3 Replies Latest reply on Mar 3, 2009 10:44 AM by Sheeraz Junejo

    How to configure "Negotiate Kerberos"?

    draggy draggy Newbie

      Hello JBoss experts and professionals,

      Currently, I’m using JBoss Portal 2.6.4 bundle with Application server 4.2.2 and referring to http://wiki.jboss.org/wiki/NegotiateKerberos about

      3. Modify the ${jboss.server.dir}/conf/jboss-service.xml (if you installed via the JBoss Installer Jar, then the file you need to edit is ${jboss.server.dir}/deploy/security-service.xml) in the server you copied the jars to. You need to change the "jboss.security:service=JaasSecurityManager MBean" to use the new callback handler included with the negotiate jar.
      You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
      
       <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
      
      for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
      
      for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
      


      I am not sure how to configure this particular parts:

      You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
      
       <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
      


      And

      for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
      
      for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
      


      However, I have managed to find JAAS in my jboss-service.xml:

      <!-- JAAS security manager and realm mapping -->
       <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
       name="jboss.security:service=JaasSecurityManager">
       <!-- A flag which indicates whether the SecurityAssociation server mode
       is set on service creation. This is true by default since the
       SecurityAssociation should be thread local for multi-threaded server
       operation.
       -->
       <attribute name="ServerMode">true</attribute>
       <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
       <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
       <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
       in seconds.
       If you want to disable caching of security credentials, set this to 0 to
       force authentication to occur every time. This has no affect if the
       AuthenticationCacheJndiName has been changed from the default value.
       -->
       <attribute name="DefaultCacheTimeout">1800</attribute>
       <!-- DefaultCacheResolution: Specifies the default timed cache policy
       resolution in seconds. This controls the interval at which the cache
       current timestamp is updated and should be less than the DefaultCacheTimeout
       in order for the timeout to be meaningful. This has no affect if the
       AuthenticationCacheJndiName has been changed from the default value.
       -->
       <attribute name="DefaultCacheResolution">60</attribute>
       <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
       security managers to be deep copies that makes copies of the subject
       principals and credentials if they are cloneable. It should be set to
       true if subject include mutable content that can be corrupted when
       multiple threads have the same identity and cache flushes/logout clearing
       the subject in one thread results in subject references affecting other
       threads.
       -->
       <attribute name="DeepCopySubjectMode">false</attribute>
       </mbean>
      


      May I know how to configure it?

      Thank you


        • 1. Re: How to configure
          draggy draggy Newbie

           

          "draggy" wrote:
          Hello JBoss experts and professionals,

          Currently, I’m using JBoss Portal 2.6.4 bundle with Application server 4.2.2 and referring to http://wiki.jboss.org/wiki/NegotiateKerberos about

          3. Modify the ${jboss.server.dir}/conf/jboss-service.xml (if you installed via the JBoss Installer Jar, then the file you need to edit is ${jboss.server.dir}/deploy/security-service.xml) in the server you copied the jars to. You need to change the "jboss.security:service=JaasSecurityManager MBean" to use the new callback handler included with the negotiate jar.
          You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
          
           <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
          
          for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
          
          for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
          


          I am not sure how to configure this particular parts:

          You need to find the mbean definition in the file, and add or change the CallbackHandlerClassName? attribute to be the following:
          
           <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
          


          And

          for 4.04 you may need to use ${jboss.server.dir}/deploy/security-service.xml) event it is not installed using the JBoss Installer Jar.
          
          for 4.05 you may need to use ${jboss.server.dir}\deploy\security.sar\META-INF\jboss-service.xml
          


          However, I have managed to find JAAS in my jboss-service.xml:

          <!-- JAAS security manager and realm mapping -->
           <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
           name="jboss.security:service=JaasSecurityManager">
           <!-- A flag which indicates whether the SecurityAssociation server mode
           is set on service creation. This is true by default since the
           SecurityAssociation should be thread local for multi-threaded server
           operation.
           -->
           <attribute name="ServerMode">true</attribute>
           <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
           <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
           <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
           in seconds.
           If you want to disable caching of security credentials, set this to 0 to
           force authentication to occur every time. This has no affect if the
           AuthenticationCacheJndiName has been changed from the default value.
           -->
           <attribute name="DefaultCacheTimeout">1800</attribute>
           <!-- DefaultCacheResolution: Specifies the default timed cache policy
           resolution in seconds. This controls the interval at which the cache
           current timestamp is updated and should be less than the DefaultCacheTimeout
           in order for the timeout to be meaningful. This has no affect if the
           AuthenticationCacheJndiName has been changed from the default value.
           -->
           <attribute name="DefaultCacheResolution">60</attribute>
           <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
           security managers to be deep copies that makes copies of the subject
           principals and credentials if they are cloneable. It should be set to
           true if subject include mutable content that can be corrupted when
           multiple threads have the same identity and cache flushes/logout clearing
           the subject in one thread results in subject references affecting other
           threads.
           -->
           <attribute name="DeepCopySubjectMode">false</attribute>
           </mbean>
          


          May I know how to configure it?

