2 Replies Latest reply on Sep 15, 2010 1:22 PM by shenz

Problem with security-domain

shenz Sep 10, 2010 11:58 AM

Hi dear all,

I've the problem, that my security domain is not used. Actually, I'll want to use a Ldap-login. But in order to find out if my security domain is used, I tried I simple UsersRolesLoginModule.

As long I'm not using the jboss-web.xml or/and the web.xml my project "myWebApp" is deployed. But when I try to bind everything to a security-domain (named "jbossmq"), I get the the following error messages (see below), when deploying my EJB project "myWebApp". I'm expecting there's an error in my web.xml (see below as well for the other deployment desriptors).

Here are the error messages:

17:08:44,169 INFO [AttributeCallbackItem] Owner callback not implemented.
17:08:45,004 INFO [LogNotificationListener] Adding notification listener for logging mbean "jboss.system:service=Logging,type=Log4jService" to server org.jboss.mx.server.MBeanServerImpl@59db9f45[ defaultDomain='jboss' ]
17:08:47,386 ERROR [AbstractKernelController] Error installing to Parse: name=vfszip:/usr/local/jboss/jboss-5.1.0.GA/server/default/deploy/instituteKurz.ear/ state=Not Installed mode=Manual requiredState=Parse

...

at java.lang.Thread.run(Thread.java:619)
Caused by: org.jboss.xb.binding.JBossXBException: Failed to parse source: The content of element type "jboss-web" must match "(class-loading?,security-domain?,jacc-star-role-allow?,context-root?,virtual-host*,use-session-cookies?,replication-config?,resource-env-ref*,ejb-ref*,ejb-local-ref*,service-ref*,resource-ref*,message-destination-ref*,security-role*,message-destination*,webservice-description*,depends*,servlet*,max-active-sessions?,passivation-config?)". @ vfszip:/usr/local/jboss/jboss-5.1.0.GA/server/default/deploy/instituteKurz.ear/instituteKurz.war/WEB-INF/jboss-web.xml[9,13]

at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:203)

...

The web.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>

<web-app xmlns="http://java.sun.com/xml/ns/javaee"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
   xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
   <display-name>myWebApp</display-name>

   <security-constraint>
             <web-resource-collection>
            <web-resource-name>myWebApp</web-resource-name>
            <url-pattern>/*</url-pattern>
            <http-method>GET</http-method>
            <http-method>POST</http-method>
         </web-resource-collection>
         <user-data-constraint>
           <transport-guarantee>CONFIDENTIAL</transport-guarantee>
         </user-data-constraint>
   </security-constraint>

<login-config>
   <auth-method>BASIC</auth-method>
   <realm-name>myWebApp</realm-name>
</login-config>
<security-role>
   <role-name>loginAllowed</role-name>
</security-role>
</web-app>

The according entry in the <installation path>/server/default/conf/login-config.xml is

<application-policy name="jbossmq">
    <authentication>
      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
        flag="required">
        <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
        <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
      </login-module>
    </authentication>
</application-policy>

The jboss.xml is (it is later on used for the EJBs):

<?xml version="1.0" encoding="UTF-8"?>
<jboss>
<security-domain>jbossmq</security-domain>
</jboss

and the the jboss-web.xml:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web PUBLIC
    "-//JBoss//DTD Web Application 5.0//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
   <context-root>myWebApp</context-root>
   <security-domain>java:/jaas/jbossmq</security-domain>

and the application.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE application
   PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
   "http://java.sun.com/dtd/application_1_3.dtd">
<application>
   <display-name>myWebApp</display-name>
   <module>
      <ejb>myWebApp.jar</ejb>
   </module>
   <module>
      <web>
         <web-uri>myWebApp.war</web-uri>
         <context-root>myWebApp</context-root>
      </web>
   </module>
</application>

Does anybody can help me out?

Thx in advance,

Stefan

1. Re: Problem with security-domain

thunder.farmer Sep 13, 2010 3:15 AM (in response to shenz)

"jboss-web" must match "(class-loading?,security-domain?,jacc-star-role-allow?,context-root?,
======================================================================
It state the error clearly.
Pls change your jboss-web.xml to

<jboss-web>
<security-domain>java:/jaas/jbossmq</security-domain>
<context-root>myWebApp</context-root>

see what's going on
Actions
2. Re: Problem with security-domain

shenz Sep 15, 2010 1:22 PM (in response to thunder.farmer)

Hello,

thanks for your hint. I changed in the jboss-web.xml the order of the tags <security-domain> and <context-root> as you proposed. But when now deploying the the EAR file, my application "myWebApp" is working, but no login and password request occur, i.e. most probably no bind to the security domain "jbossmq" occurs.

The content of my jboss-web.xml looks like:

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web PUBLIC
    "-//JBoss//DTD Web Application 5.0//EN"
    "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
<jboss-web>
   <security-domain>java:/jaas/jbossmq</security-domain>
   <context-root>instituteKurz</context-root>
</jboss-web>

I've no glue, why no login and password request occur when calling my "myWebApp".
A https connector is also configured as well as a redirect from http connector to the https one. Its working, because when looking in on the web-console as well as on the jmx-console the login procedure is working.

Does somebody has an idea?

Thanks in advance and best wishes,
Stefan
Actions

Go to original post