-
1. Re: Disable security during development
jbertram Feb 27, 2012 10:58 AM (in response to stianst)Try adding this to the "RealmUsersRoles" login-module in the "other" <security-domain>:
<module-option name="unauthenticatedIdentity" value="guest"/>
Of course, you'll need to ensure this identity has a valid role in application-roles.properties.
-
2. Re: Disable security during development
stianst Feb 27, 2012 11:26 AM (in response to jbertram)That didn't make any difference, have you tried this yourself?
-
3. Re: Disable security during development
jbertram Feb 27, 2012 11:40 AM (in response to stianst)Yes, I did try this myself in the past, and I just tried it again. In both cases it worked as expected. However, my use-case was JMS (which also uses the "other" security domain) so maybe there's a slight difference that causes it not to work with your use-case. I wouldn't have suspected that though so my money is still on a configuration issue somewhere.
-
4. Re: Disable security during development
stianst Feb 27, 2012 11:55 AM (in response to jbertram)I added the unauthenticatedIdentity option to RealmUsersRoles:
<login-module code="RealmUsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="realm" value="ApplicationRealm"/> <module-option name="password-stacking" value="useFirstPass"/> <module-option name="unauthenticatedIdentity" value="guest"/> </login-module>
And added a group for the user in application-roles.properties. When I tried to open a secured page the login form was shown. To check that the guest user would actually work I added the guest user with a password, and I could succesfully login as that user. However, the login form is always shown, with or without the user specified in application-users.properties.
-
5. Re: Disable security during development
jbertram Feb 27, 2012 12:03 PM (in response to stianst)The configuration looks fine. It must be related to something web-specific since my JMS use-case works fine.
-
6. Re: Disable security during development
hub3rt May 29, 2012 12:39 PM (in response to stianst)I have a similar problem with a remote client. Is there any solution? In standalone.xml i got:
<security-domain name="other" cache-type="default">
<authentication>
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="RealmUsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="realm" value="ApplicationRealm"/>
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="unauthenticatedIdentity" value="guest"/>
</login-module>
</authentication>
</security-domain>
and
<security-realm name="ApplicationRealm">
<authentication>
<properties path="application-users.properties" relative-to="jboss.server.config.dir"/>
</authentication>
</security-realm>
My jboss-ejb-client.properties looks like:
remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port=4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false
When I remove the credential and principal from jndi.properties like this:
java.naming.factory.url.pkgs=org.jboss.ejb.client.naming
java.naming.factory.initial=org.jboss.naming.remote.client.InitialContextFactory
java.naming.provider.url=remote://localhost:4447
#java.naming.security.principal=user1
#java.naming.security.credentials=pass1
and call an unprotected method from a class that doesn't even have a SecurityDomain I get " javax.security.sasl.SaslException: Authentication failed: all available authentication mechanisms failed". So it seems like the client has not automatically been authenticated as guest.
-
7. Re: Disable security during development
pgmjsd Aug 23, 2013 2:52 PM (in response to hub3rt)Here is how to disable the security for remote EJB calls in AS 7: JBoss AS 7.1 - Disable Remote EJB Security Realm