          Thank you


          is it just add the
          <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
          


          just like this:
          <!-- JAAS security manager and realm mapping -->
           <mbean code="org.jboss.security.plugins.JaasSecurityManagerService"
           name="jboss.security:service=JaasSecurityManager">
           <!-- A flag which indicates whether the SecurityAssociation server mode
           is set on service creation. This is true by default since the
           SecurityAssociation should be thread local for multi-threaded server
           operation.
           -->
           <attribute name="ServerMode">true</attribute>
           <attribute name="CallbackHandlerClassName">org.jboss.web.tomcat.security.AdvancedWebCallbackHandler</attribute>
           <attribute name="SecurityManagerClassName">org.jboss.security.plugins.JaasSecurityManager</attribute>
           <attribute name="DefaultUnauthenticatedPrincipal">anonymous</attribute>
           <!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
           in seconds.
           If you want to disable caching of security credentials, set this to 0 to
           force authentication to occur every time. This has no affect if the
           AuthenticationCacheJndiName has been changed from the default value.
           -->
           <attribute name="DefaultCacheTimeout">1800</attribute>
           <!-- DefaultCacheResolution: Specifies the default timed cache policy
           resolution in seconds. This controls the interval at which the cache
           current timestamp is updated and should be less than the DefaultCacheTimeout
           in order for the timeout to be meaningful. This has no affect if the
           AuthenticationCacheJndiName has been changed from the default value.
           -->
           <attribute name="DefaultCacheResolution">60</attribute>
           <!-- DeepCopySubjectMode: This set the copy mode of subjects done by the
           security managers to be deep copies that makes copies of the subject
           principals and credentials if they are cloneable. It should be set to
           true if subject include mutable content that can be corrupted when
           multiple threads have the same identity and cache flushes/logout clearing
           the subject in one thread results in subject references affecting other
           threads.
           -->
           <attribute name="DeepCopySubjectMode">false</attribute>
           </mbean>
          


          is it correct?

          Thank you

          • 2. Re: How to configure
            draggy draggy Newbie

            hello people,

            Now I'm getting some error:

            2008-04-17 18:02:47,113 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Starting jboss.security:service=XMLLoginConfig
            2008-04-17 18:02:47,113 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Try loading config as XML, url=file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
            2008-04-17 18:02:47,254 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Failed to load config as XML
            org.jboss.xb.binding.JBossXBException: Failed to parse source: The element type "authentication" must be terminated by the matching end-tag "</authentication>". @ *unknown*[166,4]
             at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:193)
             at org.jboss.xb.binding.UnmarshallerImpl.unmarshal(UnmarshallerImpl.java:158)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadXMLConfig(XMLLoginConfigImpl.java:324)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:288)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:268)
             at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:176)
             at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
             at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
             at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
             at $Proxy0.start(Unknown Source)
             at org.jboss.system.ServiceController.start(ServiceController.java:417)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy4.start(Unknown Source)
             at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
             at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
             at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy5.deploy(Unknown Source)
             at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
             at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
             at org.jboss.Main.boot(Main.java:200)
             at org.jboss.Main$1.run(Main.java:508)
             at java.lang.Thread.run(Thread.java:619)
            Caused by: org.xml.sax.SAXException: The element type "authentication" must be terminated by the matching end-tag "</authentication>". @ *unknown*[166,4]
             at org.jboss.xb.binding.parser.sax.SaxJBossXBParser$MetaDataErrorHandler.fatalError(SaxJBossXBParser.java:355)
             at org.apache.xerces.util.ErrorHandlerWrapper.fatalError(Unknown Source)
             at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
             at org.apache.xerces.impl.XMLErrorReporter.reportError(Unknown Source)
             at org.apache.xerces.impl.XMLScanner.reportFatalError(Unknown Source)
             at org.apache.xerces.impl.XMLNSDocumentScannerImpl.scanEndElement(Unknown Source)
             at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
             at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
             at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
             at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
             at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
             at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
             at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
             at org.jboss.xb.binding.parser.sax.SaxJBossXBParser.parse(SaxJBossXBParser.java:189)
             ... 53 more
            2008-04-17 18:02:47,254 DEBUG [org.jboss.security.auth.login.XMLLoginConfigImpl] Try loading config as Sun format, url=file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
            2008-04-17 18:02:47,269 WARN [org.jboss.security.auth.login.XMLLoginConfigImpl] End loadConfig, failed to load config: file:/C:/jboss-portal-2.6.4/server/default/conf/login-config.xml
            org.jboss.security.auth.login.ParseException: Encountered "<?xml" at line 1, column 1.
            Was expecting one of:
             <EOF>
             <IDENTIFIER> ...
            
