3 Replies Latest reply on Mar 3, 2009 10:44 AM by sjunejo

    How to configure "Negotiate Kerberos"?

    draggy
    draggy Apr 17, 2008 12:17 AM

      Hello JBoss experts and professionals,

      Currently, I’m using JBoss Portal 2.6.4 bundle with Application server 4.2.2 and referring to http://wiki.jboss.org/wiki/NegotiateKerberos about

      3. Modify the ${jboss.server.dir}/conf/jboss-service.xml (if you installed via the JBoss Installer Jar, then the file you need to edit is ${jboss.server.dir}/deploy/security-service.xml) in the server you copied the jars to. You need to change the "jboss.security:service=JaasSecurityManager MBean" to use the new callback handler included with the negotiate jar.
You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:

 <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>

for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.

for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml


      I am not sure how to configure this particular parts: 

      You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:

 <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>


      And 

      for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.

for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml


      However, I have managed to find JAAS in my jboss-service.xml: 

      <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <!-- A flag which indicates whether the SecurityAssociation server mode
 is set on service creation. This is true by default since the
 SecurityAssociation should be thread local for multi-threaded server
 operation.
 -->
 <attribute name="ServerMode">true</attribute>
 <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
 <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
 <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
 in seconds.
 If you want to disable caching of security credentials, set this to 0 to
 force authentication to occur every time. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheTimeout">1800</attribute>
 <!-- DefaultCacheResolution: Specifies the default timed cache policy
 resolution in seconds. This controls the interval at which the cache
 current timestamp is updated and should be less than the DefaultCacheTimeout
 in order for the timeout to be meaningful. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheResolution">60</attribute>
 <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
 security managers to be deep copies that makes copies of the subject
 principals and credentials if they are cloneable. It should be set to
 true if subject include mutable content that can be corrupted when
 multiple threads have the same identity and cache flushes/logout clearing
 the subject in one thread results in subject references affecting other
 threads.
 -->
 <attribute name="DeepCopySubjectMode">false</attribute>
 </mbean>


      May I know how to configure it?

      Thank you


      • 2825 Views
      • Tags:
        • 1. Re: How to configure
          draggy
          draggy Apr 17, 2008 3:15 AM (in response to draggy)

           

          "draggy" wrote:
          Hello JBoss experts and professionals,

          Currently, I’m using JBoss Portal 2.6.4 bundle with Application server 4.2.2 and referring to http://wiki.jboss.org/wiki/NegotiateKerberos about

          3. Modify the ${jboss.server.dir}/conf/jboss-service.xml (if you installed via the JBoss Installer Jar, then the file you need to edit is ${jboss.server.dir}/deploy/security-service.xml) in the server you copied the jars to. You need to change the "jboss.security:service=JaasSecurityManager MBean" to use the new callback handler included with the negotiate jar.
You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:

 <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>

for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.

for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml


          I am not sure how to configure this particular parts:

          You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:

 <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>


          And

          for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.

for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml


          However, I have managed to find JAAS in my jboss-service.xml:

          <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <!-- A flag which indicates whether the SecurityAssociation server mode
 is set on service creation. This is true by default since the
 SecurityAssociation should be thread local for multi-threaded server
 operation.
 -->
 <attribute name="ServerMode">true</attribute>
 <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
 <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
 <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
 in seconds.
 If you want to disable caching of security credentials, set this to 0 to
 force authentication to occur every time. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheTimeout">1800</attribute>
 <!-- DefaultCacheResolution: Specifies the default timed cache policy
 resolution in seconds. This controls the interval at which the cache
 current timestamp is updated and should be less than the DefaultCacheTimeout
 in order for the timeout to be meaningful. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheResolution">60</attribute>
 <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
 security managers to be deep copies that makes copies of the subject
 principals and credentials if they are cloneable. It should be set to
 true if subject include mutable content that can be corrupted when
 multiple threads have the same identity and cache flushes/logout clearing
 the subject in one thread results in subject references affecting other
 threads.
 -->
 <attribute name="DeepCopySubjectMode">false</attribute>
 </mbean>


          May I know how to configure it?

