4 Replies Latest reply on Sep 3, 2012 9:58 AM by akrambenaissi

Configure the auth-method of the web.xml externally to the EAR file

lordsephiroth Jun 14, 2012 7:20 AM

Hi,

My question looks quite simple, but a fairly long Google search did not give any answer. My need is straight forward : I'd like to configure the <auth-method> element of the web.xml in the server rather than hardcoded in the web.xml file.

The reason is simple : our tests, integration and productive environments do use CLIENT-CERT authentication with LDAP (Active Directory) role verification. This perfectly works on all these environments.

However, the developers doesn't have locally all the truststores for the SSL connection to the LDAP server. Consequently, we do use BASIC for the local development and need to change to CLIENT-CERT right before building the EAR archive to deploy on any server of the company.

I tried something like :

<login-config>
 <auth-method>${ch.mobi.prest.prest_authMethod}</auth-method>
 <realm-name>PREST Authentication</realm-name>
</login-config>

Sadly, it does not work and fail at startup with this error :

12:56:01,773 ERROR [org.apache.catalina.startup.ContextConfig] (MSC service thread 1-4) Cannot configure an authenticator for method ${ch.mobi.prest.prest_authMethod}

Is there a way to do this and access to a system property configured in the JBoss server ?

Any help will be appreciated !

1. Re: Configure the auth-method of the web.xml externally to the EAR file

lordsephiroth Jul 3, 2012 9:08 AM (in response to lordsephiroth)

up !
Help still needed
Could not find any working way.
Actions
2. Re: Configure the auth-method of the web.xml externally to the EAR file

sfcoy Jul 3, 2012 9:19 AM (in response to lordsephiroth)

You could make this a build time property and filter copy the web.xml file.
Actions
3. Re: Configure the auth-method of the web.xml externally to the EAR file

lordsephiroth Jul 3, 2012 10:37 AM (in response to sfcoy)

This would not work. The fact is :
- Maven is used locally to compile and send the archive (EAR) to our enterprise Maven repository.
- the archive is then deployed on several servers through a home-made too

Consequently, the exact same EAR archive is deployed on several servers that do need different AUTH-METHOD parameters.
Currently, we do compile once with BASIC, then deploy on a few servers, then compile with CLIENT-CERT, then deploy on other servers. This can really cause manipulation errors. We'd like to compile once, deploy everywhere...
Actions
4. Re: Configure the auth-method of the web.xml externally to the EAR file

akrambenaissi Sep 3, 2012 9:58 AM (in response to lordsephiroth)

Hi Patrick,

did you enable system properties placeholders replacement in deployment descriptors?
If not, you must use the following CLI command to do it.

· /subsystem=ee:write-attribute(name="spec-descriptor-property-replacement",value=true)
There is also a property that enables it on custom deployment descriptors. You can refer to the doc.
You have to add a "system-property" with the CLI on AS7 as well to set the value dependending on your environment.

Please let us know it this works better.
Actions

Go to original post