8 Replies Latest reply on Jul 16, 2011 11:30 AM by cs02rm0

    JAAS DatabaseServerLoginModule on Jboss AS 7

    arg20

      Hello, I have this configuration:

       

      <application-policy name="turismo">

           <authentication>

                <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                     <module-option name="dsJndiName">java:turismo</module-option>

                     <module-option name="principalsQuery">

       

                               select password from Usuario where email=?

       

                     </module-option>

                     <module-option name="rolesQuery">

       

                            select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

       

                      </module-option>

                     <module-option name="hashAlgorithm">SHA-256</module-option>

                     <module-option name="hashEncoding">base64</

      <application-policy name="turismo">

           <authentication>

                <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                     <module-option name="dsJndiName">java:turismo</module-option>

                     <module-option name="principalsQuery">select password from Usuario where email=?</module-option>

                     <module-option name="rolesQuery">

                       select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

                      </module-option>

                     <module-option name="hashAlgorithm">SHA-256</module-option>

                     <module-option name="hashEncoding">base64</module-option>

                </login-module>

           </authentication>

      </application-policy>

      module-option>

                </login-module>

           </authentication>

      </application-policy>

       

      Jboss 7 security configurations seem to have changed drastically, can anyone tell me how to migrate that to Jboss 7 conf?

        • 1. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
          arg20

          <application-policy name="turismo">

               <authentication>

                    <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

                         <module-option name="dsJndiName">java:turismo</module-option>

                         <module-option name="principalsQuery">select password from Usuario where email=?</module-option>

                         <module-option name="rolesQuery">

                           select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

                          </module-option>

                         <module-option name="hashAlgorithm">SHA-256</module-option>

                         <module-option name="hashEncoding">base64</module-option>

                    </login-module>

               </authentication>

          </application-policy>

          • 2. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
            brunovernay

            What used to be in login-conf.xml is now in standalone.xml (or domain.xml) depending on which one you are using.

            In configuration/standalone.xml, there is a

            <subsystem xmlns="urn:jboss:domain:security:1.0"> <security-domains>

               <security-domain name="turismo">

                <authentication>

                      <login-module code="Database" flag="required">

                           <module-option name="dsJndiName" value="java:turismo"/>

                           <module-option name="principalsQuery" value="select password from Usuario where email=?"/>

                           <module-option name="rolesQuery">

                             select ug.grupos_groupName, 'Roles' from Usuario_Grupo ug, Usuario u where u.id=ug.usuarios_id and u.email=?

                            </module-option>

                           <module-option name="hashAlgorithm">SHA-256</module-option>

                           <module-option name="hashEncoding">base64</module-option>

                      </login-module>

                 </authentication>

              </security-domain>
            </security-domains>
            </subsystem>

            You have to change the name/value everywhere and it should work.

            You can use the long code if you want: org.jboss.security.auth.spi.DatabaseServerLoginModule

            • 3. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
              dekiz

              jndi convention has also changed, so DS should be looked up with something like this:  java:jboss/datasources/nameOfDS

              <module-option name="dsJndiName" value="java:jboss/datasources/turismo"/>

              Cheers,

              D


              • 4. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
                gerry.matte

                Hi Dejan.

                Would you mind posting the code that would lookup the above datasource ?

                My former method of creating an InitialContext no longer works with AS7.

                Thanks.

                • 5. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
                  dekiz

                  If I remember correct something like this would work:

                  try

                          {

                              InitialContext ctx = new InitialContext();

                              DataSource ds = (DataSource) ctx.lookup("java:jboss/datasources/myDS");

                              //do something with ds

                          }catch(NamingException ne)

                          {

                              ne.printStackTrace();

                          }

                  if not, let me know I ll hack a full example, also this could be used inside EJB:

                  @Resource(mappedName="java:jboss/datasources/myDS") DataSource ds;

                   

                  Cheers,

                  D

                  • 6. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
                    arg20

                    What JNDI is the security domain given?. I have a jboss-web.xml with this configuration:

                     

                    <?xml version="1.0" encoding="UTF-8"?>

                    <jboss-web>

                      <context-root>/</context-root>

                      <security-domain>java:/jaas/turismo</security-domain>

                    </jboss-web>

                     

                    Is this still ok if my security domain "name" attribute is turismo? I'm asking because the JNDI name for datasources has changed, may be that changed too.

                    • 7. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
                      jaikiran

                      Emanuel Zimmermann wrote:

                       

                      What JNDI is the security domain given?. I have a jboss-web.xml with this configuration:

                       

                        <security-domain>java:/jaas/turismo</security-domain>

                       

                      Is this still ok if my security domain "name" attribute is turismo? I'm asking because the JNDI name for datasources has changed, may be that changed too.

                      Don't use the JNDI name there. Just use the security domain "name". So change it to:

                       

                      <security-domain>turismo</security-domain>

                      • 8. Re: JAAS DatabaseServerLoginModule on Jboss AS 7
                        cs02rm0

                        Does this actually work though?

                         

                        http://community.jboss.org/message/613128