2 Replies Latest reply on Jan 30, 2007 1:19 AM by None None

    How can I get JBoss to use my login module?

    None None Master

      I wrote a new class that implements javax.security.auth.spi.LoginModule. I put an entry for it in login-config.xml. I made the class into a jar and put the jar in server/default/lib. It never seems to load. I changed the login-config.xml file and intentionally made the class name incorrect and that didn't throw any errors, so it seems like if it can't load the class it silently fails. Any idea what's going on? My login module is super-simple. All it does is send a log message when there is a login attempt. Surely there is a way to use a login module in JBoss? I don't want to go back to old-style security where I implement a password check on every single method in all of my session beans. I would love to use declarative security if it's possible.

        • 1. Re: How can I get JBoss to use my login module?
          fhh Expert

          AFAIK the LoginContext is only created when it is needed for the first time. So unless you start declaring some security constraints on your webapp you will never know whether it works or not.

          Regards

          Felix

          • 2. Re: How can I get JBoss to use my login module?
            None None Master

            I have it working. It's critical to use exactly the right format in jboss.xml. It must be:

            <security-domain>myDomain</security-domain>


            not anything with java:/jaas or anything like that.

            I wrote my own LoginModule from scratch and it works fine. Is there any reason why I shouldn't use my own LoginModule instead of subclassing some from JBoss? I figured out how to set up the Roles group and the CallerPrincipal group and all the values seem to get passed around correctly.