Context.xml Realm element ignored (JBoss 4.0.3SP1)
jon_french Sep 25, 2006 12:36 PMI am trying to deploy a custom Realm for a specific web application in JBoss AS 4.0.3SP1. My strategy is to place a context.xml file in the WEB-INF directory of my war file. The contents of the context.xml look like this:
<Context> <Realm ... realm configuration here /> </Context>
However, JBoss does not recognize the Realm definition and instead uses the Realm of the Tomcat Host in which this web application resides. However, configuring a RemoteAccessFilter in the context.xml file like this:
<Context> <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1" /> </Context>
definitely works (meaning that the valve is correctly deployed).
So the case is that JBoss is definitely recognizing the /WEB-INF/context.xml file, but is ignoring my Realm element.
The JBoss Wiki at http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingContextDotXML says that in regard to configuring web applications in /WEB-INF/jboss-web.xml vs. context.xml, "The general rule is that if you can do it in jboss-web.xml then the context.xml equivalent is ignored."
So this makes me think that maybe the reason JBoss is ignoring my context.xml Realm element is that it can be configured in /WEB-INF/jboss-web.xml. The only pertinent element in jboss-web.xml is the security-domain element. The docs/dtd/jboss-web.dtd file says of the security-domain element,
<!-- The security-domain element allows one to specify a module wide security manager domain. It specifies the JNDI name of the security manager that implements the EJBSecurityManager and RealmMapping for the domain. --> <!ELEMENT security-domain (#PCDATA)>
The "RealmMapping" text makes me suspicious, but the RealmMapping Javadoc at http://docs.jboss.org/jbossas/javadoc/4.0.4/security/org/jboss/security/RealmMapping.html
doesn't seem to contain any helpful information in regard to JBoss's use of a Host Realm before a Context Realm.
So my question is can anyone verify that JBoss won't allow a webapplication to specify a Realm in Context.xml? Is there a good reason? Is there a way to override the Realm via the "security-domain" element in jboss-web.xml?
Other information:
The release notes of 4.0.4GA didn't mention any context.xml fixes: http://jira.jboss.com/jira/secure/ReleaseNote.jspa?version=12310691&styleName=Html&projectId=10030
so I'm guessing nothing has changed in regard to my problem in 4.0.4GA.
This JIRA issue http://jira.jboss.com/jira/browse/JBWEB-65 almost seems to apply, but its for the wrong version of JBoss and seems to be about the entire context.xml file being ignored, not just the Realm element.