1 Reply Latest reply on Aug 16, 2005 9:54 AM by K K

    JNDIRealm and JDBCRealm together

    K K Newbie

      I am using JBoss 401. My webapp uses the JDBCRealm for a database login and I am using the Slide JNDIPrincipalStore which requires the JNDIRealm. Is there a way to use both of these? If I have them both in the server.xml one piece will not work (depending on the order).

        • 1. Re: JNDIRealm and JDBCRealm together
          K K Newbie

          I read in the JBoss Dev Notebook that you can do this by stacking login modules and it had an example of the login-conf.xml for JDBC and LDAP. It does not talk about the server.xml or any other pieces. I followed the instructions and added this but it still does not work:

          <application-policy name = "other">

          <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
          flag = "sufficient">
          <module-option name = "dsJndiName">java:/APRhsqldbDS</module-option>
          <module-option name = "principalsQuery">SELECT PASSWORD FROM APR_USER WHERE PASSWORD=?</module-option>
          <module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM APR_USER_ROLE WHERE ROLE=?</module-option>
          </login-module>

          <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
          flag="sufficient" >
          <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory"</module-option>
          <module-option name="java.naming.provider.url">ldap://localhost:389/</module-option>
          <module-option name="java.naming.security.authentication">simple</module-option>
          <module-option name="principalDNPrefix">uid= </module-option>
          <module-option name="principalDNSuffix">ou=People, dc= info, dc=org</module-option>
          <module-option name="rolesCtxDN">ou=Roles,o=EastCoast,o=HQ,c=US,dc=info,dc=org</module-option>
          <module-option name="uidAttributeID">member</module-option>
          <module-option name="matchOnUserDN">true</module-option>
          <module-option name="roleAttributeID">memberOf</module-option>
          <module-option name="roleAttributeIsDN">false</module-option>
          </login-module>


          </application-policy>