4 Replies Latest reply on Mar 1, 2013 5:55 PM by Tom Eicher

    JBoss 7.1 : Dynamic security domain : How to deploy together with EAR / WAR

    Jiri Hofman Newbie

      Hello,

       

      I have an application packed as an EAR. I need to deploy the app several times into the JBoss AS (Client1.ear, Client2.ear, etc...). The issue is that JBoss complains about having the same security domain for multiple WARs (althoug these have different root context):

       

      Caused by: org.jboss.msc.service.DuplicateServiceException: Service jboss.security.jacc."web-gui-6.0.0-SNAPSHOT.war" is already registered

          at org.jboss.msc.service.ServiceRegistrationImpl.setInstance(ServiceRegistrationImpl.java:154) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

          at org.jboss.msc.service.ServiceControllerImpl.startInstallation(ServiceControllerImpl.java:226) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

          at org.jboss.msc.service.ServiceContainerImpl.install(ServiceContainerImpl.java:560) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]

          ....

       

      Is there a way how to deploy a security domain per application? For example jboss-web.xml (${client_build_ID} is known at applicaion build time):

       

      <jboss-web>

          <security-domain>${client_build_ID}-Security-Domain</security-domain>

          <disable-audit>true</disable-audit>

      </jboss-web>

       

      Additionaly I need to define a different authenication per application. Is there a way how to deploy a security domain configuration per application? For example some sort of jboss-security.xml:

       

      <subsystem xmlns="urn:jboss:domain:security:1.1">

          <security-domains>

              <security-domain name="${client_build_ID}-Security-Domain" cache-type="default">

                  <authentication>

                      <login-module code="myapp.EJBLoginModule" flag="required">

                             <module-option name="EJBJNDI" value="java:/${client_build_ID}/Login" />

                      </login-module>

                  </authentication>

              </security-domain>

          </security-domains>

      </subsystem>

       

      There might exist another authentication scenarios which would do the same. Any help is very appreciated!!