2 Replies Latest reply on Aug 29, 2014 3:11 PM by Andrew Fritz

    Debugging Authentication/Authorization Plugins?

    Andrew Fritz Newbie

      I'm attempting to build a very simple (toy) authentication/authorization plugin for wildfly 8.1.0.Final following this: https://docs.jboss.org/author/display/WFLY8/Plug+Ins I've tried numerous possible varations (the instructions are vauge in many points - for example, under modules/ there is an entire additional tree structure so it isn't clear if you just put your com/myorg/packagename/main/... tree at the top level, or under system/layers/base/. Neither works.

       

      My plugin code is never run and there are no references to it in the log. The documentation states:

       

      "As plug-ins are loaded during the server start up this search is a lazy search so don't expect a definition to a non existant module or to a module that does not contain a plug-in to report an error."

       

      My code is not executed, nor is it loaded at all as far as I can tell. Changing the configuration (in standalone.xml or in the model.xml file) has 0 effect that I can see. No errors, warnings or debug information is output. I've enabled trace on org.jboss.as.* and still don't see anything. Apparently, this is by (insane) design.

       

      How are we suppose to debug what is going on?

       

      How do we tell if a plugin module (or any module) is loaded?

       

      Where do modules (the jar file and the module.xml file) live exactly (hard example not just "under models/")?

       

       

       

       

      snippet from standalone.xml:

       

              <security-realm name="ApplicationRealm">
                  <plug-ins>
                      <plug-in module="com.minerva.databaseauth"/>
                  </plug-ins>
                  <authentication>
                      <plug-in name="Database"/>
                  </authentication>
                  <authorization>
                      <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>
                  </authorization>
              </security-realm>

       

      module.xml:

      <?xml version="1.0" encoding="UTF-8"?>

       

      <module xmlns="urn:jboss:module:1.1" name="com.minerva.databaseauth">

          <properties>

          </properties>

       

          <resources>

              <resource-root path="WildflyAuthPlugin.jar"/>

          </resources>

       

          <dependencies>

              <module name="org.jboss.as.domain-management" />

          </dependencies>

      </module>

        • 1. Re: Debugging Authentication/Authorization Plugins?
          Darran Lofthouse Master

          Top level should be fine, the stuff below that is for us.

           

          Is the ApplicationRealm still referenced by something?  The security realm services are only started if they are actually used, if there was a failure loading the plug in there are plenty of points an Exception should be thrown which should be logged, at runtime during authentication there are also a number of trace level messages logged.

          • 2. Re: Debugging Authentication/Authorization Plugins?
            Andrew Fritz Newbie

            Yes, the ApplicationRealm is referenced. Before I started on this, my application used it via the following configuration and worked fine with users added through the add-user.sh utility.

             

            <security-realm name="ApplicationRealm">

                 <authentication>

                      <local default-user="$local" allowed-users="*" skip-group-loading="true"/>

                      <properties path="application-users.properties" relative-to="jboss.server.config.dir"/>

                 </authentication>

                 <authorization>

                      <properties path="application-roles.properties" relative-to="jboss.server.config.dir"/>

                 </authorization>

            </security-realm>

             

            I then removed the <local ...> and <properties ...> tags inside <authentication ...> and added the <plugins ...> and <plugin> blocks. Standalone.xml was othewise unaltered.

             

            Top level (wildflyhome/modules/com/minerva/databaseauth/main/(jar file and modules.xml file) does not appear to work for me. The first line of my PlugInProvider.loadAuthenticationPlugIn method is log.error("HERE HERE HERE") which is never added to the log, nor do any breakpoints I've got set fire.

             

            What logging filter should I set to TRACE to see messages about plugin loading? org.jboss.as doesn't appear to be the right guess...