2 Replies Latest reply on Sep 17, 2001 5:24 PM by dtan

    How to use org.jboss.security.ProxyLoginModule in the auth.c

    dtan Newbie

      Hi,

      I wrote my custom MyUserNamePasswordLoginModule(which extends AbstractServerLoginModule) and MyDatabaseServerLoginModule(which extends MyUserNamePasswordLoginModule).

      I tried to modify auth.conf as :

      example2 {
      /* A JDBC based LoginModule
      LoginModule options:
      dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
      principalsQuery: The prepared statement query equivalent to:
      "select Password from Principals where PrincipalID=?"
      rolesQuery: The prepared statement query equivalent to:
      "select Role, RoleGroup from Roles where PrincipalID=?"
      */
      com.myproject.jaas.MyDatabaseServerLoginModule required
      dsJndiName="java:/OracleDB"
      principalsQuery="select Password from Principals where PrincipalID=?"
      rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
      ;
      };


      I found out that the JBoss server could not read this
      loginmodule when I made a jar of these loginmodules and
      put them in the JBoss/lib/ext directory.

      Then I made the jboss-jaas.jar including these files in it(I changed the package of these files to org.jboss.security.auth.spi). It worked.

      I read in JBoss 2.2 - Tomcat 3.2 bundle documentation that JBoss uses ProxyLoginModule to bootstrap the non-classpath LoginModule. I tried adding

      org.jboss.security.ProxyLoginModule = "com.myproject.jaas.MyDatabaseServerLoginModule" required

      to my auth.conf file. But it didn't help.

      example2 {
      /* A JDBC based LoginModule
      LoginModule options:
      dsJndiName: The name of the DataSource of the database containing the Principals, Roles tables
      principalsQuery: The prepared statement query equivalent to:
      "select Password from Principals where PrincipalID=?"
      rolesQuery: The prepared statement query equivalent to:
      "select Role, RoleGroup from Roles where PrincipalID=?"
      */
      org.jboss.security.ProxyLoginModule = "com.myproject.jaas.MyDatabaseServerLoginModule" required
      dsJndiName="java:/OracleDB"
      principalsQuery="select Password from Principals where PrincipalID=?"
      rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
      ;
      };

      Can anyone please tell me how I can use the ProxyLoginModule for JBoss2.2-Tomcat3.2 Bundle or the way I get use my custom UserNamePasswordLoginMOdule and databaseserverLoginMOdule without putting them into the jboss-jaas.jar

      Thank you very much.

        • 1. Re: windows NT authentication
          dtan Newbie

          I did quite a few searches without a lot of success.
          I am still wondering how to configure the NTLoginModule with JBoss.
          Here some of my dilemma:

          1) Should I configure the NTLogingModule both on my client (EJB client) and server?

          2) Ideally, I'd like to configure it, for sure, on the client: the NTLoginModule picks up the detail of the current logged user and this can very nicely achieve "single sign-on" kind of capbilities (I authenticate once when login to my workstation, no need to login again). But how does this work with the JBoss client login module? To say it differently, how the subject retrived by the NTLoginModule automatically transfered to the JBoss server? Does the Client login module does that automatically and I just need to configure both modules for my clients?

          3) Assuming that I manage to send to JBoss the subject created by the NTLoginModule, how should I configure JBoss to verify this subject? Certainly not with the NTLoginModule as it will just grap the identity information of the current user (the user under which JBoss is running). Let's say that I create my own NTLoginModule, the subject created on the client does not contain the user credentials I think. It has this cryptic NTNumericCredential, which I am not sure what it is. So how can I verify (re-authenticate) the user that was authenticated on the client?

          4) Am I just fooling myself and the only option is the JBoss client login module to send user/password to the JBoss server and then a modified version of the NTLoginModule so user and password can be provided (which pretty much means writing my own NTLoginModule)?

          Last option is that I completely miss-understood JAAS, the NTLoginModule and the JBoss security (which is possible). Do not hesitate to let me know if this is the case, and I will go back reading.

          Thanks in advance for any help.

          Thomas

          • 2. Re: How to use org.jboss.security.ProxyLoginModule in the au
            Nathaniel Auvil Newbie

            that syntax is not correct. Try this:

            example2 {
            org.jboss.security.auth.spi.ProxyLoginModule required
            moduleName=com.myproject.jaas.MyDatabaseServerLoginModule
            dsJndiName="java:/OracleDB"
            principalsQuery="select Password from Principals where PrincipalID=?"
            rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"
            ;
            };