security-domain login-module
klind Apr 16, 2013 3:12 PMHi, I have a few questions about security in AS 7.1.1...
What is the
login-module code="Remoting"
used for ?
Also anyone a good explanation of the
password-stacking
How does the order in which the login modules are declared affect the login ?
I had an example where I had a two
login-module code="Database"
and one
login-module code="UsersRoles"
When declaring the UserRoles at the top, the login did not work for users in the daabase, but did work for users in the files
<login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="Database" flag="sufficient"> <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/> <module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_provider where unique_name=?"/> <module-option name="rolesQuery" value="select 'jsitoolsprovider', 'Roles' from print_provider where unique_name=?"/> <module-option name="hashAlgorithm" value="SHA-512"/> <module-option name="hashEncoding" value="hex"/> </login-module> <login-module code="Database" flag="sufficient"> <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/> <module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_customer where unique_name=?"/> <module-option name="rolesQuery" value="select 'jsitoolscustomer', 'Roles' from print_customer where unique_name=?"/> <module-option name="hashAlgorithm" value="SHA-512"/> <module-option name="hashEncoding" value="hex"/> </login-module>
When moving the UserRoles to the buttom is did work for both users...
<login-module code="Remoting" flag="optional"> <module-option name="password-stacking" value="useFirstPass"/> </login-module> <login-module code="Database" flag="sufficient"> <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/> <module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_provider where unique_name=?"/> <module-option name="rolesQuery" value="select 'jsitoolsprovider', 'Roles' from print_provider where unique_name=?"/> <module-option name="hashAlgorithm" value="SHA-512"/> <module-option name="hashEncoding" value="hex"/> </login-module> <login-module code="Database" flag="sufficient"> <module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/> <module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_customer where unique_name=?"/> <module-option name="rolesQuery" value="select 'jsitoolscustomer', 'Roles' from print_customer where unique_name=?"/> <module-option name="hashAlgorithm" value="SHA-512"/> <module-option name="hashEncoding" value="hex"/> </login-module> <login-module code="UsersRoles" flag="required"> <module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/> <module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/> <module-option name="password-stacking" value="useFirstPass"/> </login-module>