1 Reply Latest reply on Mar 14, 2012 5:30 AM by tcharman

    JAAS security-domain

    Newbie

      Hi

       

      I am using JBoss 7.0.2, trying to get JBPM installed.

       

      I'm switching JBPM Guvnor to use a file based user/role repository.

       

      In the JBoss CLI (jboss-admin.sh), I have created a security domain (I can see it in standalone.xml) by doing this:

       

      /subsystem=security/security-domain=guvnor/authentication=classic

       

      I then

       

      cd /subsystem=security/security-domain=guvnor/authentication=classic

       

      and try to create the login-module:

       

      :add(login-modules=[{"code"=>"UsersRoles", "flag"=>"required", "module-options"=>[[("name"=>"usersProperties"),("value"=>"props/guvnor-users.properties")],[("name"=>"rolesProperties","value"=>"props/guvnor-roles.properties")]]}])

       

      I get this:

       

      {

          "outcome" => "failed",

          "failure-description" => "No handler for operation add at address [

          (\"subsystem\" => \"security\"),

          (\"security-domain\" => \"guvnor\"),

          (\"authentication\" => \"classic\")

      ]",

          "rolled-back" => true

      }

       

      Any ideas?

       

      Many thanks

       

      Tim

        • 1. Re: JAAS security-domain
          Newbie

          I have worked around the CLI not working by hacking the standalone.xml directly (with the application server stopped).  Once I created the security domain through the CLI, it was clear where to put this stanza:

                          <security-domain name="guvnor" cache-type="default">

                              <authentication>

                                  <login-module code="UsersRoles" flag="required">

                                      <module-option name="usersProperties" value="/opt/jboss/as/jboss_current/standalone/configuration/guvnor-users.properties"/>

                                      <module-option name="rolesProperties" value="/opt/jboss/as/jboss_current/standalone/configuration/guvnor-roles.properties"/>

                                  </login-module>

                              </authentication>

                          </security-domain>

           

          Note the relative path has changed to an absolute one.  Apparently configuration is not on the classpath since JBoss AS 7.  There doesn't seem to be a best practice for where to put these files/how to reference them other than to put them into the WAR, which kinda defeats the purpose a bit.  I suppose people will really deploy against LDAP, as I intend to once I get a fully working system.