-
1. Re: jaas tag for management interface does not work in domain mode
dlofthouse Jul 12, 2012 7:20 AM (in response to hisanobu.okuda)1 of 1 people found this helpfulIn domain mode you would need to use a traditional JAAS config and reference it with the -Djava.security.auth.login.config property when starting the domain.
However I see that the reason you are using JAAS is to use a LDAP based defintion - are you aware that you can configure the realm to use LDAP?
-
2. Re: jaas tag for management interface does not work in domain mode
hisanobu.okuda Jul 12, 2012 9:40 AM (in response to dlofthouse)Darran, thank you for the info.
I tried to test -Djava.security.auth.login.config property.
I changed jaas name to "simple":
<security-realm name="ldap_security_realm"> <authentication> <jaas name="simple"/> </authentication> </security-realm> </security-realms> <management-interfaces> <native-interface security-realm="ManagementRealm"> <socket interface="management" port="${jboss.management.native.port:9999}"/> </native-interface> <http-interface security-realm="ldap_security_realm"> <socket interface="management" port="${jboss.management.http.port:9990}"/> </http-interface> </management-interfaces>
then, create simple.conf
simple { org.jboss.security.auth.spi.SimpleServerLoginModule required; };
and add -Djava.security.auth.login.config=/opt/jboss-eap-6.0/domain/configuration/simple.conf
then, restart JBoss AS7
[hokuda@dhcp-193-121 configuration]$ ps -ef | grep "Host Controller" hokuda 17156 17137 13 22:32 pts/0 00:00:03 /usr/lib/jvm/java-1.6.0/bin/java -D[Host Controller] -Dorg.jboss.boot.log.file=/opt/jboss-eap-6.0/domain/log/host-controller.log -Dlogging.configuration=file:/opt/jboss-eap-6.0/domain/configuration/logging.properties -server -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true -Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000 -Dsun.rmi.dgc.server.gcInterval=3600000 -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true -Djboss.domain.default.config=domain.xml -Djboss.host.default.config=host.xml -Djava.security.auth.login.config=/opt/jboss-eap-6.0/domain/configuration/simple.conf -jar /opt/jboss-eap-6.0/jboss-modules.jar -mp /opt/jboss-eap-6.0/modules -jaxpmodule javax.xml.jaxp-provider org.jboss.as.host-controller -mp /opt/jboss-eap-6.0/modules --pc-address 127.0.0.1 --pc-port 53984 -default-jvm /usr/lib/jvm/java-1.6.0/bin/java --host-config=myhost.xml --domain-config=mydomain.xml -Djboss.home.dir=/opt/jboss-eap-6.0 ...
As logged in, the console shown "The web console could not be loaded. Authentication required.".
What am I missing??
Regards,
-
3. Re: jaas tag for management interface does not work in domain mode
hisanobu.okuda Jul 13, 2012 2:31 AM (in response to hisanobu.okuda)I attached jdb to AS7 Host Controller instance, and found com.sun.security.auth.login.ConfigFile missing:
HttpManagementService-threads - 3[1] step > Step completed: "thread=HttpManagementService-threads - 3", org.jboss.modules.log.JDKModuleLogger.trace(), line=128 bci=0 HttpManagementService-threads - 3[1] locals Method arguments: format = "Class %s not found from %s" arg1 = "com.sun.security.auth.login.ConfigFile" arg2 = instance of org.jboss.modules.Module(id=4949) Local variables: HttpManagementService-threads - 3[1] cont
Why is "com.sun.security.auth.login.ConfigFile" not found? In standalone mode, the class is loaded successfully...
Regards,
-
4. Re: jaas tag for management interface does not work in domain mode
hisanobu.okuda Jul 18, 2012 3:07 AM (in response to hisanobu.okuda)-jaas -Djava.security.auth.login.config option does not work in standalone mode, too.
-
5. Re: jaas tag for management interface does not work in domain mode
hisanobu.okuda Jul 18, 2012 4:05 AM (in response to hisanobu.okuda)Resolved by adding -Djava.security.auth.login.config=/mydir/myjaasconfigfile and -Djboss.modules.system.pkgs=com.sun.security.auth.login
-
6. Re: jaas tag for management interface does not work in domain mode
nicolasstr Jan 30, 2013 7:52 AM (in response to hisanobu.okuda)This helped me as well.
Now one step further:
My problem is that I am using a custom (in-house) LoginModule. And I find no way to make it loadable by the Host Controller - I get javax.security.auth.login.LoginException: unable to find LoginModule class
Indeed, in a security-domain in standalone mode, I can set the EAP module where the LoginModule is located in the login-module/module attribute.
But I cannot do that with the external jaas conf. file used by the Host Controller.
Any idea ?
-
7. Re: jaas tag for management interface does not work in domain mode
hisanobu.okuda Jan 31, 2013 6:44 AM (in response to nicolasstr)Which modules to be loaded seems to be pre-defined and hard-coded. Picketbox module is one of them. Try to add your jar into picketbox module.