3 Replies Latest reply on Feb 1, 2013 6:13 AM by Sans Kum

    JBoss 7.1.1.Final - Log4j - Modules - Logging configuration

    Sans Kum Newbie

      Hi Team,


      I do have a LDAP Custom Login module which has been deployed as a module in JBoss AS 7.1.1.Final.


      Is there any way, I can use configure that logging to go on a log file.


      Java class:

      package com.xyz.ldaplogin.module;
      import java.security.acl.Group;
      import java.util.Hashtable;
      import javax.naming.NamingEnumeration;
      import javax.naming.NamingException;
      import javax.naming.directory.Attributes;
      import javax.naming.directory.DirContext;
      import javax.naming.directory.SearchControls;
      import javax.naming.directory.SearchResult;
      import javax.naming.ldap.InitialLdapContext;
      import javax.security.auth.login.LoginException;
      import org.apache.log4j.Logger;
      import org.jboss.security.SimpleGroup;
      import org.jboss.security.SimplePrincipal;
      import org.jboss.security.auth.spi.LdapExtLoginModule;
      import com.xyz.ldaplogin.util.GenericLDAPLoginUtil;
       * @author SanthoshK
      public class GenericLVLDAPLoginModule extends LdapExtLoginModule {
          private static Logger LOGGER = Logger
          private String xyzUserName;
          private String xyzUserName;
          private void assignUserCredentials() throws LoginException {
              LOGGER.info("assignUserCredentials - START");
              String[] loginCredentials = null;
              try {
                  loginCredentials = getUsernameAndPassword();
                  this.xyzUserName = loginCredentials[0];
                  this.xyzUserName = loginCredentials[1];
              } catch (Exception exception) {
                  LOGGER.error("assignUserCredentials Exception : " + exception);
                  throw new LoginException("Invalid Login Credentials : " + loginCredentials);
              } finally {
                  LOGGER.info("assignUserCredentials - END");
          protected String bindDNAuthentication(InitialLdapContext ctx, String user, Object credential, String baseDN, String filter) throws NamingException {
              return super.bindDNAuthentication(ctx, user, credential, baseDN, filter);
          protected void rolesSearch(InitialLdapContext ctx, SearchControls constraints, String user, String userDN, int recursionMax, int nesting) throws NamingException {
              super.rolesSearch(ctx, constraints, user, userDN, recursionMax, nesting);
          protected boolean validatePassword(String inputPassword, String expectedPassword) {
              return validation();
          protected String getUsersPassword() throws LoginException {
              return "";
          private transient SimpleGroup userRoles = new SimpleGroup("Roles");
          protected Group[] getRoleSets() throws LoginException {
              // Add each role to the "Roles" principal (Ref web.xml)
              userRoles.addMember(new SimplePrincipal("Authenticated_users"));
              Group[] roleSets = { userRoles };
              return roleSets;
          private boolean validation() {
              try {
                  LOGGER.info("authenticate - START");
                  LOGGER.info("Attempting to validate user : [" + this.xyzUserName + "]");
                  GenericLDAPLoginUtil genericLDAPLoginUtil = new GenericLDAPLoginUtil();
                  Hashtable<String, String> envHTable = genericLDAPLoginUtil.getEnvironmentTable();
                  DirContext ctx = new InitialLdapContext(envHTable, null);
                  SearchControls searchCtls = new SearchControls();
                  String returnedAtts[] = { "cn", "givenName" };
                  String searchFilter = "(&(sAMAccountName=" + this.xyzUserName
                          + ")(objectCategory=user))";
                  String searchBase = "DC=group,DC=net";
                  int totalResults = 0;
                  NamingEnumeration<SearchResult> answer = ctx.search(searchBase,
                          searchFilter, searchCtls);
                  String ouName = null;
                  while (answer.hasMoreElements()) {
                      SearchResult searchResult = answer.next();
                      ouName = searchResult.getName();
                      Attributes attrs = searchResult.getAttributes();
                      if (attrs != null) {
                          try {
                              LOGGER.info(" surname: " + attrs.get("cn").get());
                              LOGGER.info(" firstname: "
                                      + attrs.get("givenName").get());
                          } catch (NullPointerException e) {
                              LOGGER.info("Errors listing attributes: " + e);
                  LOGGER.info("Total results: " + totalResults);
                  if (totalResults > 0) {
                      String adminName = ouName + ",dc=group,dc=net";
                      envHTable = genericLDAPLoginUtil.getEnvironmentTable(adminName,
                      DirContext ctx1 = new InitialLdapContext(envHTable, null);
                      LOGGER.info("AUTHENTICATION ["+this.xyzUserName+"] : PASS");
                      return true;
                  } else {
                      LOGGER.info("AUTHENTICATION ["+this.xyzUserName+"] : FAILED");
                      return false;
              } catch (NamingException exception) {
                  LOGGER.error("Problem searching directory: ", exception);
                  return false;
              } catch (Exception exception) {
                  LOGGER.error("Unhandled Exception: ", exception);
                  return false;
              } finally {
                  LOGGER.info("authenticate - END");



