2 Replies Latest reply on Feb 12, 2010 12:30 PM by ulmangt

    LoginModule dependence on Datasource

    ulmangt Feb 12, 2010 1:03 AM

      Is it possible to mark a JBoss LoginModule as being dependent on a Datasource? (so that the Datasource loads before anyone is allowed to authenticate using the LoginModule)

       

      It seems like this would be necessary to use the provided org.jboss.security.auth.spi.DatabaseServerLoginModule. If not, what happens if something attempts to authenticate before the Datasource is bound to a JNDI name?

       

      I'm currently experiencing the above problem in the following situation: I have a custom LoginModule very similar to DatabaseServerLoginModule. I'm using HornetQ 2.0.0.GA (with JBoss 5.1.0.GA). I'm testing HornetQ's automatic reconnection, so I make a JMS connection (which authenticates through my LoginModule), then I bring down the server and start it up again. Upon starting it the second time, the JMS test application tries to reauthenticate before the Datasource is bound to a JNDI name and my LoginModule fails.

       

       

      Thanks in advance for any guidance.

       

      Geoff

      • 4657 Views
      • Tags:
        • 1. Re: LoginModule dependence on Datasource
          jaikiran
          jaikiran Feb 12, 2010 1:58 AM (in response to ulmangt)

          ulmangt wrote:

           

          Upon starting it the second time, the JMS test application tries to reauthenticate before the Datasource is bound to a JNDI name and my LoginModule fails.

           

           


          What kind of test application is it? Maybe the dependency on the datasource could be added at that level.

            • Actions
          • 2. Re: LoginModule dependence on Datasource
            ulmangt Feb 12, 2010 12:30 PM (in response to jaikiran)

            My test application simply makes a JMS connection and sends a message every 5 seconds. The problem is that HornetQ's automatic reconnection appears to try to reconnect immediately when it sees the server come back up. But at that point the server has not yet bound the DefaultDS to a JNDI name (which my custom LoginModule requires). This definitely seems like something that should be enforced on the server side, since it deals with the order that various services/components on the server are inititalized.

             

             

            I know that mbeans can have an explicit dependencies, including on particular datasources. Here's an example snippit:

             

            <mbean code="org.jboss.messaging.core.jmx.JDBCPersistenceManagerService"
                  name="jboss.messaging:service=PersistenceManager"
                  xmbean-dd="xmdesc/JDBCPersistenceManager-xmbean.xml">

                  <depends>jboss.jca:service=DataSourceBinding,name=DefaultDS</depend>
                  
                  <!-- other stuff -->
            </mbean>

             

             

            I was hoping that there would be something similar for LoginModules.

             

            For example, does the <login-module> tag in login-config.xml provide some similar syntax? Or is there some other way to ensure that the Datasource is bound to a JNDI name that the LoginModule can lookup before its initialize() method is called?

              • Actions