0 Replies Latest reply on Jul 20, 2006 4:41 AM by Iris peters

    Problems to integrate CustomLoginModule

    Iris peters Newbie

      Hi,

      we would like to use our own login module to authenticate consumers and providers with our SOA-based infrastructure and I have the impression that Jboss totally ignores the custom login modules and instead uses it own

      Im using by the way JBoss 4.0.4. RC1 with JDK 1.5

      I have set up following sbb-login-config-xml

      <?xml version='1.0'?>
      <!DOCTYPE policy PUBLIC
       "-//JBoss//DTD JBOSS Security Config 3.0//EN"
       "http://www.jboss.org/j2ee/dtd/security_config.dtd">
      
      <!-- The XML based JAAS login configuration read by the
      org.jboss.security.auth.login.XMLLoginConfig mbean. Add
      an application-policy element for each security domain.
      
      The outline of the application-policy is:
      <application-policy name="security-domain-name">
       <authentication>
       <login-module code="login.module1.class.name" flag="control_flag">
       <module-option name = "option1-name">option1-value</module-option>
       <module-option name = "option2-name">option2-value</module-option>
       ...
       </login-module>
      
       <login-module code="login.module2.class.name" flag="control_flag">
       ...
       </login-module>
       ...
       </authentication>
      </application-policy>
      
      -->
      <policy>
       <application-policy name="auth-id-password">
       <authentication>
       <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
       flag="required">
       <module-option name="auth-type">auth-id-password</module-option>
       <module-option name="container-type">JBOSS</module-option>
       <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
       <application-policy name="auth-principal">
       <authentication>
       <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
       flag="required">
       <module-option name="auth-type">auth-principal</module-option>
       <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
       <application-policy name="auth-token-checking">
       <authentication>
       <login-module code="org.sopware.security.login.ldap.LDAPLoginModule"
       flag="required">
       <module-option name="auth-type">auth-token-password</module-option>
       <module-option name="container-type">JBOSS</module-option>
       <module-option name="reauthentication">true</module-option>
       <module-option name="org.sopware.sbb.directory.master.url">ldap://localhost:389/ou=DataAuthenticationTSP,o=SOPware</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
      </policy>
      


      Im using this service.xml to startup the config

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE server>


      sbb-login-config.xml
      <depends optional-attribute-name="LoginConfigService">
      jboss.security:service=XMLLoginConfig

      <depends optional-attribute-name="SecurityManagerService">
      jboss.security:service=JaasSecurityManager






      The Jar file for the login module is in the server/lib. Is this the best way to put it ? Or do i need to put it in a jar file ?
      It seems that on startup the jar file can be accessed and is loaded.

      The security domain is set in the relevant DDs .

      According to the log is seems to be able to read my login-config file and reads out the security domains. But somehow its now able to use it and I dont get any error message because of it .

      by the way Im using it own server side and not on client side not als client login module but this is also something we consider .

      Any hints and tips ?

      Thx and rgds,

      Iris