4 Replies Latest reply on Nov 11, 2004 8:00 PM by Scott Stark

    Big problem with login-config.xml on Jboss-3.2.6 on Debian L

    Andrew Tillman Newbie

      My web applications cannot seem to find the loging configurations that are defined in their jboss-app.xml file. This is a problem on my own web apps as well as the ones that come with Jboss-3.2.6. This is a huge problem and is preventing me from upgrading.

      Here is my login-config.xml

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
      "-//JBoss//DTD JBOSS Security Config 3.0//EN"
      "http://www.jboss.org/j2ee/dtd/security_config.dtd">

      <!-- The XML based JAAS login configuration read by the
      org.jboss.security.auth.login.XMLLoginConfig mbean. Add
      an application-policy element for each security domain.

      The outline of the application-policy is:
      <application-policy name="security-domain-name">

      <login-module code="login.module1.class.name" flag="control_flag">
      <module-option name = "option1-name">option1-value</module-option>
      <module-option name = "option2-name">option2-value</module-option>
      ...
      </login-module>

      <login-module code="login.module2.class.name" flag="control_flag">
      ...
      </login-module>
      ...

      </application-policy>

      $Revision: 1.6 $
      -->


      <!-- Used by clients within the application server VM such as
      mbeans and servlets that access EJBs.
      -->
      <application-policy name = "client-login">

      <login-module code = "org.jboss.security.ClientLoginModule"
      flag = "required">
      </login-module>

      </application-policy>

      <!-- Security domain for JBossMQ -->
      <application-policy name = "jbossmq">

      <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
      flag = "required">
      <module-option name = "unauthenticatedIdentity">guest</module-option>
      <module-option name = "dsJndiName">java:/jdbc/JMSPool</module-option>
      <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
      <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
      </login-module>

      </application-policy>

      <!-- Security domains for testing new jca framework -->
      <application-policy name = "HsqlDbRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sa</module-option>
      <module-option name = "userName">sa</module-option>
      <module-option name = "password"></module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "FirebirdDBRealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">sysdba</module-option>
      <module-option name = "userName">sysdba</module-option>
      <module-option name = "password">masterkey</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
      </login-module>

      </application-policy>

      <application-policy name = "JmsXARealm">

      <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
      flag = "required">
      <module-option name = "principal">guest</module-option>
      <module-option name = "userName">guest</module-option>
      <module-option name = "password">guest</module-option>
      <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
      </login-module>

      </application-policy>

      <!-- A template configuration for the jmx-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
      -->
      <application-policy name = "jmx-console">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required">
      <module-option name="usersProperties">jmx-console-users.properties</module-option>
      <module-option name="rolesProperties">jmx-console-roles.properties</module-option>
      </login-module>

      </application-policy>

      <!-- A template configuration for the web-console web application. This
      defaults to the UsersRolesLoginModule the same as other and should be
      changed to a stronger authentication mechanism as required.
      -->
      <application-policy name = "web-console">

      <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy>

      <!-- The default login configuration used by any security domain that
      does not have a application-policy entry with a matching name
      -->
      <!-- <application-policy name = "other">

      <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
      flag = "required" />

      </application-policy> -->



      And here is my jboss-web for jmx-console.

      <jboss-web>
      <security-domain>java:/jaas/jmx-console</security-domain>
      </jboss-web>

      Now, I have changed the username and password in "jmx-console-users.properties" but not in the "user.properties" file in the conf directory. If I use the username and password in "jmx-console-users.properties" the login fails, but if I use the one in "user.properties" it succeeds. Furthermore, if I remove the "other" configuration from login-config.xml and go back to jmx-console, and error is logged with the message "No LoginModules configured for jboss.web". It seems that it cannot find the configuration "jmx-console". In this case you cannot login at all.