R M wrote:
Is there a jboss.xml with a security-domain element? If yes, what value does it contain?
Yes, it contains: java:/jaas/JEEOE_ClientLoginRealm
There's a login-config.xml with an application-policy with a matching name, with four login-modules defined in an authentication, which are in order; BaseCertLoginModule, LdapLoginModule, RoleMappingLogingModule, ClientLoginModule.
So then you'll have to pass the valid username/password as expected by those login modules.
Sure, I have a few questions around that...
- Do all the login modules require the same credentials - do I authenticate using one or all of them?
- How do I pass the username and password (is it passing java.naming.security.prinicpal and java.naming.security.credentials properties to the Context?)
- How do I find where the existing username and passwords be stored?
I forgot a question about a 'Caused by' in the stack trace:
Caused by: javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
Why would it be using the UsernamePasswordLoginModule and not one of the four specified in the login-config.xml for the security-domain?
Which version of JBoss AS is this? Can you post the contents of your login-config.xml and jboss.xml? Also enable TRACE level logging of security package to see what's going on. See Q4 here in FAQ http://community.jboss.org/wiki/SecurityFAQ
P.S: Instead of specifying java:/jaas/JEEOE_ClientLoginRealm you might want to try just JEEOE_ClientLoginRealm in the jboss.xml. There was a change in this area in some version of JBoss AS.
Deployment failed after taking out the java:/jaas/ from the security domain.
I can't really post the whole file contents, it's on a closed network so it's really only as much as I can remember at a time, I know that's a pain.
I'll look into the logging now, thanks.
Ok, now I can see it pass through BaseCertLoginModule in the server.log, though it just says "exit: login()" and then LdapLoginModule says 'bad password for username=null'.
So at least I know it's getting into BaseCertLoginModule.