(New to JAAS)... I'm attempting to "turn-on" the standard LDAP JAAS authentication module that comes with JBoss. I want to authenticate all bean clients against LDAP, but allow any authenticated client to call any method it wants. I've gotten part of the way, but can't seem to hit the last switch. Here's my attempted configuration:
-simple auth.conf file with JBoss' ClientLoginModule.
This seems to be working.
-Added new application policy to default login-config.xml named "server", which has LdapLoginModule required.
-In assembly descriptor for beans, set all method-permissions to "unchecked" (I don't see many other options here. I want to say that any user can call any method, provided they've been authenticated with LDAP first...)
-Created jboss.xml file (in server/default/conf)in an attempt to put all beans in the "server" security domain like this:
Despite these configuration changes, my clients are not being authenticated. It appears that the LdapLoginModule is never invoked. What do I need to do to get this module called?
Ah.... jboss.xml needs to go in the META-INF directory of my deploy jar.