Set a JaasSecurityManager in Jboss7?
royh9 Jan 25, 2013 4:38 PMI'm converting an app from Jboss 5 to Jboss 7. We use a custom SecurityManager as part of a custom login-module for fetching datasource authentication credentials. I've found documentation online explaining how to map the configuration from our mysql-ds.xml and login-config.xml into the standalone.xml file, but our login-module doesn't seem to work and we're receiving "Access denied: authentation failed" errors in the logs.
Previously we also needed to make a change in jboss-service.xml to change the value of the SecurityManagerClassName to our custom Jaas Security Manager; how can this be accomplished in Jboss 7? it's the only step that I haven't been able to map to the new configuration so I'm assuming it's the cause of the issues, but I could be wrong about that.
I've tried creating a module for the jars we're using (created the directory structure under /modules and creating the modules.xml file) and I've tried just dropping the jars into /deployments, but receive the same results. I've copied relevant sections from standalone.xml below.
<subsystem xmlns='urn:jboss:domain:datasources:1.1'>
<datasources>
<datasource jndi-name="java:/jdbc/TESTER" pool-name="TESTER" enabled="true" use-java-context="true">
<connection-url>jdbc:mysql://hostname:3306</connection-url>
<driver>mysql</driver>
….
<security>
<security-domain>MySecurityDomain</security-domain>
</security>
...
</datasource>
<drivers>
<driver name="mysql" module="com.mysql">
<xa-datasource-class>com.mysql.jdbc.Driver</xa-datasource-class>
</driver>
</drivers>
</datasources>
</subsystem>
<security-domain name="MySecurityDomain">
<authentication>
<login-module code="com.custom.module" flag="required">
<module-option name="connectionParams.Port" value="99999"/>
<module-option name="connectionParams.Timeout" value="30"/>
<module-option name="reason" value="Connecting to data source"/>
<module-option name="managedConnectionFactoryName" value="jboss.jca:service=LocalTxCM,name=TESTER"/>
….
</login-module>
</authentication>
</security-domain>