2 Replies Latest reply on Jan 30, 2007 1:19 AM by smokingapipe

How can I get JBoss to use my login module?

smokingapipe Jan 29, 2007 6:07 AM

I wrote a new class that implements javax.security.auth.spi.LoginModule. I put an entry for it in login-config.xml. I made the class into a jar and put the jar in server/default/lib. It never seems to load. I changed the login-config.xml file and intentionally made the class name incorrect and that didn't throw any errors, so it seems like if it can't load the class it silently fails. Any idea what's going on? My login module is super-simple. All it does is send a log message when there is a login attempt. Surely there is a way to use a login module in JBoss? I don't want to go back to old-style security where I implement a password check on every single method in all of my session beans. I would love to use declarative security if it's possible.

1. Re: How can I get JBoss to use my login module?

fhh Jan 29, 2007 7:30 PM (in response to smokingapipe)

AFAIK the LoginContext is only created when it is needed for the first time. So unless you start declaring some security constraints on your webapp you will never know whether it works or not.

Regards

Felix
Actions
2. Re: How can I get JBoss to use my login module?

smokingapipe Jan 30, 2007 1:19 AM (in response to smokingapipe)
I have it working. It's critical to use exactly the right format in jboss.xml. It must be:

<security-domain>myDomain</security-domain>

not anything with java:/jaas or anything like that.

I wrote my own LoginModule from scratch and it works fine. Is there any reason why I shouldn't use my own LoginModule instead of subclassing some from JBoss? I figured out how to set up the Roles group and the CallerPrincipal group and all the values seem to get passed around correctly.
Actions

Go to original post