2 Replies Latest reply on Jul 8, 2003 9:34 AM by anjboss

    Custom LoginModule howto ?

    anjboss Newbie

      I am needing to implement a Custom LoginModule with JBoss. I have it working with JAAS yet am unsure of the implementation with JBoss. In basic terms I have a class
      DBLoginModule implements LoginModule
      {
      public void initialize(Subject subject,CallbackHandler callback,Map shared_state,Map options)
      {
      ...
      }

      public boolean login()
      {
      ...
      }

      public boolean commit()
      {
      ...
      }

      public boolean abort()
      {
      ...
      }

      public boolean logout()
      {
      ...
      }
      }

      and I package this into a jar and pop it into $JBOSS_HOME/server/default/lib
      I have also tried putting it in $JBOSS_HOME/client

      I have edited client/auth.conf to include this login module.

      In the $JBOSS_HOME/server/default/conf/login-config.xml I have adjusted my module (from the provided DatabaseServerLoginModule) to use instead my custom module.

      When I run my web-app and I go to a page that needs authentication, it goes through the FORM based authentication, but then Jetty comes back with

      org.jboss.jetty.security.JBossUserRealm#null] authentication failure: my_login

      i.e it never goes into my LoginModule (because I have diagnostic logging that never appears).

      Questions :
      a). is it possible to use a plain JAAS LoginModule like mine in JBoss, or do I have to extend the provided JBoss modules ?
      b). if it is possible, what am I doing wrong here ? Do i need to put jaas.policy/config files somewhere ?

      TIA

        • 1. Re: Custom LoginModule howto ?
          Adrian Brock Master

          client/auth.conf is not used.

          When you say you changed the default (there is no default)
          what did you change?
          Do you have the security-domain configured in jboss-web.xml?

          Post your deployment descriptors and login-config.xml

          Regards,
          Adrian

          • 2. Re: Custom LoginModule howto ?
            anjboss Newbie

            OK, In my WAR i have web.xml which includes the following

            <security-constraint>
            <web-resource-collection>
            <web-resource-name>Account Page</web-resource-name>
            <url-pattern>/account.jsp</url-pattern>
            </web-resource-collection>

            <auth-constraint>
            <role-name>USER</role-name>
            </auth-constraint>
            </security-constraint>

            <login-config>
            <auth-method>FORM</auth-method>
            <form-login-config>
            <form-login-page>/login.jsp</form-login-page>
            <form-error-page>/login_error.jsp</form-error-page>
            </form-login-config>
            </login-config>

            and jboss-web.xml which sets the security-domain like this

            <security-domain>java:/jaas/MyDBRealm</security-domain>



            and login-config.xml has an entry like this

            <application-policy name="MyDBRealm">

            <login-module code="mydomain.DBLoginModule" flag="re
            quired">
            <module-option name="dsJndiName">java:/DefaultDS</module-option>
            </login-module>

            </application-policy>

            If I use "org.jboss.security.auth.spi.DatabaseServerLoginModule" above instead of "mydomain.DBLoginModule" it works fine and goes through the authentication process. Any ideas?