1 Reply Latest reply on Oct 21, 2013 10:42 AM by l.fugaro

    Set a JaasSecurityManager in Jboss7?

    royh9
    royh9 Jan 25, 2013 4:38 PM

      I'm converting an app from Jboss 5 to Jboss 7. We use a custom SecurityManager as part of a custom login-module for fetching datasource authentication credentials. I've found documentation online explaining how to map the configuration from our mysql-ds.xml and login-config.xml into the standalone.xml file, but our login-module doesn't seem to work and we're receiving "Access denied: authentation failed" errors in the logs.

       

      Previously we also needed to make a change in jboss-service.xml to change the value of the SecurityManagerClassName to our custom Jaas Security Manager; how can this be accomplished in Jboss 7? it's the only step that I haven't been able to map to the new configuration so I'm assuming it's the cause of the issues, but I could be wrong about that.

       

      I've tried creating a module for the jars we're using (created the directory structure under /modules and creating the modules.xml file) and I've tried just dropping the jars into /deployments, but receive the same results. I've copied relevant sections from standalone.xml below.

       

      <subsystem xmlns='urn:jboss:domain:datasources:1.1'>

                  <datasources>

                      <datasource jndi-name="java:/jdbc/TESTER" pool-name="TESTER" enabled="true" use-java-context="true">

                          <connection-url>jdbc:mysql://hostname:3306</connection-url>

                          <driver>mysql</driver>

                  ….

                  <security>

                              <security-domain>MySecurityDomain</security-domain>

                          </security>

              ...                   

                      </datasource>

                      <drivers>

                          <driver name="mysql" module="com.mysql">

                              <xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>

                          </driver>

                      </drivers>

                  </datasources>

      </subsystem>

       

      <security-domain name="MySecurityDomain">

                          <authentication>

                              <login-module code="com.custom.module" flag="required">

                                  <module-option name="connectionParams.Port" value="99999"/>

                                  <module-option name="connectionParams.Timeout" value="30"/>

                                  <module-option name="reason" value="Connecting to data source"/>

                                  <module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=TESTER"/>

                       ….

                              </login-module>

                          </authentication>

      </security-domain>