2006 4:41 AMHi,
we would like to use our own login module to authenticate consumers and providers with our SOA-based infrastructure and I have the impression that Jboss totally ignores the custom login modules and instead uses it own
Im using by the way JBoss 4.0.4. RC1 with JDK 1.5
I have set up following sbb-login-config-xml
<?xml version='1.0'?> <!DOCTYPE policy PUBLIC "-//JBoss//DTD JBOSS Security Config 3.0//EN" "http://www.jboss.org/j2ee/dtd/security_config.dtd"> <!-- The XML based JAAS login configuration read by the org.jboss.security.auth.login.XMLLoginConfig mbean. Add an application-policy element for each security domain. The outline of the application-policy is: <application-policy name="security-domain-name"> <authentication> <login-module code="login.module1.class.name" flag="control_flag"> <module-option name = "option1-name">option1-value</module-option> <module-option name = "option2-name">option2-value</module-option> ... </login-module> <login-module code="login.module2.class.name" flag="control_flag"> ... </login-module> ... </authentication> </application-policy> --> <policy> <application-policy name="auth-id-password"> <authentication> <login-module code="org.sopware.security.login.ldap.LDAPLoginModule" flag="required"> <module-option name="auth-type">auth-id-password</module-option> <module-option name="container-type">JBOSS</module-option> <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option> </login-module> </authentication> </application-policy> <application-policy name="auth-principal"> <authentication> <login-module code="org.sopware.security.login.ldap.LDAPLoginModule" flag="required"> <module-option name="auth-type">auth-principal</module-option> <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option> </login-module> </authentication> </application-policy> <application-policy name="auth-token-checking"> <authentication> <login-module code="org.sopware.security.login.ldap.LDAPLoginModule" flag="required"> <module-option name="auth-type">auth-token-password</module-option> <module-option name="container-type">JBOSS</module-option> <module-option name="reauthentication">true</module-option> <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option> </login-module> </authentication> </application-policy> </policy>
Im using this service.xml to startup the config
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE server>
sbb-login-config.xml
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager
The Jar file for the login module is in the server/lib. Is this the best way to put it ? Or do i need to put it in a jar file ?
It seems that on startup the jar file can be accessed and is loaded.
The security domain is set in the relevant DDs .
According to the log is seems to be able to read my login-config file and reads out the security domains. But somehow its now able to use it and I dont get any error message because of it .
by the way Im using it own server side and not on client side not als client login module but this is also something we consider .
Any hints and tips ?
Thx and rgds,
Iris