jboss ignores my applications-policies
tthiele Aug 5, 2003 3:30 AMHi readers,
can someone explain me, why my configured application-policies in login-config.xml do not appear in the jndi-tree?
On the other hand, some others do appear in the jndi-tree but I
can't find a corresponding entry in the login-config.xml file.
Further the behaviour of my web-app is weired as the webcontainer
doesn't care about which application policy he has to use.
The login always performs and the user always gets the required role - even when I enter nonsens into the login-form.
Any hints appreciated.
Tilo
--------------------------------------------------------------------------------
server.log:
2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] created JBossUserRealm::JBossUserPrinci
pal: fffff
2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticating: Name:fffff Password:***
*
2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticated: fffff
2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] setting JAAS subjectAttributeName(j_sub
ject) : null
2003-08-05 11:11:35,131 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticating: Name:fffff Password:***
*
2003-08-05 11:11:35,132 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticated: fffff
2003-08-05 11:11:35,132 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] JBossUserPrincipal: fffff is in Role: u
ser
--------------------------------------------------------------------------------
jboss-web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
<jboss-web>
<security-domain>java:/jaas/repository-realm</security-domain>
....
</jboss-web>
--------------------------------------------------------------------------------
web.xml:
...
<security-constraint>
<web-resource-collection>
<web-resource-name>WebTest-Repository</web-resource-name>
<url-pattern>/prototype/*</url-pattern>
<url-pattern>/application/*</url-pattern>
<url-pattern>/repository/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>user</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Repository Console</realm-name>
<form-login-config>
<form-login-page>/login/login.html</form-login-page>
<form-error-page>/login/login-error.html</form-error-page>
</form-login-config>
</login-config>
...
--------------------------------------------------------------------------------
java: Namespace
+- jaas (class: javax.naming.Context)
| +- other (class: org.jboss.security.plugins.SecurityDomainContext)
| +- jbossmq-httpil (class: org.jboss.security.plugins.SecurityDomainContext)
| +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
| +- jmx-console (class: org.jboss.security.plugins.SecurityDomainContext)
| +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
| +- http-invoker (class: org.jboss.security.plugins.SecurityDomainContext)
| +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)
--------------------------------------------------------------------------------
File: <JBoss-Home>/server/default/conf/login-config.xml
<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<application-policy name = "repository-realm">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "required">
<module-option name = "principalsQuery">select password from User where username=?</module-option>
<module-option name = "rolesQuery">select distinct r.rolename from Role r, RoleMap m, User u where r.roleid=m.roleid and m.userid
=u.userid and u.username=?</module-option>
<module-option name = "dsJndiName">java:/MysqlWebtestDS</module-option>
</login-module>
</application-policy>
<application-policy name = "client-login">
<login-module code = "org.jboss.security.ClientLoginModule"
flag = "required">
</login-module>
</application-policy>
<application-policy name = "jbossmq">
<login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
flag = "required">
<module-option name = "unauthenticatedIdentity">guest</module-option>
<module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
</login-module>
</application-policy>
<application-policy name = "HsqlDbRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sa</module-option>
<module-option name = "userName">sa</module-option>
<module-option name = "password"></module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
</login-module>
</application-policy>
<application-policy name = "FirebirdDBRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">sysdba</module-option>
<module-option name = "userName">sysdba</module-option>
<module-option name = "password">masterkey</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
</login-module>
</application-policy>
<application-policy name = "JmsXARealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
flag = "required">
<module-option name = "principal">guest</module-option>
<module-option name = "userName">guest</module-option>
<module-option name = "password">guest</module-option>
<module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
</login-module>
</application-policy>
<application-policy name = "jmx-console">
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
flag = "required" />
</application-policy>