1 Reply Latest reply on Feb 6, 2008 1:35 AM by Brian DeHaven

    Context Realm - server.xml config lost on EAR deployment

    Brian DeHaven Newbie

      I was working at a client site recently and ran into this issue. They have a custom Realm and security context listener to allow the deployment of one of their applications on to a JBoss server. Originally they defined this Realm at the Engine level, replacing the default org.jboss.web.tomcat.security.JBossSecurityMgrRealm.

      Since defining this custom Realm at the Engine level prevented other applications from being deployed on the same server, I moved the Realm definition to the Context level within server.xml. What ended up happening was that the listener would recognize the custom Realm for that Context when the server started up. However, once the application was deployed, the custom Realm's association with that Context was lost and the default security realm took over once again.. preventing the application from working. I could not find any good examples of creating a Context and a Realm at the context level. I suspect some further configuration is needed within the EAR/WAR in order to maintain the correct Realm association.

      --------------------------
      server.xml
      --------------------------

      <Server>
       <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      /docs/jasper-howto.html -->
       <Listener className="org.apache.catalina.core.JasperListener" />
      
       <Service name="jboss.web">
      
       <Connector port="8080" address="${jboss.bind.address}"
       maxThreads="250" maxHttpHeaderSize="8192"
       emptySessionPath="true" protocol="HTTP/1.1"
       enableLookups="false" redirectPort="8443" acceptCount="100"
       connectionTimeout="20000" disableUploadTimeout="true" />
      
       <!-- Define an AJP 1.3 Connector on port 8009 -->
       <Connector port="8009" address="${jboss.bind.address}" protocol="AJP/1.3"
       emptySessionPath="true" enableLookups="false" redirectPort="8443" />
      
       <Engine name="jboss.web" defaultHost="localhost">
      
       <Realm className="org.jboss.web.tomcat.security.JBossSecurityMgrRealm"
       certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
       allRolesMode="authOnly"
       />
      
       <Host name="localhost"
       autoDeploy="false" deployOnStartup="false" deployXML="false"
       configClass="org.jboss.web.tomcat.security.config.JBossContextConfig"
       >
      
       <Valve className="org.jboss.web.tomcat.service.jca.CachedConnectionValve"
       cachedConnectionManagerObjectName="jboss.jca:service=CachedConnectionManager"
       transactionManagerObjectName="jboss:service=TransactionManager" />
      
       <Context path="/SampleJpaWeb" docBase="work" reloadable="false">
       <Realm className="com.rpmsfa.auth.catalina.SfaSecurityMgrRealm"
       certificatePrincipal="org.jboss.security.auth.certs.SubjectDNMapping"
       allRolesMode="authOnly"
       />
       </Context>
       </Host>
       </Engine>
       </Service>
      </Server>
      


      --------------------------
      web.xml snippet
      --------------------------
      <web-app id="WebApp_ID" version="2.4"
       xmlns="http://java.sun.com/xml/ns/j2ee"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
       http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
       <display-name>SampleJpaWeb</display-name>
       <distributable />
       <listener>
      <listener-class>com.rpmsfa.auth.catalina.SfaSecurityContextListener</listener-class>
       </listener>
      


      --------------------------
      listener code snippet:
      --------------------------
      private void printRealms()
      {
       Server server = ServerFactory.getServer();
       Service service = server.findService("jboss.web");
      
       Engine engine = (Engine) service.getContainer();
       Host host = (Host) engine.findChild(engine.getDefaultHost());
      
       try
       {
       Container[] cArr = host.findChildren();
       for (int i = 0; i < cArr.length; i++)
       {
       System.out.println("===== c[" + i + "] container name: " + cArr.getName());
       System.out.println("===== c[" + i + "] realm name: " + cArr.getRealm().getClass().getName());
       }
       }
       catch (Exception e)
       {
       }
      }
      



      ------------------------------------------------------
      listener code snippet output on server startup
      (application is not deployed)
      ------------------------------------------------------
      [STDOUT] ===== c[3] container name: /SampleJpaWeb
      [STDOUT] ===== c[3] realm name: com.rpmsfa.auth.catalina.SfaSecurityMgrRealm
      


      -------------------------------------------------------
      listener code snippet output on hot deployment
      -------------------------------------------------------
      [STDOUT] ===== c[2] container name: /SampleJpaWeb
      [STDOUT] ===== c[2] realm name: org.jboss.web.tomcat.security.JBossSecurityMgrRealm
      


      So the association of the WAR's context to the custom Realm is lost on hot deployment. Any information on what I have missed would be appreciated. If there's any other information I should provide, let me know. Thanks.