          Thank you


          is it just add the 
          <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>


          just like this: 
          <!-- JAAS security manager and realm mapping -->
 <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
 name="jboss.security:service=JaasSecurityManager">
 <!-- A flag which indicates whether the SecurityAssociation server mode
 is set on service creation. This is true by default since the
 SecurityAssociation should be thread local for multi-threaded server
 operation.
 -->
 <attribute name="ServerMode">true</attribute>
 <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
 <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
 <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
 <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
 in seconds.
 If you want to disable caching of security credentials, set this to 0 to
 force authentication to occur every time. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheTimeout">1800</attribute>
 <!-- DefaultCacheResolution: Specifies the default timed cache policy
 resolution in seconds. This controls the interval at which the cache
 current timestamp is updated and should be less than the DefaultCacheTimeout
 in order for the timeout to be meaningful. This has no affect if the
 AuthenticationCacheJndiName has been changed from the default value.
 -->
 <attribute name="DefaultCacheResolution">60</attribute>
 <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
 security managers to be deep copies that makes copies of the subject
 principals and credentials if they are cloneable. It should be set to
 true if subject include mutable content that can be corrupted when
 multiple threads have the same identity and cache flushes/logout clearing
 the subject in one thread results in subject references affecting other
 threads.
 -->
 <attribute name="DeepCopySubjectMode">false</attribute>
 </mbean>


          is it correct?

          Thank you

            • Actions
          • 2. Re: How to configure
            draggy
            draggy Apr 17, 2008 6:16 AM (in response to draggy)

            hello people,

            Now I'm getting some error:

            2008-04-17 18:02:47,113 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Starting jboss.security:service=XMLLoginConfig
2008-04-17 18:02:47,113 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Try loading config as XML, url=file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
2008-04-17 18:02:47,254 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Failed to load config as XML
org.jboss.xb.binding.JBossXBException: Failed to parse source: The element type "authentication" must be terminated by the matching end-tag "</authentication>". @ *unknown*[166,4]
 at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:193)
 at org.jboss.xb.binding.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:158)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadXMLConfig(XMLLoginConfigImpl.java:324)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:288)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:268)
 at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:176)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
 at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:417)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy4.start(Unknown Source)
 at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy5.deploy(Unknown Source)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
 at org.jboss.Main.boot(Main.java:200)
 at org.jboss.Main$1.run(Main.java:508)
 at java.lang.Thread.run(Thread.java:619)
Caused by: org.xml.sax.SAXException: The element type "authentication" must be terminated by the matching end-tag "</authentication>". @ *unknown*[166,4]
 at org.jboss.xb.binding.parser.sax.SaxJBossXBParser$MetaDataErrorHandler.fatalError(SaxJBossXBParser.java:355)
 at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
 at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
 at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
 at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
 at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
 at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
 at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
 at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
 at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
 at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:189)
 ... 53 more
2008-04-17 18:02:47,254 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Try loading config as Sun format, url=file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
2008-04-17 18:02:47,269 WARN [org.jboss.security.auth.login.XMLLoginConfigImpl] End loadConfig, failed to load config: file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
Was expecting one of:
 <EOF>
 <IDENTIFIER> ...

 at org.jboss.security.auth.login.SunConfigParser.generateParseException(SunConfigParser.java:395)
 at org.jboss.security.auth.login.SunConfigParser.jj_consume_token(SunConfigParser.java:333)
 at org.jboss.security.auth.login.SunConfigParser.config(SunConfigParser.java:98)
 at org.jboss.security.auth.login.SunConfigParser.parse(SunConfigParser.java:57)
 at org.jboss.security.auth.login.SunConfigParser.doParse(SunConfigParser.java:79)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(XMLLoginConfigImpl.java:310)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:294)
 at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:268)
 at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:176)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
 at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
 at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
 at $Proxy0.start(Unknown Source)
 at org.jboss.system.ServiceController.start(ServiceController.java:417)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy4.start(Unknown Source)
 at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
 at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
 at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
 at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
 at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
 at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
 at java.lang.reflect.Method.invoke(Method.java:597)
 at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
 at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
 at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
 at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
 at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
 at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
 at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
 at $Proxy5.deploy(Unknown Source)
 at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
 at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
 at org.jboss.Main.boot(Main.java:200)
 at org.jboss.Main$1.run(Main.java:508)
 at java.lang.Thread.run(Thread.java:619)
2008-04-17 18:02:47,488 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Started jboss.security:service=XMLLoginConfig
2008-04-17 18:02:47,488 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.security:service=XMLLoginConfig dependent components: []
2008-04-17 18:02:47,488 DEBUG [org.jboss.system.ServiceController] starting service jboss.security:service=JaasSecurityManager
2008-04-17 18:02:47,488 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Starting jboss.security:service=JaasSecurityManage


            and here is my login-config.xml: 

            <?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
 "-//JBoss//DTD JBOSS Security Config 3.0//EN"
 "http://www.jboss.org/j2ee/dtd/security_config.dtd">

<!-- The XML based JAAS login configuration read by the
org.jboss.security.auth.login.XMLLoginConfig mbean. Add
an application-policy element for each security domain.

