JAAS fails when java2ClassLoadingCompliance=
louisaj Mar 3, 2006 2:08 AMI have a login module that works great for several applications in JBoss 3.2.3. However, I have a new application that I have to deploy with
java2ClassLoadingCompliance="false"
set in the jboss-web.xml file. This is due to some incompatibilities in the jakarta commons libraries in the tomcat web service (I need to use a newer version).
When I leave the java2ClassLoadingCompliance as "true" (the default in JBoss 3.2.3) it works fine, my login module is initialized when I deploy the application and authentication works. But as soon as I set it to false and redeploy, the login module is never called and it invisibly fails all authentication attempts. That is, I can see that the login failed, but I don't get any of my login modules logging output in the console. It's as if it doesn't see the existing JAASSecurityManager and/or SecurityManagerService.
I've tried using the org.jboss.security.auth.login.DynamicLoginConfig but that throws a class not found exception (Is it not implemented in 3.2.3 or is it blocked by my java2ClassLoadingCompliance="false"?)
All I need to do is be able to reconnect with the JAAS Security manager that's configured and ready to go (and works with the other applications). I don't have a particular need for a new and different Security manager. How can I tell jboss to reconnect this?
I've also attempted to include my own JAAS Security manager in a login-service.xml file, but that fails with a NameAlreadyBoundException.
<!-- JAAS security manager and realm mapping --> <mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="example.laj.ca:service=JaasSecurityManager"> <attribute name="SecurityManagerClassName"> org.jboss.security.plugins.JaasSecurityManager </attribute> <attribute name="DefaultCacheTimeout"><!-- seconds --> 30 </attribute> </mbean>
I get the name exception with other name= values:
name="jboss.security:service=JaasSecurityManager"
name="jboss.security:service=JaasSecurityManagerOther"
name="example.laj.ca:service=JaasSecurityManagerOther"
P.S. I saw in another issue this was caused by the inclusion of jboss libraries in the application. I did an audit of my files and I'm absolutely certain that I have no jboss files in the application. I do however have some jakarta commons files as I'm using struts.