2 Replies Latest reply on Sep 15, 2010 1:22 PM by Stefan Henz

    Problem with security-domain

    Stefan Henz Newbie

      Hi dear all,

       

      I've the problem, that my security domain is not used. Actually, I'll want to use a Ldap-login. But in order to find out if my security domain is used, I tried I simple  UsersRolesLoginModule.

      As long I'm not using the jboss-web.xml or/and the web.xml my project  "myWebApp" is deployed. But when I try to bind everything to a security-domain (named "jbossmq"), I get the the following error messages (see below), when deploying my EJB project "myWebApp". I'm expecting there's an error in my web.xml (see below as well for the other deployment desriptors).

      Here are the error messages:

       

      17:08:44,169 INFO  [AttributeCallbackItem] Owner callback not implemented.
      17:08:45,004 INFO  [LogNotificationListener] Adding notification listener for logging mbean "jboss.system:service=Logging,type=Log4jService" to server org.jboss.mx.server.MBeanServerImpl@59db9f45[ defaultDomain='jboss' ]
      17:08:47,386 ERROR [AbstractKernelController] Error installing to Parse: name=vfszip:/usr/local/jboss/jboss-5.1.0.GA/server/default/deploy/instituteKurz.ear/ state=Not Installed mode=Manual requiredState=Parse

      ...

      at java.lang.Thread.run(Thread.java:619)
      Caused by: org.jboss.xb.binding.JBossXBException: Failed to parse source: The content of element type "jboss-web" must match "(class-loading?,security-domain?,jacc-star-role-allow?,context-root?,virtual-host*,use-session-cookies?,replication-config?,resource-env-ref*,ejb-ref*,ejb-local-ref*,service-ref*,resource-ref*,message-destination-ref*,security-role*,message-destination*,webservice-description*,depends*,servlet*,max-active-sessions?,passivation-config?)". @ vfszip:/usr/local/jboss/jboss-5.1.0.GA/server/default/deploy/instituteKurz.ear/instituteKurz.war/WEB-INF/jboss-web.xml[9,13]

      at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:203)

      ...

       

      The web.xml looks like:

       

      <?xml version="1.0" encoding="UTF-8"?>

      <web-app xmlns="http://java.sun.com/xml/ns/javaee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
         <display-name>myWebApp</display-name>

         <security-constraint>
                   <web-resource-collection>
                  <web-resource-name>myWebApp</web-resource-name>
                  <url-pattern>/*</url-pattern>
                  <http-method>GET</http-method>
                  <http-method>POST</http-method>
               </web-resource-collection>
               <user-data-constraint>
                 <transport-guarantee>CONFIDENTIAL</transport-guarantee>
               </user-data-constraint>
         </security-constraint>

      <login-config>
         <auth-method>BASIC</auth-method>
         <realm-name>myWebApp</realm-name>
      </login-config>
      <security-role>
         <role-name>loginAllowed</role-name>
      </security-role>
      </web-app>

       

      The according entry in the  <installation path>/server/default/conf/login-config.xml is

       

      <application-policy name="jbossmq">
          <authentication>
            <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
              flag="required">
              <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
              <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
            </login-module>
          </authentication>
        </application-policy>

       

      The jboss.xml is (it is later on used for the EJBs):

       

      <?xml version="1.0" encoding="UTF-8"?>
      <jboss>
         <security-domain>jbossmq</security-domain>
      </jboss

       

       

      and the the jboss-web.xml:

       

      <?xml version="1.0" encoding="UTF-8"?>

       

      <!DOCTYPE jboss-web PUBLIC
          "-//JBoss//DTD Web Application 5.0//EN"
          "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
      <jboss-web>
         <context-root>myWebApp</context-root>
         <security-domain>java:/jaas/jbossmq</security-domain>

       

      and the application.xml looks like:

       

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE application
         PUBLIC "-//Sun Microsystems, Inc.//DTD J2EE Application 1.3//EN"
         "http://java.sun.com/dtd/application_1_3.dtd">
      <application>
         <display-name>myWebApp</display-name>
         <module>
            <ejb>myWebApp.jar</ejb>
         </module>
         <module>
            <web>
               <web-uri>myWebApp.war</web-uri>
               <context-root>myWebApp</context-root>
            </web>
         </module>
      </application>

       

      Does anybody can help me out?

       

      Thx in advance,

      Stefan

        • 1. Re: Problem with security-domain
          Thunder Lei Newbie

          "jboss-web" must match "(class-loading?,security-domain?,jacc-star-role-allow?,context-root?,

          ======================================================================

          It state the error clearly.

          Pls change your jboss-web.xml to

           

          <jboss-web>

          <security-domain>java:/jaas/jbossmq</security-domain>
          <context-root>myWebApp</context-root>

           

          see what's going on

          • 2. Re: Problem with security-domain
            Stefan Henz Newbie

            Hello,

             

            thanks for your hint. I changed in the jboss-web.xml the order  of the tags <security-domain> and <context-root> as you proposed. But when now deploying the the EAR file, my application "myWebApp" is working, but no login and password request occur, i.e. most probably no bind to the security domain "jbossmq" occurs.

             

            The content of my jboss-web.xml looks like:

             

            <?xml version="1.0" encoding="UTF-8"?>

             

            <!DOCTYPE jboss-web PUBLIC
                "-//JBoss//DTD Web Application 5.0//EN"
                "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
            <jboss-web>
               <security-domain>java:/jaas/jbossmq</security-domain>
               <context-root>instituteKurz</context-root>
            </jboss-web>

             

            I've no glue, why no login and password request occur when calling my "myWebApp".

            A https connector is also configured as well as a redirect from http connector to the https one. Its working, because when looking in on the web-console as well as on the jmx-console the login procedure is working.

             

            Does somebody has an idea?

             

            Thanks in advance and best wishes,

            Stefan