JBoss Client-Cert Authentication: Hot to setup UsersRolesLoginModule in login-config.xml
I am looking that chapter 8 of the RedHat, JBoss documentation. I am trying to setup Certificate Authentication as described on<a href="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-BaseCertLoginModule.html"> this page </a>.
On the page it says that the `login-config` file should have this in it:
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="securityDomain">java:/jaas/jmx-console</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">jmx-console-users.properties</module-option>
<module-option name="rolesProperties">jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
I think that the `BaseCertLoginModule` checks the clients certificate but I don't think there is anyway that it can assign a role.
The `UsersRolesloginModule` assigns the client to a role (using the file `jmx-console-roles.properties`). However I am completely bewildered as to what should be in this file: `jmx-console-users.properties`.
Normally that file stores user/password pairs (<a href="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-UsersRolesLoginModule.html">source</a>) but when using client-cert I don't think that there should be passwords in there. Right now I am leaving that file empty but I am getting this exception:
[org.jboss.security.auth.spi.UsersRolesLoginModule.initialize:135] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
...
What should be in that file?
On the page it says that the `login-config` file should have this in it:
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="securityDomain">java:/jaas/jmx-console</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag="required">
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="usersProperties">jmx-console-users.properties</module-option>
<module-option name="rolesProperties">jmx-console-roles.properties</module-option>
</login-module>
</authentication>
</application-policy>
I think that the `BaseCertLoginModule` checks the clients certificate but I don't think there is anyway that it can assign a role.
The `UsersRolesloginModule` assigns the client to a role (using the file `jmx-console-roles.properties`). However I am completely bewildered as to what should be in this file: `jmx-console-users.properties`.
Normally that file stores user/password pairs (<a href="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-UsersRolesLoginModule.html">source</a>) but when using client-cert I don't think that there should be passwords in there. Right now I am leaving that file empty but I am getting this exception:
[org.jboss.security.auth.spi.UsersRolesLoginModule.initialize:135] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
...
What should be in that file?