3 Replies Latest reply on Jul 14, 2004 1:17 PM by solso

    application-policy doesn't work - always default security do

    solso
    solso Jul 8, 2004 11:44 AM

      Hello...

      I'm developing a servlet, which calls some custom classes. One of these classes does a kerberos login using the krb5login module. To get the servlet and the classes working, I have to define the exact class in the application policy of the default security domain "other" in the login-config.xml:


      <application-policy name = "other">

      <login-module code = "com.sun.security.auth.module.Krb5LoginModule" flag = "required" />

      </application-policy>
      ...


      Then I tried to use a custom security domain which I defined in the jboss-web.xml:

      <jboss-web>
      <security-domain>TestSecDomain</security-domain>
      <context-root>/</context-root>
      <virtual-host>localhost</virtual-host>
      </jboss-web>

      I also defined a custom application policy in the login-config.xml:


      <application-policy name = "TestSecDomain">

      <login-module code = "com.sun.security.auth.module.Krb5LoginModule" flag = "required" />

      </application-policy>
      ....
      <application-policy name = "other">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule" flag = "required" />

      </application-policy>
      ....


      With this configuration the servlet and the classes are not working. They use always the default "other" application policy.

      Do you have any ideas what I have done wrong?
      I'm using JBoss 3.2.2 with bundled Tomcat 4.1.2.

      Thanks in advance...

      richard

      • 3048 Views
      • Tags:
        • 1. Re: application-policy doesn't work - always default securit
          starksm64
          starksm64 Jul 10, 2004 12:16 PM (in response to solso)

          The security-domain element syntax for the default security manager is "java:/jaas/" + jaas-login-config-name, so you need to use:

           <security-domain>java:/jaas/TestSecDomain</security-domain>


            • Actions
          • 2. Re: application-policy doesn't work - always default securit
            solso
            solso Jul 12, 2004 9:45 AM (in response to solso)

            Hello Scott,

            I already used the full JNDI name in the jboss-web.xml. Here is the code:
            <jboss-web>
            <security-domain>java:/jaas/TestSecDomain</security-domain>
            <context-root>/</context-root>
            <virtual-host>localhost</virtual-host>
            </jboss-web>

            The JBoss Server uses always the default application policy. What else can be wrong? Any other idea?

            Thanks for your help!

            Richard

              • Actions
            • 3. Re: application-policy doesn't work - always default securit
              solso
              solso Jul 14, 2004 1:17 PM (in response to solso)

              Hello

              I've solved the Problem. In my Servlet I call a custom class which performs a kerberos login. In this class I had to put the configuration name of the application policy. Then everything works fine.

              See the code:

              String confname = "TestSecDomain";
beanCallbackHandler = new BeanCallbackHandler(kerbuser, kerbpass);
peerLC = new LoginContext(confName, beanCallbackHandler);
peerLC.login();


                • Actions