3 Replies Latest reply on Oct 15, 2014 7:58 AM by sony.crocket

JAAS problem. JBoss 4.2 vs 6.1

maksrma Sep 12, 2011 4:21 AM

Hello all

I have two ear applications. Ear structure each of them is simple:

app1.ear

-- meta-inf

-- application.xml

-- jboss-app.xml

-- manifest,mf

-- webapp1.war

....

web-inf

-- jboss-web.xml

-- web.xml

----......-----

For JBoss 4.2 I used to login with JAAS. In login-config.xml:

<application-policy name="mySecureDomain">

<login-module code="com.MyAuthenticationProvider" flag="required"/>

</authentication>

</application-policy>

And in jboss-web.app (for jboss 4.2 it was only in one war):

<jboss-web>
<context-root>myApp1</context-root>
<security-domain>mySecDomain</security-domain>

</jboss-web>

And in web xml I constaraint web pages like this:

<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>

<security-constraint>
<web-resource-collection>
   <web-resource-name>Unsecured resources</web-resource-name>
   <url-pattern>/config/*</url-pattern>
   <url-pattern>/scripts/*</url-pattern>
   <url-pattern>/dwr/*</url-pattern>
</web-resource-collection>
</security-constraint>

<login-config>
<auth-method>FORM</auth-method>
   <form-login-config>
    <form-login-page>/login.jsp</form-login-page>
    <form-error-page>/error.jsp</form-error-page>
   </form-login-config>
</login-config>

Behavior on JBoss 4.2:

I do login operation. Methods in MyAuthenticationProvider are work, and in each request I have userPrincipal object. (it works fine on JBoss 6.1 too.)

Next: I do redirect to second web app (app2.ear defaultPage.jsp for example): when requst come to this page it has userPrincipal too, and all is ok. (sessions in different for two resorces in different war applications of course). But on JBoss 6.1 when I redirect to other page in other ear - there is not any userPrincipal in request object - this PROBLEM.

Probably need to set some flag that call JBoss share principals or something like this.

I also tried play with JBoss 6.1 class loader isolation (set one repository for two ears) - it isn't help.

Have any ideas?

1. Re: JAAS problem. JBoss 4.2 vs 6.1

maksrma Sep 12, 2011 5:18 AM (in response to maksrma)

I can't exlude that it works on JBoss 4.2 because it is a bug and it fixed in 6 version.
But how I can use JAAS between few java web applications.... question is open for me now...

Thanks in advance for any head...
Actions
2. Re: JAAS problem. JBoss 4.2 vs 6.1

maksrma Sep 12, 2011 10:44 AM (in response to maksrma)

I found differences why it doesn't work.
Two war applications:
Context root of one war: /app1
Context root of second war: /app2
In jboss 4.2 when I do redirect from jsp on app1 to /app2/indexApp2.jsp (inside iframe) in request that comes to indexApp2.jsp userPrincipal exists. Session is same as when I did login throught JAAS before.
But in JBoss 6 where request come to indexApp2.jsp - session is new. And in request there isn't any user principal.

But why in Jboss 6 sessions are different between two war applications it's magic
Probably need to do something with classloading or e.g. ...

Does anyone have problem to do authentification between two java web applications throught JAAS on JBoss 6 ?
Please help...
Actions
3. Re: JAAS problem. JBoss 4.2 vs 6.1

sony.crocket Oct 15, 2014 7:58 AM (in response to maksrma)

Did you solve it?
Actions

Go to original post