5 Replies Latest reply on May 25, 2009 11:06 AM by Victor Denisov

    Problem with Dynamic Login Config on JBoss 5.0.1

    Vijay Phagura Newbie

      I have dynamicloginconfig-service.xml deployed in the server/default/deploy and looks like this:

      <server>
       <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
       <attribute name="AuthConfig">
       dynamic-login-config.xml
       </attribute>
       <depends optional-attribute-name="LoginConfigService">
       jboss.security:service=XMLLoginConfig
       </depends>
       <depends optional-attribute-name="SecurityManagerService">
       jboss.security:service=JaasSecurityManager
       </depends>
       </mbean>
      </server>


      And then I have the dynamic-login-config.xml pointed to by the 'AuthConfig' attribute above, and it looks like this:

      <?xml version='1.0'?>
      
      <policy>
       <!-- Used by clients within the application server VM such as
       mbeans and servlets that access EJBs.
       -->
       <application-policy name = "reservator-security-domain">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag = "required">
       <module-option name="dsJndiName">
       java:/ReservatorDS
       </module-option>
       <module-option name="principalsQuery">
       SELECT PASSWD FROM USERS WHERE USERID=?
       </module-option>
       <module-option name="rolesQuery">
       SELECT ROLEID, 'rolesGroup' FROM ROLES WHERE USERID=?
       </module-option>
       </login-module>
       </authentication>
      </application-policy>
      
      </policy>


      The dynamic-login-config.xml file is located in my EAR under its meta-inf.

      During deploy of JBoss AS 5.0.1 I get this error:

      org.jboss.deployment.DeploymentException: Failed to find authConf as resource: dynamic-login-config.xml

      I even tried putting specifing meta-inf dir in the AuthConfig as META-INF/dynamic-login-config.xml

      Please help, am I missing something??



        • 1. Re: Problem with Dynamic Login Config on JBoss 5.0.1
          jaikiran pai Master

           

          I have dynamicloginconfig-service.xml deployed in the server/default/deploy


          Place the dynamicloginconfig-service.xml in the META-INF of the EAR.

          • 2. Re: Problem with Dynamic Login Config on JBoss 5.0.1
            Vijay Phagura Newbie

            Thx JaiKiran. That worked.

            Just to make this useful for other people looking for solution to this, here is what I did:

            - Put the dynamicloginconfig-service.xml in my ear META-INF, as suggested
            - and my dynamic-login-config.xml file is also in ear META-INF

            The dynamicloginconfig-service.xml file looks like this now:

            <server>
             <mbean code="org.jboss.security.auth.login.DynamicLoginConfig" name="jboss:service=DynamicLoginConfig">
             <attribute name="AuthConfig">
             META-INF/dynamic-login-config.xml
             </attribute>
             <depends optional-attribute-name="LoginConfigService">
             jboss.security:service=XMLLoginConfig
             </depends>
             <depends optional-attribute-name="SecurityManagerService">
             jboss.security:service=JaasSecurityManager
             </depends>
             </mbean>
            </server>


            • 4. Re: Problem with Dynamic Login Config on JBoss 5.0.1
              Victor Denisov Newbie

              I'm trying the new simpler approach and can't seem to get my application to work (old DynamicLoginConfig way worked fine).

              Here's what I'm doing:

              WEB-INF/jboss-web.xml (in the web module)

              <?xml version="1.0" encoding="UTF-8"?>
              <!DOCTYPE jboss-web PUBLIC "-//JBoss//DTD Web Application 4.2//EN"
               "http://www.jboss.org/j2ee/dtd/jboss-web_5_0.dtd">
              <jboss-web>
               <security-domain>java:/jaas/gameportal</security-domain>
              </jboss-web>
              


              META-INF/gameportal-jboss-beans.xml (in ear)
              <?xml version="1.0" encoding="UTF-8"?>
              
              <deployment xmlns="urn:jboss:bean-deployer:2.0">
              
               <application-policy xmlns="urn:jboss:security-beans:1.0" name="gameportal">
               <authentication>
               <login-module code="ru.gameportal.login.GameportalLoginModule"
               flag="required">
               </login-module>
               </authentication>
               </application-policy>
              
              </deployment>
              


              Unfortunately, JBoss doesn't call my custom login module (I'm using WebAuthentication for programmatic login, if it matters). Some info, hopefully relevant, from the log file:

              17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating metadata for application-policy gameportal
              17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Generating authentication metadata for policy gameportal
              17:37:50,437 TRACE [ApplicationPolicyMetaDataFactory] Injecting security management JNDIBasedSecurityManagement into application-policy metadata
              17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal created org.jboss.security.config.ApplicationPolicy@1c2f724
              17:37:50,468 TRACE [ApplicationPolicyBean] ApplicationPolicy gameportal registered
              ...
              17:38:06,703 TRACE [JaccContextValve] MetaData:org.jboss.metadata.web.jboss.JBossWebMetaData@1f:principalToRoleSetMapnull
              17:38:06,703 TRACE [SecurityAssociationValve] Begin invoke, caller=null
              ...
              17:38:06,718 TRACE [JBossWebRealm] Begin authenticate, username=vdenisov@redline.ru
              17:38:06,718 DEBUG [JNDIBasedSecurityManagement] Creating SDC for domain=gameportal
              17:38:06,718 TRACE [JaasSecurityManager] Constructing
              17:38:06,718 DEBUG [gameportal] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@f92417
              17:38:06,718 DEBUG [gameportal] CachePolicy set to: org.jboss.util.TimedCachePolicy@b0a21a
              17:38:06,718 DEBUG [JNDIBasedSecurityManagement] setCachePolicy, c=org.jboss.util.TimedCachePolicy@b0a21a
              17:38:06,718 TRACE [gameportal] Begin isValid, principal:vdenisov@redline.ru, cache info: null
              17:38:06,718 TRACE [gameportal] defaultLogin, principal=vdenisov@redline.ru
              17:38:06,718 TRACE [XMLLoginConfigImpl] Begin getAppConfigurationEntry(gameportal), size=11
              17:38:06,718 TRACE [XMLLoginConfigImpl] End getAppConfigurationEntry(gameportal), authInfo=AppConfigurationEntry[]:
              [0]
              LoginModule Class: org.jboss.security.auth.spi.UsersRolesLoginModule
              ControlFlag: LoginModuleControlFlag: required
              Options:
              name=usersProperties, value=u.properties
              name=unauthenticatedIdentity, value=anonymous
              name=rolesProperties, value=r.properties
              


              It then proceeds to authenticate using UsersRolesLoginModule (and, of course, failes to open appropriate files).

              Any advice?

              • 5. Re: Problem with Dynamic Login Config on JBoss 5.0.1
                Victor Denisov Newbie

                Weird, after restarting JBoss my custom login module was invoked correctly...