1 Reply Latest reply on Feb 22, 2003 4:18 PM by David Jencks

    ra.xml <authentication-mechanism> and PasswordCredential

    Don Lind Newbie

      Two questions.

      First, I *think* JBoss documentation may be wrong with respect to the path to the PasswordCredential class. In the example ra.xml file shown in the documentation, shouldn't the documentation say:

      The example seems to be missing the ".spi." part of the the path:


      The only PasswordCredential class I have seen is javax.resource.spi.security.PasswordCredential. The JBoss docs (as well as docs for other major app servers by IBM and BEA) all seem to quote the same (wrong?) path to the PasswordCredential class in their "for example, this is the ra.xml syntax for setting the <credential-interface> looks like" stuff.

      Second question: what is specifying the <credential-interface> supposed to do? Does it direct the app server (JBoss) to do something? Or to expect something? My little test application seems to pretty much work OK with with or without the ".spi." part. None of my configured LoginModules (ClientLoginModule, UserRolesLoginModule, and my own VWLoginModule) seem to be creating a PasswordCredential. The credential I *do* create with my VWLoginModule (our own custom object) works fine. Is there a LoginModule that creates a PasswordCredential as its JAAS credential?

      I'm a little confused as to what that setting is supposed to be used for.



        • 1. Re: ra.xml <authentication-mechanism> and PasswordCredential
          David Jencks Master

          I'm confused too. Maybe it's a hint to the human figuring out how to deploy the adapter about what kind of credentials need to be supplied. In any case, jboss ignores it.

          As a human deployer, you need to know about it if you are setting up a LoginModule to supply credentials to the adapter, so you can choose one that supplies the right kind. All (both) of our jca-specific LoginModules supply PasswordCredential. So far no one seems to have tried an adapter that needs something else such as kerberos.

          It appears that most people are happy with just supplying the default user/pw in the mcf config rather than dealing with setting up a login module.