XMLLoginConfig not picking up my application-po...| JBoss.org Content Archive (Read Only)

15. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 27, 2006 10:14 AM (in response to david.l.small)

Oh, and here is the trace leading up to the error. It's as if jBoss is ignoring the security domain entries in jboss-web.xml and jboss.xml.

2006-06-27 10:12:06,082 TRACE [org.jboss.security.SecurityAssociation] pushRunAsIdentity, runAs=null
2006-06-27 10:12:06,082 TRACE [org.jboss.security.SecurityAssociation] popRunAsIdentity, runAs=null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.SecurityAssociation] getPrincipal, principal=null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.java:] Begin isValid, principal:null, cache info: null
2006-06-27 10:12:06,119 TRACE [org.jboss.security.plugins.JaasSecurityManager.java:] defaultLogin, principal=null
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(java:), size=10
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(java:), no entry in appConfigs, tyring parentCont: null
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] getAppConfigurationEntry(java:), no entry in parentConfig, trying: other
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(java:), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
ControlFlag: LoginModuleControlFlag: required
Options:
2006-06-27 10:12:06,120 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] initialize, instance=@11058755
2006-06-27 10:12:06,121 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] findResource: null

16. Re: XMLLoginConfig not picking up my application-policy

j2ee_junkie Jun 27, 2006 10:43 AM (in response to david.l.small)

David,

Yes, your login-config.xml is correct. Your earlier post varifies that the "PinkRealm" is in fact getting configured. The problem is with your deployment. The output from your last post shows that the a "java:" security-domain is being attempted, but since it does not exist, the default "other" application-policy is being used. Review your security-domain settings for accuracy.

cgriffith

17. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 27, 2006 10:56 AM (in response to david.l.small)

To get the security domain settings I'm using jboss-web.xml and jboss.xml just as I did in 4.0.3. There is nothing peculiar about them. And if I try to use the @SecurityDomain annotation instead, I get the same problem. Here are the files ...

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE jboss-web PUBLIC
"-//JBoss//DTD Web Application 2.4//EN"
"http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">

<jboss-web>
<security-domain>java:/jaas/PinkRealm</security-domain>
</jboss-web>

<?xml version="1.0" encoding="ISO-8859-1" ?>

<!DOCTYPE jboss PUBLIC
"-//JBoss//DTD JBOSS 4.0//EN"
"http://www.jboss.org/j2ee/dtd/jboss_4_0.dtd">

<security-domain>java:/jaas/PinkRealm</security-domain>

18. Re: XMLLoginConfig not picking up my application-policy

j2ee_junkie Jun 27, 2006 11:16 AM (in response to david.l.small)

David,

I have a good look at the trace logging when you deploy your ear. Look for security-domain binding settings made by deployer and parsing of your descriptors.

cgriffith

19. Re: XMLLoginConfig not picking up my application-policy

j2ee_junkie Jun 27, 2006 11:30 AM (in response to david.l.small)

Also,

Doing a forum search with query "@SecurityDomain" AND annotation AND "security domain" yeilds similar situations as yours.

cgriffith

20. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 27, 2006 11:39 AM (in response to david.l.small)

This is what I have for parsing of the jboss.xml file. Not much in the line of tracing ...

2006-06-27 11:14:30,834 DEBUG [org.jboss.ejb3.Ejb3Module] Creating jboss.j2ee:service=EJB3,module=pinkcommon-ejb.jar
2006-06-27 11:14:30,841 DEBUG [org.jboss.ejb3.security.JaccHelper] Initialising JACC Context for deployment: pinkcommon-ejb.jar
2006-06-27 11:14:30,853 TRACE [org.jboss.security.jacc.JBossPolicyConfiguration] ctor, contextID=pinkcommon-ejb.jar
2006-06-27 11:14:30,938 DEBUG [org.jboss.ejb3.Ejb3DescriptorHandler] found jboss.xml jar:file:/usr/local/jboss-4.0.4.GA/server/default/tmp/deploy/tmp58947pinkcommon.ear-contents/pinkcommon-ejb.jar!/META-INF/jboss.xml
2006-06-27 11:14:31,519 INFO [org.jboss.ejb3.Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to com.pinksheets.common.ejb.biz.AnalyzeLegacyDatabaseBean org.jboss.annotation.security.SecurityDomainImpl@10ab67f
2006-06-27 11:14:31,536 DEBUG [org.jboss.ejb3.Ejb3AnnotationHandler] found EJB3: ejbName=AnalyzeLegacyDatabaseBean, class=com.pinksheets.common.ejb.biz.AnalyzeLegacyDatabaseBean, type=STATELESS
2006-06-27 11:14:31,595 DEBUG [org.jboss.ejb3.ProxyDeployer] no declared remote bindings for : AnalyzeLegacyDatabaseBean
2006-06-27 11:14:31,643 INFO [org.jboss.ejb3.Ejb3DescriptorHandler] adding class annotation org.jboss.annotation.security.SecurityDomain to com.pinksheets.common.ejb.biz.CodesServiceBean org.jboss.annotation.security.SecurityDomainImpl@15c0729
2006-06-27 11:14:31,666 DEBUG [org.jboss.ejb3.Ejb3AnnotationHandler] found EJB3: ejbName=CodesServiceBean, class=com.pinksheets.common.ejb.biz.CodesServiceBean, type=STATELESS
2006-06-27 11:14:31,666 DEBUG [org.jboss.ejb3.ProxyDeployer] no declared remote bindings for : CodesServiceBean

21. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 27, 2006 11:57 AM (in response to david.l.small)

This thread has the answer.

http://www.jboss.com/index.html?module=bb&op=viewtopic&t=78329

Apparently, the "java:/jaas/" must now be removed. Not that this is your fault, but it would have been nice if this change have been documented in the release notes. It's a pretty significant change.

Now, I have a new error to track down and fix. Thanks for your help.

22. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 27, 2006 12:32 PM (in response to david.l.small)

Actually, it gets even weirder. It is true that you need to remove "java:/jaas/" in jboss.xml 's security-domain element. But that same prefix must be present in the jboss-web.xml 's security-domain element otherwise the web authentication doesn't work.

23. Re: XMLLoginConfig not picking up my application-policy

starksm64 Jun 28, 2006 9:57 AM (in response to david.l.small)

Then that is an ejb3 bug.

24. Re: XMLLoginConfig not picking up my application-policy

david.l.small Jun 28, 2006 10:05 AM (in response to david.l.small)

"scott.stark@jboss.org" wrote:
Then that is an ejb3 bug.

Does this mean that you'll be reverting back to using "java:/jaas/" in jboss.xml (or @SecurityDomain) in a future version?

25. Re: XMLLoginConfig not picking up my application-policy

jbossjleplat Jun 28, 2006 11:31 AM (in response to david.l.small)

That problem had me stuck for quite a while. It's especially tough as all the tutorials and JaasHowTo and JASS FAQ don't mention this issue.