             at org.jboss.security.auth.login.SunConfigParser.generateParseException(SunConfigParser.java:395)
             at org.jboss.security.auth.login.SunConfigParser.jj_consume_token(SunConfigParser.java:333)
             at org.jboss.security.auth.login.SunConfigParser.config(SunConfigParser.java:98)
             at org.jboss.security.auth.login.SunConfigParser.parse(SunConfigParser.java:57)
             at org.jboss.security.auth.login.SunConfigParser.doParse(SunConfigParser.java:79)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadSunConfig(XMLLoginConfigImpl.java:310)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:294)
             at org.jboss.security.auth.login.XMLLoginConfigImpl.loadConfig(XMLLoginConfigImpl.java:268)
             at org.jboss.security.auth.login.XMLLoginConfig.startService(XMLLoginConfig.java:176)
             at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
             at org.jboss.system.ServiceMBeanSupport.jbossInternalLifecycle(ServiceMBeanSupport.java:245)
             at sun.reflect.GeneratedMethodAccessor3.invoke(Unknown Source)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.system.ServiceController$ServiceProxy.invoke(ServiceController.java:978)
             at $Proxy0.start(Unknown Source)
             at org.jboss.system.ServiceController.start(ServiceController.java:417)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:86)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy4.start(Unknown Source)
             at org.jboss.deployment.SARDeployer.start(SARDeployer.java:302)
             at org.jboss.deployment.MainDeployer.start(MainDeployer.java:1025)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:819)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:782)
             at org.jboss.deployment.MainDeployer.deploy(MainDeployer.java:766)
             at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
             at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
             at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
             at java.lang.reflect.Method.invoke(Method.java:597)
             at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:155)
             at org.jboss.mx.server.Invocation.dispatch(Invocation.java:94)
             at org.jboss.mx.interceptor.AbstractInterceptor.invoke(AbstractInterceptor.java:133)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
             at org.jboss.mx.interceptor.ModelMBeanOperationInterceptor.invoke(ModelMBeanOperationInterceptor.java:142)
             at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
             at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
             at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:659)
             at org.jboss.mx.util.MBeanProxyExt.invoke(MBeanProxyExt.java:210)
             at $Proxy5.deploy(Unknown Source)
             at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:482)
             at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
             at org.jboss.Main.boot(Main.java:200)
             at org.jboss.Main$1.run(Main.java:508)
             at java.lang.Thread.run(Thread.java:619)
            2008-04-17 18:02:47,488 DEBUG [org.jboss.security.auth.login.XMLLoginConfig] Started jboss.security:service=XMLLoginConfig
            2008-04-17 18:02:47,488 DEBUG [org.jboss.system.ServiceController] Starting dependent components for: jboss.security:service=XMLLoginConfig dependent components: []
            2008-04-17 18:02:47,488 DEBUG [org.jboss.system.ServiceController] starting service jboss.security:service=JaasSecurityManager
            2008-04-17 18:02:47,488 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Starting jboss.security:service=JaasSecurityManage
            


            and here is my login-config.xml:

            <?xml version='1.0'?>
            <!DOCTYPE policy PUBLIC
             "-//JBoss//DTD JBOSS Security Config 3.0//EN"
             "http://www.jboss.org/j2ee/dtd/security_config.dtd">
            
            <!-- The XML based JAAS login configuration read by the
            org.jboss.security.auth.login.XMLLoginConfig mbean. Add
            an application-policy element for each security domain.
            
