1 Reply Latest reply on Aug 15, 2014 9:48 AM by suresh gupta

    Single custome Security Domain for multiple independent application

    suresh gupta Newbie

      I have an issue with security domain configuration in jboss 7.

      Below are the steps i followed, i created one custom login module and i created one web appln(login App). it has login page and home page. Home page has 100 links for independent web application.

      i mean in jboss 7 application server there is 101 war deployed.

      in standalone.xml i gave entry like below

                     <security-domain name="myApp" cache-type="default">

                          <authentication>

                              <login-module code="org.MyLoginModule" flag="required">

                                  <module-option name="ModuleName" value="MyLogin Module"/>

                                  <module-option name="ConfigPropertiesPath" value="login.properties"/>

                                  <module-option name="ApplicationID" value="abc"/>

                                  <module-option name="JDBCVersion" value="2"/>

                                  <module-option name="LoadRoles" value="true"/>

                                  <module-option name="PrefetchRolesSQL1" value="select role as role_name from user_role"/>

                              </login-module>

                          </authentication>

                      </security-domain>

      this MyLoginModule using for DB authentication, getting datasource information and some other info from login.properties

      in web.xml i have entry like below:

          <security-constraint>

              <web-resource-collection>

                <web-resource-name>customerPages</web-resource-name>

                <description>My Systems Web</description>

                <url-pattern>/index.jsp</url-pattern>

              </web-resource-collection>

              <auth-constraint><role-name>*</role-name></auth-constraint>

              <user-data-constraint>

                  <transport-guarantee>NONE</transport-guarantee>

              </user-data-constraint>

          </security-constraint>

          <login-config>

              <auth-method>FORM</auth-method>

              <realm-name>myApp</realm-name>

              <form-login-config>

                <form-login-page>logon.jsp</form-login-page>

                <form-error-page>logonError.jsp</form-error-page>

              </form-login-config>

          </login-config>

          <security-role><role-name>*</role-name></security-role>

      jboss-web.xml has entry like below :

      <security-domain>java:/jaas/myApp</security-domain>

       

      DB login authentication happens successfully and i am getting home page with 100 applications which are individual war application. i want to authenticate via same login module for all 100 application, so i did entry in web.xml and jboss-web.xml of each other web application as same above entry.

      but while clicking the link on home page it's redirecting to login page and since it's already login so it's redirecting to home page with 100 links, it's going in

      <form-login-page>logon.jsp</form-login-page> for all other 100 applications.

      am i missing any thing in configuration for other applications?

      some how jboss not passing the login "true" for other applications that's why it's going to form-login-page. some one kindly help me. Thanks,