1 Reply Latest reply on Mar 14, 2012 5:30 AM by tcharman

    JAAS security-domain




      I am using JBoss 7.0.2, trying to get JBPM installed.


      I'm switching JBPM Guvnor to use a file based user/role repository.


      In the JBoss CLI (jboss-admin.sh), I have created a security domain (I can see it in standalone.xml) by doing this:




      I then


      cd /subsystem=security/security-domain=guvnor/authentication=classic


      and try to create the login-module:


      :add(login-modules=[{"code"=>"UsersRoles", "flag"=>"required", "module-options"=>[[("name"=>"usersProperties"),("value"=>"props/guvnor-users.properties")],[("name"=>"rolesProperties","value"=>"props/guvnor-roles.properties")]]}])


      I get this:



          "outcome" => "failed",

          "failure-description" => "No handler for operation add at address [

          (\"subsystem\" => \"security\"),

          (\"security-domain\" => \"guvnor\"),

          (\"authentication\" => \"classic\")


          "rolled-back" => true



      Any ideas?


      Many thanks



        • 1. Re: JAAS security-domain

          I have worked around the CLI not working by hacking the standalone.xml directly (with the application server stopped).  Once I created the security domain through the CLI, it was clear where to put this stanza:

                          <security-domain name="guvnor" cache-type="default">


                                  <login-module code="UsersRoles" flag="required">

                                      <module-option name="usersProperties" value="/opt/jboss/as/jboss_current/standalone/configuration/guvnor-users.properties"/>

                                      <module-option name="rolesProperties" value="/opt/jboss/as/jboss_current/standalone/configuration/guvnor-roles.properties"/>





          Note the relative path has changed to an absolute one.  Apparently configuration is not on the classpath since JBoss AS 7.  There doesn't seem to be a best practice for where to put these files/how to reference them other than to put them into the WAR, which kinda defeats the purpose a bit.  I suppose people will really deploy against LDAP, as I intend to once I get a fully working system.