JAAS problem. JBoss 4.2 vs 6.1
maksrma Sep 12, 2011 4:21 AMHello all
I have two ear applications. Ear structure each of them is simple:
app1.ear
-- meta-inf
-- application.xml
-- jboss-app.xml
-- manifest,mf
-- webapp1.war
....
web-inf
-- jboss-web.xml
-- web.xml
----......-----
For JBoss 4.2 I used to login with JAAS. In login-config.xml:
<application-policy name="mySecureDomain">
<authentication>
<login-module code="com.MyAuthenticationProvider" flag="required"/>
</authentication>
</application-policy>
And in jboss-web.app (for jboss 4.2 it was only in one war):
<jboss-web>
<context-root>myApp1</context-root>
<security-domain>mySecDomain</security-domain>
</jboss-web>
And in web xml I constaraint web pages like this:
<security-constraint>
<web-resource-collection>
<web-resource-name>All resources</web-resource-name>
<description>Protects all resources</description>
<url-pattern>/index.jsp</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>Unsecured resources</web-resource-name>
<url-pattern>/config/*</url-pattern>
<url-pattern>/scripts/*</url-pattern>
<url-pattern>/dwr/*</url-pattern>
</web-resource-collection>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/error.jsp</form-error-page>
</form-login-config>
</login-config>
Behavior on JBoss 4.2:
I do login operation. Methods in MyAuthenticationProvider are work, and in each request I have userPrincipal object. (it works fine on JBoss 6.1 too.)
Next: I do redirect to second web app (app2.ear defaultPage.jsp for example): when requst come to this page it has userPrincipal too, and all is ok. (sessions in different for two resorces in different war applications of course). But on JBoss 6.1 when I redirect to other page in other ear - there is not any userPrincipal in request object - this PROBLEM.
Probably need to set some flag that call JBoss share principals or something like this.
I also tried play with JBoss 6.1 class loader isolation (set one repository for two ears) - it isn't help.
Have any ideas?