2 Replies Latest reply on Jul 26, 2004 7:16 AM by Rafal Kedziorski

    Problem with JAAS

    Rafal Kedziorski Novice


      we are now testing our application (development was started with JBoss 3.0.6) with JBoss 3.2.5. We are used JAAS. This is our configuration:


      <application-policy name = "mmcms">

      <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
      <module-option name = "dsJndiName">java:/MmcmsDS</module-option>
      <module-option name = "principalsQuery">select password from principals where principal=?</module-option>
      <module-option name = "rolesQuery">select role, 'Roles' from roles where principal=?</module-option>


      each session bean facade is defined so:

      * Description of the Class
      * @author Rafal Kedziorski
      * @version $Id: AccessFacadeBean.java,v 1.19 2004/07/26 06:23:46 rafal Exp $
      * @ejb.bean
      * name = "AccessFacadeBean"
      * description = "Access Facade Stateless Session Bean"
      * display-name = "Access Facade Stateless Session Bean"
      * local-jndi-name = "access/AccessFacade"
      * view-type = "local"
      * type = "Stateless"
      * transaction-type = "Container"
      * @ejb.permission
      * role-name = "mmcms"
      * @ejb.transaction
      * type = "Required"
      * @jboss.container-configuration
      * name = "Standard Stateless SessionBean"

      and before we call our session bean facades, we do this:

      LoginContext loginContext = CallbackHandlerHelper.doLoginAsMmcms(CallbackHandlerHelper.SECURITY_DOMAIN);


      private static LoginContext doLogin(String securityDomain, CallbackHandler callbackHandler) {
      try {
      LoginContext loginContext = new LoginContext(securityDomain, callbackHandler);

      return loginContext;
      catch (LoginException le) {
      return null;

      But this is not working. If I don't call out doLogin() method or remove the tables from DB, I can every time call my session beans. I tested the same configuration with JBoss 3.2.2 with the same result.

      Do we something wrong?

      Best Regards,

        • 1. Re: Problem with JAAS
          Rafal Kedziorski Novice


          I found that our problem is related to "client-login" definition in login-context.xml, which is currently set to:

          <!-- Used by clients within the application server VM such as
          mbeans and servlets that access EJBs.
          <application-policy name = "client-login">

          <login-module code = "org.jboss.security.ClientLoginModule"
          flag = "required">


          What will be defined in "client-login"?

          Best Regards,

          • 2. It's working!
            Rafal Kedziorski Novice


            after moving to JBoss 3.2.5 I switched to XDoclet and forgot add security-domain in the xdoclet call:

            Now it's working.