2 Replies Latest reply on Sep 1, 2016 2:54 AM by rodrigo.burdet

    Use different login modules for differente WARs

    rodrigo.burdet

      Im trying to make a security module that uses different login modules for different wars. is that possible ?

       

      Where can i specify the target of my module ?

       

      Lets say in my standalone.xml i have something like for my entire platform

      <security-domains>
        <security-domain name="other" cache-type="default">
           <authentication>
             <login-module code="Remoting" flag="optional"> 
                <module-option name="password-stacking" value="useFirstPass"/>
             </login-module>
             <login-module code="com.redhat.examples.loginmodule.SimpleCustomLoginModule" flag="sufficient" module="simpleloginmodule"></login-module>
         <login-module code="RealmDirect" flag="required">
             <module-option name="password-stacking" value="useFirstPass"/>
         </login-module>
          </authentication>
        </security-domain>
        <security-domain name="jboss-web-policy" cache-type="default">
        <authorization>
        <policy-module code="Delegating" flag="required"/>
        </authorization>
        </security-domain>
        <security-domain name="jboss-ejb-policy" cache-type="default">
        <authorization>
        <policy-module code="Delegating" flag="required"/>
        </authorization>
        </security-domain>
        </security-domains>
      

       

      I would like to use simpleloginmodule for business-central.war, and have for example another login-module, ( i.e   <login-module code="com.redhat.examples.loginmodule.ComplicatedCustomLoginModule" flag="sufficient" module="complicatedloginmodule"></login-module> for any other WAR

       

       

       

      Thanks in advance !

        • 1. Re: Use different login modules for differente WARs
          mchoma

          You can configure 2 security domains: simplesecuritydomain and complicatedsecuritydomain. And reference each in jboss-web.xml of each war.

          • 2. Re: Use different login modules for differente WARs
            rodrigo.burdet

            Hey Martin, thanks for your answer.

             

            I tried what you said. The problem im facing is my complicatedloginmodule referenced from my war is not being accessed.

             

            For simplicity im just trying with other in business-central.war and complicatedloginmodule in kie-server.war

            <jboss-web>

              <security-domain>kie</security-domain>

            </jboss-web>

             

            In my standalone:

             

            <security-domain name="kie" cache-type="default">

              <authentication>

              <login-module code="com.semperti.security.loginmodule.ComplicatedLoginModule" flag="sufficient" module="complicatedLoginModule">

              <module-option name="password-stacking" value="useFirstPass"/>

            ... another options for the module ...

              </login-module>

              </authentication>

             

             

            and the defaults one "other"

             

                   <security-domain name="other" cache-type="default">

                         <authentication>

                              <login-module code="Remoting" flag="optional">

                                    <module-option name="password-stacking" value="useFirstPass"/>

                             </login-module>

                                <login-module code="RealmDirect" flag="required">

                                    <module-option name="password-stacking" value="useFirstPass"/>

                                </login-module>

                          </authentication>

                   </security-domain>