1 Reply Latest reply on Sep 27, 2002 3:30 PM by Cindy Conway

    Permissions not working - being bypassed

    Sloan Seaman Newbie

      I am trying to implement JAAS for a few test beans that I have.

      I have a client app that runs in a seperate VM and will eventually run on a seperate machine.

      My issues is that is just seems to be letting everything through.

      I do not even have the database tables made for the DatabaseServerLoginModule and it still works.

      For the client app I have the following auth.conf (located in an app specific location):
      LeagueCentral {
      // JBoss LoginModule
      org.jboss.security.ClientLoginModule required;

      On the server side I have an auth.conf in server//conf:
      other {
      org.jboss.security.auth.spi.DatabaseServerLoginModule required
      principalsQuery="select Password from Principals where PrincipalID=?"
      rolesQuery="select Role, RoleGroup from Roles where PrincipalID=?"

      In my ejb-jar for the beans I have:
      Access control from all Remote Clients







      The client is able to use getPassword() even though I have it defined otherwise.

      I'm a bit new to JAAS so any help at all would be great.


        • 1. Re: Permissions not working - being bypassed
          Cindy Conway Newbie

          Have you tried putting a security-domain in your jboss.xml file?


          The way I understand it, by placing this in the jboss.xml, you specify that the application is secured under the MyDomain domain. Then, in your auth.conf file on the server, create a section called "MyDomain" like this:

          MyDomain {
          ... your security setup ...

          Each bean in the jboss.xml file will then be authenticated with the login modules in the MyDomain configuration.

          Good Luck!