0 Replies Latest reply on Sep 25, 2006 12:36 PM by Jon French

    Context.xml Realm element ignored (JBoss 4.0.3SP1)

    Jon French Newbie

      I am trying to deploy a custom Realm for a specific web application in JBoss AS 4.0.3SP1. My strategy is to place a context.xml file in the WEB-INF directory of my war file. The contents of the context.xml look like this:

      <Context>
       <Realm ... realm configuration here
       />
      
      </Context>
      


      However, JBoss does not recognize the Realm definition and instead uses the Realm of the Tomcat Host in which this web application resides. However, configuring a RemoteAccessFilter in the context.xml file like this:

      <Context>
       <Valve className="org.apache.catalina.valves.RemoteAddrValve" deny="127.0.0.1" />
       </Context>
      


      definitely works (meaning that the valve is correctly deployed).

      So the case is that JBoss is definitely recognizing the /WEB-INF/context.xml file, but is ignoring my Realm element.

      The JBoss Wiki at http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingContextDotXML says that in regard to configuring web applications in /WEB-INF/jboss-web.xml vs. context.xml, "The general rule is that if you can do it in jboss-web.xml then the context.xml equivalent is ignored."

      So this makes me think that maybe the reason JBoss is ignoring my context.xml Realm element is that it can be configured in /WEB-INF/jboss-web.xml. The only pertinent element in jboss-web.xml is the security-domain element. The docs/dtd/jboss-web.dtd file says of the security-domain element,

      <!-- The security-domain element allows one to specify a module wide
      security manager domain. It specifies the JNDI name of the security
      manager that implements the EJBSecurityManager and RealmMapping for
      the domain.
      -->
      <!ELEMENT security-domain (#PCDATA)>
      


      The "RealmMapping" text makes me suspicious, but the RealmMapping Javadoc at http://docs.jboss.org/jbossas/javadoc/4.0.4/security/org/jboss/security/RealmMapping.html
      doesn't seem to contain any helpful information in regard to JBoss's use of a Host Realm before a Context Realm.

      So my question is can anyone verify that JBoss won't allow a webapplication to specify a Realm in Context.xml? Is there a good reason? Is there a way to override the Realm via the "security-domain" element in jboss-web.xml?

      Other information:

      The release notes of 4.0.4GA didn't mention any context.xml fixes: http://jira.jboss.com/jira/secure/ReleaseNote.jspa?version=12310691&styleName=Html&projectId=10030
      so I'm guessing nothing has changed in regard to my problem in 4.0.4GA.

      This JIRA issue http://jira.jboss.com/jira/browse/JBWEB-65 almost seems to apply, but its for the wrong version of JBoss and seems to be about the entire context.xml file being ignored, not just the Realm element.