      <?xml version="1.0" encoding="UTF-8"?>
      <module xmlns="urn:jboss:module:1.1" name="com.xyz.ldap">
              <resource-root path=""/>
              <resource-root path="ldap_auth.jar"/>
              <module name="javax.api"/>
              <module name="org.apache.log4j"/>
              <module name="org.picketbox"/>


      And placed log4j.xml next to module.xml...


      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
      <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
          <appender name="LDAP" class="org.apache.log4j.DailyRollingFileAppender">
              <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>
              <param name="Append" value="true"/>
              <param name="File" value="${jboss.server.log.dir}/ldap.log"/>
              <layout class="org.apache.log4j.PatternLayout">
                  <param name="ConversionPattern" value="%d{dd.MM.yyyy HH:mm:ss.SSS} [%C{1}] - %m%n"/>
          <category name="com.xyz" additivity="false">
              <priority value="DEBUG"/>
              <appender-ref ref="LDAP"/>


      But, logging goes to server.log. Is there any way, I can configure the logging to go to ldap.log?


      Has anybody tried the logging with user modules?

        • 1. Re: JBoss 7.1.1.Final - Log4j - Modules - Logging configuration
          Nicklas Karlsson Master

          How about if you just use a JBoss Logger and put a


                      <periodic-rotating-file-handler name="LDAP">


                              <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>


                          <file relative-to="jboss.server.log.dir" path="ldap.log"/>

                          <suffix value=".yyyy-MM-dd"/>

                          <append value="true"/>



                      <logger category="com.acme.ldap" use-parent-handlers="false">

                          <level name="DEBUG"/>


                              <handler name="LDAP"/>




          in standalone.xml?

          • 2. Re: JBoss 7.1.1.Final - Log4j - Modules - Logging configuration
            Alexis Hassler Apprentice

            Hi Sans,


            If you depend on the default org.apache.log4j module, all your log are caught by Jboss Logging, so you have tu use Niklas' solution. If you want to have a separate log4j configuration, you have to install another log4j module, and depend on that other slot.

            • 3. Re: JBoss 7.1.1.Final - Log4j - Modules - Logging configuration
              Sans Kum Newbie

              Thanks Alex & Nicklas, 


              All my applications are with Log4j and my BA and Network team do have the knowledge to change the Log4j logging level.  


              Not sure, they would be OK with changing Log4j to JBoss logging. It is not a big change to me as this custom module is just 2-5 classes.

              I tried to create a module for Log4j, which I do have for all other applications. But, It is not working with Custom module. 


              All I did was, 

              1. Created a module with log4j.xml configuration files.

              2. Create the dependency on my custom module.  


              But, the log file hasn't been created and logging still going to server.log. 


              Am I missing something?