security-domain login-module
Hi, I have a few questions about security in AS 7.1.1...
What is the
login-module code="Remoting"
used for ?
Also anyone a good explanation of the
password-stacking
How does the order in which the login modules are declared affect the login ?
I had an example where I had a two
login-module code="Database"
and one
login-module code="UsersRoles"
When declaring the UserRoles at the top, the login did not work for users in the daabase, but did work for users in the files
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
<module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_provider where unique_name=?"/>
<module-option name="rolesQuery" value="select 'jsitoolsprovider', 'Roles' from print_provider where unique_name=?"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="hex"/>
</login-module>
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
<module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_customer where unique_name=?"/>
<module-option name="rolesQuery" value="select 'jsitoolscustomer', 'Roles' from print_customer where unique_name=?"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="hex"/>
</login-module>
When moving the UserRoles to the buttom is did work for both users...
<login-module code="Remoting" flag="optional">
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
<module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_provider where unique_name=?"/>
<module-option name="rolesQuery" value="select 'jsitoolsprovider', 'Roles' from print_provider where unique_name=?"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="hex"/>
</login-module>
<login-module code="Database" flag="sufficient">
<module-option name="dsJndiName" value="java:jboss/jsi/JSIXADataSource"/>
<module-option name="principalsQuery" value="select encode(hashed_key, 'hex') from print_customer where unique_name=?"/>
<module-option name="rolesQuery" value="select 'jsitoolscustomer', 'Roles' from print_customer where unique_name=?"/>
<module-option name="hashAlgorithm" value="SHA-512"/>
<module-option name="hashEncoding" value="hex"/>
</login-module>
<login-module code="UsersRoles" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/application-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/application-roles.properties"/>
<module-option name="password-stacking" value="useFirstPass"/>
</login-module>