5 Replies Latest reply on May 25, 2009 11:06 AM by plukh

    Problem with Dynamic Login Config on JBoss 5.0.1

    vphagura May 20, 2009 7:47 PM

      I have dynamicloginconfig-service.xml deployed in the server/default/deploy and looks like this:

      <server>
 <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
 <attribute name="AuthConfig">
 dynamic-login-config.xml
 </attribute>
 <depends optional-attribute-name="LoginConfigService">
 jboss.security:service=XMLLoginConfig
 </depends>
 <depends optional-attribute-name="SecurityManagerService">
 jboss.security:service=JaasSecurityManager
 </depends>
 </mbean>
</server>


      And then I have the dynamic-login-config.xml pointed to by the 'AuthConfig' attribute above, and it looks like this: 

      <?xml version='1.0'?>

<policy>
 <!-- Used by clients within the application server VM such as
 mbeans and servlets that access EJBs.
 -->
 <application-policy name = "reservator-security-domain">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
 <module-option name="dsJndiName">
 java:/ReservatorDS
 </module-option>
 <module-option name="principalsQuery">
 SELECT PASSWD FROM USERS WHERE USERID=?
 </module-option>
 <module-option name="rolesQuery">
 SELECT ROLEID, 'rolesGroup' FROM ROLES WHERE USERID=?
 </module-option>
 </login-module>
 </authentication>
</application-policy>

</policy>


      The dynamic-login-config.xml file is located in my EAR under its meta-inf.

      During deploy of JBoss AS 5.0.1 I get this error:

      org.jboss.deployment.DeploymentException: Failed to find authConf as resource: dynamic-login-config.xml

      I even tried putting specifing meta-inf dir in the AuthConfig as META-INF/dynamic-login-config.xml

      Please help, am I missing something??



      • 9556 Views
      • Tags:
        • 1. Re: Problem with Dynamic Login Config on JBoss 5.0.1
          jaikiran
          jaikiran May 21, 2009 2:29 AM (in response to vphagura)

           

          I have dynamicloginconfig-service.xml deployed in the server/default/deploy


          Place the dynamicloginconfig-service.xml in the META-INF of the EAR.

            • Actions
          • 2. Re: Problem with Dynamic Login Config on JBoss 5.0.1
            vphagura May 21, 2009 1:04 PM (in response to vphagura)

            Thx JaiKiran. That worked.

            Just to make this useful for other people looking for solution to this, here is what I did:

            - Put the dynamicloginconfig-service.xml in my ear META-INF, as suggested
            - and my dynamic-login-config.xml file is also in ear META-INF

            The dynamicloginconfig-service.xml file looks like this now:

            <server>
 <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
 <attribute name="AuthConfig">
 META-INF/dynamic-login-config.xml
 </attribute>
 <depends optional-attribute-name="LoginConfigService">
 jboss.security:service=XMLLoginConfig
 </depends>
 <depends optional-attribute-name="SecurityManagerService">
 jboss.security:service=JaasSecurityManager
 </depends>
 </mbean>
</server>


              • Actions
            • 4. Re: Problem with Dynamic Login Config on JBoss 5.0.1
              plukh
              plukh May 25, 2009 9:48 AM (in response to vphagura)

              I'm trying the new simpler approach and can't seem to get my application to work (old DynamicLoginConfig way worked fine).

              Here's what I'm doing:

              WEB-INF/jboss-web.xml (in the web module)

              <?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN"
 "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
 <security-domain>java:/jaas/gameportal</security-domain>
</jboss-web>


              META-INF/gameportal-jboss-beans.xml (in ear) 
              <?xml version="1.0" encoding="UTF-8"?>

<deployment xmlns="urn:jboss:bean-deployer:2.0">

 <application-policy xmlns="urn:jboss:security-beans:1.0" name="gameportal">
 <authentication>
 <login-module code="ru.gameportal.login.GameportalLoginModule"
 flag="required">
 </login-module>
 </authentication>
 </application-policy>

</deployment>


              Unfortunately, JBoss doesn't call my custom login module (I'm using WebAuthentication for programmatic login, if it matters). Some info, hopefully relevant, from the log file: 

              17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating metadata for application-policy gameportal
17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating authentication metadata for policy gameportal
17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Injecting security management JNDIBasedSecurityManagement into application-policy metadata
17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal created org.jboss.security.config.ApplicationPolicy@1c2f724
17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal registered
...
17:38:06,703 TRACE [JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
17:38:06,703 TRACE [SecurityAssociationValve] Begin invoke, caller=null
...
17:38:06,718 TRACE [JBossWebRealm] Begin authenticate, username=vdenisov@redline.ru
17:38:06,718 DEBUG [JNDIBasedSecurityManagement] Creating SDC for domain=gameportal
17:38:06,718 TRACE [JaasSecurityManager] Constructing
17:38:06,718 DEBUG [gameportal] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@f92417
17:38:06,718 DEBUG [gameportal] CachePolicy set to: org.jboss.util.TimedCachePolicy@b0a21a
17:38:06,718 DEBUG [JNDIBasedSecurityManagement] setCachePolicy, c=org.jboss.util.TimedCachePolicy@b0a21a
17:38:06,718 TRACE [gameportal] Begin isValid, principal:vdenisov@redline.ru, cache info: null
17:38:06,718 TRACE [gameportal] defaultLogin, principal=vdenisov@redline.ru
17:38:06,718 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(gameportal), size=11
17:38:06,718 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(gameportal), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
name=usersProperties, value=u.properties
name=unauthenticatedIdentity, value=anonymous
name=rolesProperties, value=r.properties


              It then proceeds to authenticate using UsersRolesLoginModule (and, of course, failes to open appropriate files).

              Any advice?

                • Actions
              • 5. Re: Problem with Dynamic Login Config on JBoss 5.0.1
                plukh
                plukh May 25, 2009 11:06 AM (in response to vphagura)

                Weird, after restarting JBoss my custom login module was invoked correctly...

                  • Actions