Migrating JBoss AS 4.2.1 to 5.1.0 - DynamicLoginConfig
yuanlinh Apr 26, 2011 4:40 PMWhen migrating from AS 4.2.1 to AS 5.1.0, I got the following error:
ERROR [UsersRolesLoginModule] Failed to load users/passwords/role files
java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found
I searched the web, and set jboss security component log level to trace, and the log seems to tell the server cannot find the any entry in appConfigs, therefore it always defalt to "other" security domain, then tries to access the users/passwords/roles files of "other" that do not exists.
TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(java:jaas), size=15
16:09:03,900 TRACE [XMLLoginConfigImpl] getAppConfigurationEntry(java:jaas), no entry in appConfigs, tyring parentCont: null
16:09:03,900 TRACE [XMLLoginConfigImpl] getAppConfigurationEntry(java:jaas), no entry in parentConfig, trying: other
16:09:03,900 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(java:jaas), authInfo=AppConfigurationEntry[]:
[0]
Further looking at the log, it appears the server DynamicLoginConfig service has successfully loaded my login domain aces.
16:09:03,541 DEBUG [DynamicLoginConfig] Loaded config: aces
16:09:03,541 DEBUG [DynamicLoginConfig] Started jboss:service=DynamicLoginConfig
I further checked the JNDI binding via jmx-console, it appears aces is successfully binded there under jaas under Java namespace (The getAppConfigurationEntry() seems trying at java:jaas, and there is a java:jaas parallel to "aces", not sure this could cause problem):
+- jaas (class: javax.naming.Context)
| +- aces (class: org.jboss.security.plugins.SecurityDomainContext)
| +- messaging (class: org.jboss.security.plugins.SecurityDomainContext)
| +- java:jaas (class: org.jboss.security.plugins.SecurityDomainContext)
| +- EncryptOracleXAAdminDataSourcePassword (class:
Also, below are my jboss-service.xml file and the dynamic-login-config.xml it pointing to:
<?xml version="1.0" encoding="UTF-8"?>
<server>
<mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
name="jboss:service=DynamicLoginConfig">
<attribute name="AuthConfig">
META-INF/dynamic-login-config.xml
</attribute>
<depends optional-attribute-name="LoginConfigService">
jboss.security:service=XMLLoginConfig
</depends>
<depends optional-attribute-name="SecurityManagerService">
jboss.security:service=JaasSecurityManager
</depends>
</mbean>
</server>
<?xml version="1.0" encoding="UTF-8"?>
<policy>
<application-policy xmlns="urn:jboss:security-beans:1.0" name="aces">
<authentication>
<login-module code="com.ngc.aces.security.providers.authentication.AcesUserDbLoginModuleImpl"
flag="sufficient">
<module-option name="unauthenticatedIdentity">AnonymousUser</module-option>
<module-option name="principalClass">com.ngc.aces.security.providers.authentication.AcesUser</module-option>
<module-option name="dsJndiName">acesDS</module-option>
<module-option name="providerUrl">localhost:1099</module-option>
</login-module>
<login-module code="com.ngc.aces.security.providers.authentication.SystemUserDbLoginModuleImpl"
flag="sufficient">
<module-option name="unauthenticatedIdentity">AnonymousUser</module-option>
<module-option name="principalClass">com.ngc.aces.security.providers.authentication.AcesUser</module-option>
<module-option name="dsJndiName">acesDS</module-option>
<module-option name="providerUrl">localhost:1099</module-option>
</login-module>
</authentication>
</application-policy>
</policy>
Can anyone help explain why getAppConfigurationEntry() cannot get my security domain "aces', and always defaults to "other"?
Thank you for any comments and suggestions!
Michael Huang