            The outline of the application-policy is:
            <application-policy name="security-domain-name">
             <authentication>
             <login-module code="login.module1.class.name" flag="control_flag">
             <module-option name = "option1-name">option1-value</module-option>
             <module-option name = "option2-name">option2-value</module-option>
             ...
             </login-module>
            
             <login-module code="login.module2.class.name" flag="control_flag">
             ...
             </login-module>
             ...
             </authentication>
            </application-policy>
            
            $Revision: 64598 $
            -->
            
            <policy>
             <!-- Used by clients within the application server VM such as
             mbeans and servlets that access EJBs.
             -->
             <application-policy name = "client-login">
             <authentication>
             <login-module code = "org.jboss.security.ClientLoginModule"
             flag = "required">
             <!-- Any existing security context will be restored on logout -->
             <module-option name="restore-login-identity">true</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- Security domain for JBossMQ -->
             <application-policy name = "jbossmq">
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "dsJndiName">java:/DefaultDS</module-option>
             <module-option name = "principalsQuery">SELECT PASSWD FROM JMS_USERS WHERE USERID=?</module-option>
             <module-option name = "rolesQuery">SELECT ROLEID, 'Roles' FROM JMS_ROLES WHERE USERID=?</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- Security domain for JBossMQ when using file-state-service.xml
             <application-policy name = "jbossmq">
             <authentication>
             <login-module code = "org.jboss.mq.sm.file.DynamicLoginModule"
             flag = "required">
             <module-option name = "unauthenticatedIdentity">guest</module-option>
             <module-option name = "sm.objectname">jboss.mq:service=StateManager</module-option>
             </login-module>
             </authentication>
             </application-policy>
             -->
            
             <!-- Security domains for testing new jca framework -->
             <application-policy name = "HsqlDbRealm">
             <authentication>
             <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">sa</module-option>
             <module-option name = "userName">sa</module-option>
             <module-option name = "password"></module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=DefaultDS</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <application-policy name = "JmsXARealm">
             <authentication>
             <login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule"
             flag = "required">
             <module-option name = "principal">guest</module-option>
             <module-option name = "userName">guest</module-option>
             <module-option name = "password">guest</module-option>
             <module-option name = "managedConnectionFactoryName">jboss.jca:service=TxCM,name=JmsXA</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- A template configuration for the jmx-console web application. This
             defaults to the UsersRolesLoginModule the same as other and should be
             changed to a stronger authentication mechanism as required.
             -->
             <application-policy name = "jmx-console">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name="usersProperties">props/jmx-console-users.properties</module-option>
             <module-option name="rolesProperties">props/jmx-console-roles.properties</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- A template configuration for the web-console web application. This
             defaults to the UsersRolesLoginModule the same as other and should be
             changed to a stronger authentication mechanism as required.
             -->
             <application-policy name = "web-console">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required">
             <module-option name="usersProperties">web-console-users.properties</module-option>
             <module-option name="rolesProperties">web-console-roles.properties</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!--
             A template configuration for the JBossWS security domain.
             This defaults to the UsersRolesLoginModule the same as other and should be
             changed to a stronger authentication mechanism as required.
             -->
             <application-policy name="JBossWS">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag="required">
             <module-option name="usersProperties">props/jbossws-users.properties</module-option>
             <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
             <module-option name="unauthenticatedIdentity">anonymous</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
             <!-- The default login configuration used by any security domain that
             does not have a application-policy entry with a matching name
             -->
             <application-policy name = "other">
             <!-- A simple server login module, which can be used when the number
             of users is relatively small. It uses two properties files:
             users.properties, which holds users (key) and their password (value).
             roles.properties, which holds users (key) and a comma-separated list of
             their roles (value).
             The unauthenticatedIdentity property defines the name of the principal
             that will be used when a null username and password are presented as is
             the case for an unuathenticated web client or MDB. If you want to
             allow such users to be authenticated add the property, e.g.,
             unauthenticatedIdentity="nobody"
             -->
             <authentication>
             <login-module code = "org.jboss.security.auth.spi.UsersRolesLoginModule"
             flag = "required" />
             </authentication>
             </application-policy>
            
             <!-- SPNEGO -->
             <application-policy name = "SPNEGO">
             <authentication>
             <login-module code = "org.jboss.security.auth.NegotiateLoginModule"
             flag = "required" />
             <module-option name="loadBalancer">false</module-option>
             <module-option name="domainController">192.168.0.1</module-option>
             <module-option name="defaultDomain">test.com</module-option>
             </login-module>
             </authentication>
             </application-policy>
            
            </policy>
            


            May I know what went wrong?

            Thank you

            • 3. Re: How to configure
              Sheeraz Junejo Newbie

              Same problem with me...:(