2 Replies Latest reply on Aug 22, 2013 10:50 AM by Stephen Chrostowski

    How to define roles for JAAS authentication to Management interfaces

    Christian Havlis Newbie

      Hi,

       

      I have successfully secured the Web Management interface of JBoss AS 7 via JAAS authentication:

       

      <security-realm name="ManagementRealm">

                      <authentication>

                          <jaas name="<my_security_domain>"/>

                      </authentication>

                  </security-realm>

       

      <subsystem xmlns="urn:jboss:domain:security:1.1">

                  <security-domains>

                      <security-domain name="<my_security_domain>" cache-type="default">

                          <authentication>

                              <login-module code="<my_login_class>" flag="required" module="<my_login_module>">

                                  <module-option name="stage" value="TEST"/>

                                  ...

                              </login-module>

                          </authentication>

                      </security-domain>

       

      When I access the management console http://localhost:9990/console I'm asked to enter User/Password.

      But I don't know how the define the allowed roles, that are allowed to access the management console.

      In prior versions of JBoss I have done this by adding the security role to the web.xml of the management tool:

      <security-role>

              <role-name>MyAdministratorRole</role-name>

         </security-role>

       

      How can I do this in JBoss AS 7?

        • 1. Re: How to define roles for JAAS authentication to Management interfaces
          Darran Lofthouse Master

          That is something that I am looking to add in AS 7.2 - in the meantime I would suggest rejecting the authentication in the login module if the user does not have the required roles.

          • 2. Re: How to define roles for JAAS authentication to Management interfaces
            Stephen Chrostowski Newbie

            Hi Chistian

            I am tying to do the same thing but in JBOSS 6, I have similar entries in my standalone.xml fiile but when I try to access the web console, I get a message that the console cannot be loaded,. My entries are below,

            Any ideas, Also do you know how I can tell if it is accessing my module

            Thanks

            Steve

                <management>

                 <security-realms>

                        <security-realm name="ManagementRealm">

                          <authentication>

                                       <jaas name="MySecurityModule"/>

                          </authentication>                                            

                        </security-realm>

                    </security-realms>

                   <subsystem xmlns="urn:jboss:domain:security:1.2">

                    <security-domains>

                            <security-domain name="MySecurityModule">

                                <authentication>

                                  <login-module code = "com.jboss.security.auth.spi.loginModule" flag = "required">

                                      <module-option name = "realmName" value="JBossAdminRealm"/>

                                      <module-option name = "realmType" value="JavaRealm"/>

                                   </login-module>

                                </authentication>

                            </security-domain>