The outline of the application-policy is:
<application-policy name="security-domain-name">
 <authentication>
 <login-module code="login.module1.class.name" flag="control_flag">
 <module-option name = "option1-name">option1-value</module-option>
 <module-option name = "option2-name">option2-value</module-option>
 ...
 </login-module>

 <login-module code="login.module2.class.name" flag="control_flag">
 ...
 </login-module>
 ...
 </authentication>
</application-policy>

$Revision: 64598 $
-->

<policy>
 <!-- Used by clients within the application server VM such as
 mbeans and servlets that access EJBs.
 -->
 <application-policy name = "client-login">
 <authentication>
 <login-module code = "org.jboss.security.ClientLoginModule"
 flag = "required">
 <!-- Any existing security context will be restored on logout -->
 <module-option name="restore-login-identity">true</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- Security domain for JBossMQ -->
 <application-policy name = "jbossmq">
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "dsJndiName">java:/DefaultDS</module-option>
 <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
 <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- Security domain for JBossMQ when using file-state-service.xml
 <application-policy name = "jbossmq">
 <authentication>
 <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
 flag = "required">
 <module-option name = "unauthenticatedIdentity">guest</module-option>
 <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
 </login-module>
 </authentication>
 </application-policy>
 -->

 <!-- Security domains for testing new jca framework -->
 <application-policy name = "HsqlDbRealm">
 <authentication>
 <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
 flag = "required">
 <module-option name = "principal">sa</module-option>
 <module-option name = "userName">sa</module-option>
 <module-option name = "password"></module-option>
 <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <application-policy name = "JmsXARealm">
 <authentication>
 <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
 flag = "required">
 <module-option name = "principal">guest</module-option>
 <module-option name = "userName">guest</module-option>
 <module-option name = "password">guest</module-option>
 <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- A template configuration for the jmx-console web application. This
 defaults to the UsersRolesLoginModule the same as other and should be
 changed to a stronger authentication mechanism as required.
 -->
 <application-policy name = "jmx-console">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
 <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- A template configuration for the web-console web application. This
 defaults to the UsersRolesLoginModule the same as other and should be
 changed to a stronger authentication mechanism as required.
 -->
 <application-policy name = "web-console">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required">
 <module-option name="usersProperties">web-console-users.properties</module-option>
 <module-option name="rolesProperties">web-console-roles.properties</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!--
 A template configuration for the JBossWS security domain.
 This defaults to the UsersRolesLoginModule the same as other and should be
 changed to a stronger authentication mechanism as required.
 -->
 <application-policy name="JBossWS">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag="required">
 <module-option name="usersProperties">props/jbossws-users.properties</module-option>
 <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
 <module-option name="unauthenticatedIdentity">anonymous</module-option>
 </login-module>
 </authentication>
 </application-policy>

 <!-- The default login configuration used by any security domain that
 does not have a application-policy entry with a matching name
 -->
 <application-policy name = "other">
 <!-- A simple server login module, which can be used when the number
 of users is relatively small. It uses two properties files:
 users.properties, which holds users (key) and their password (value).
 roles.properties, which holds users (key) and a comma-separated list of
 their roles (value).
 The unauthenticatedIdentity property defines the name of the principal
 that will be used when a null username and password are presented as is
 the case for an unuathenticated web client or MDB. If you want to
 allow such users to be authenticated add the property, e.g.,
 unauthenticatedIdentity="nobody"
 -->
 <authentication>
 <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
 flag = "required" />
 </authentication>
 </application-policy>

 <!-- SPNEGO -->
 <application-policy name = "SPNEGO">
 <authentication>
 <login-module code = "org.jboss.security.auth.NegotiateLoginModule"
 flag = "required" />
 <module-option name="loadBalancer">false</module-option>
 <module-option name="domainController">192.168.0.1</module-option>
 <module-option name="defaultDomain">test.com</module-option>
 </login-module>
 </authentication>
 </application-policy>

</policy>


            May I know what went wrong?

            Thank you

              • Actions
            • 3. Re: How to configure
              sjunejo
              sjunejo Mar 3, 2009 10:44 AM (in response to draggy)

              Same problem with me...:(

                • Actions