3 Replies Latest reply on Apr 30, 2006 4:30 PM by armita

naive question about jaas authentication

armita Apr 30, 2006 12:11 PM

Sorry for asking this here but the documentation are really bad, and the suggested are far out-of-date.
I tryed to make my application jass enabled and add this section to jboss.xml:

 <security-domain>java:/jaas/mcipro</security-domain>
<missing-method-permissions-excluded-mode>false</missing-method-permissions-excluded-mode>
 <unauthenticated-principal>nobody</unauthenticated-principal>

and this one to login-config.xml

 <application-policy name="mcipro">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule"
 flag="required">
 <module-option name="unauthenticatedIdentity">guest</module-option>
 <module-option name="dsJndiName">java:/mciproDS</module-option>
 <module-option name="principalsQuery">SELECT password FROM User WHERE username=?</module-option>
 <module-option name="rolesQuery">SELECT roleId, 'Roles' FROM Role WHERE user_userName=?</module-option>
 </login-module>
 </authentication>
 </application-policy>

but my application still wants to authenticate against the "other" application-policy.
How can I tell my application to use this application-policy?

1. Re: naive question about jaas authentication

jaikiran Apr 30, 2006 12:14 PM (in response to armita)

What's your application? Is it a web-application? If yes then you will have to add the security-domain in the jboss-web.xml(similar to what you have done in jboss.xml)
Actions
2. Re: naive question about jaas authentication

jaikiran Apr 30, 2006 12:18 PM (in response to armita)

Have a look at:

http://docs.jboss.org/jbossas/jboss4guide/r1/html/ch8.chapter.html

Section 8.3.1, may be of your interest
Actions
3. Re: naive question about jaas authentication

armita Apr 30, 2006 4:30 PM (in response to armita)

It is a web application based on seam
Actions

Go to original post