0 Replies Latest reply on Mar 12, 2010 10:21 AM by J Smith

    JBoss Client-Cert Authentication: Hot to setup UsersRolesLoginModule in login-config.xml

    J Smith Newbie
      I am looking that chapter 8 of the RedHat, JBoss documentation.  I am trying to setup Certificate Authentication as described on<a href="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-BaseCertLoginModule.html"> this page </a>. 

      On the page it says that the `login-config` file should have this in it:

          <application-policy name="jmx-console">
              <authentication>
                  <login-module code="org.jboss.security.auth.spi.BaseCertLoginModule"
                                flag="required">
                      <module-option name="password-stacking">useFirstPass</module-option>
                      <module-option name="securityDomain">java:/jaas/jmx-console</module-option>
                  </login-module>
                  <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
                                flag="required">
                      <module-option name="password-stacking">useFirstPass</module-option>
                      <module-option name="usersProperties">jmx-console-users.properties</module-option>
                      <module-option name="rolesProperties">jmx-console-roles.properties</module-option>
                  </login-module>
              </authentication>
          </application-policy>

      I think that the `BaseCertLoginModule` checks the clients certificate but I don't think there is anyway that it can assign a role. 

      The `UsersRolesloginModule` assigns the client to a role (using the file `jmx-console-roles.properties`).  However I am completely bewildered as to what should be in this file: `jmx-console-users.properties`. 

      Normally that file stores user/password pairs (<a href="http://www.redhat.com/docs/manuals/jboss/jboss-eap-4.3/doc/Server_Configuration_Guide/html/Using_JBoss_Login_Modules-UsersRolesLoginModule.html">source</a>) but when using client-cert I don't think that there should be passwords in there.  Right now I am leaving that file empty but I am getting this exception:

           [org.jboss.security.auth.spi.UsersRolesLoginModule.initialize:135] Failed to load users/passwords/role files
          java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
          ...

      What should be in that file?