1 Reply Latest reply on Aug 6, 2003 3:14 AM by Tilo Thiele

    jboss ignores my applications-policies

    Tilo Thiele Newbie

      Hi readers,

      can someone explain me, why my configured application-policies in login-config.xml do not appear in the jndi-tree?
      On the other hand, some others do appear in the jndi-tree but I
      can't find a corresponding entry in the login-config.xml file.

      Further the behaviour of my web-app is weired as the webcontainer
      doesn't care about which application policy he has to use.
      The login always performs and the user always gets the required role - even when I enter nonsens into the login-form.

      Any hints appreciated.
      Tilo

      --------------------------------------------------------------------------------
      server.log:
      2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] created JBossUserRealm::JBossUserPrinci
      pal: fffff
      2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticating: Name:fffff Password:***
      *
      2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticated: fffff
      2003-08-05 11:11:35,123 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] setting JAAS subjectAttributeName(j_sub
      ject) : null
      2003-08-05 11:11:35,131 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticating: Name:fffff Password:***
      *
      2003-08-05 11:11:35,132 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] authenticated: fffff
      2003-08-05 11:11:35,132 DEBUG [org.jboss.jetty.security.JBossUserRealm#EMS WebTest Repository Console] JBossUserPrincipal: fffff is in Role: u
      ser

      --------------------------------------------------------------------------------
      jboss-web.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 2.3//EN" "http://www.jboss.org/j2ee/dtd/jboss-web_3_0.dtd">
      <jboss-web>
      <security-domain>java:/jaas/repository-realm</security-domain>
      ....
      </jboss-web>

      --------------------------------------------------------------------------------
      web.xml:

      ...
      <security-constraint>
      <web-resource-collection>
      <web-resource-name>WebTest-Repository</web-resource-name>
      <url-pattern>/prototype/*</url-pattern>
      <url-pattern>/application/*</url-pattern>
      <url-pattern>/repository/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <auth-constraint>
      <role-name>user</role-name>
      </auth-constraint>
      </security-constraint>

      <login-config>
      <auth-method>FORM</auth-method>
      <realm-name>Repository Console</realm-name>
      <form-login-config>
      <form-login-page>/login/login.html</form-login-page>
      <form-error-page>/login/login-error.html</form-error-page>
      </form-login-config>
      </login-config>
      ...
      --------------------------------------------------------------------------------
      java: Namespace

      +- jaas (class: javax.naming.Context)
      | +- other (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- jbossmq-httpil (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- jmx-console (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- http-invoker (class: org.jboss.security.plugins.SecurityDomainContext)
      | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)


      --------------------------------------------------------------------------------
      File: <JBoss-Home>/server/default/conf/login-config.xml

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd">


      <application-policy name = "repository-realm">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "principalsQuery">select password from User where username=?</module-option>
      <module-option name = "rolesQuery">select distinct r.rolename from Role r, RoleMap m, User u where r.roleid=m.roleid and m.userid
      =u.userid and u.username=?</module-option>
      <module-option name = "dsJndiName">java:/MysqlWebtestDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "client-login">

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>

      </application-policy>

      <application-policy name = "jbossmq">

      <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "HsqlDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sa</module-option>
      <module-option name = "userName">sa</module-option>
      <module-option name = "password"></module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "FirebirdDBRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sysdba</module-option>
      <module-option name = "userName">sysdba</module-option>
      <module-option name = "password">masterkey</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "JmsXARealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">guest</module-option>
      <module-option name = "userName">guest</module-option>
      <module-option name = "password">guest</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "jmx-console">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>

      <application-policy name = "other">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>


        • 1. Re: jboss ignores my applications-policies
          Tilo Thiele Newbie

          after a day of work I got it.
          JBoss really seems to ignore the jboss-web.xml.
          But when I enter a line

          <security-domain>java:/jaas/repository-realm</security-domain>

          in jboss.xml everything works fine. JBoss seems to enter the application-policies in the jndi-tree on demand. And this works only with the ejb-descriptor and not with the web-descriptor.

          I daresay this is a bug in JBoss 3.2.1 - or I got some things wrong again.